Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
osr730ky3m.exe

Overview

General Information

Sample name:osr730ky3m.exe
renamed because original name is a hash value
Original sample name:12f94033d272f341426a6e2afa2937218346cd79960592ed2d7d79d22335ffc9.exe
Analysis ID:1466960
MD5:366397087c219fd1ec3465b6075c99cb
SHA1:51b93cc23768f1dc9c0745e7818c4bf0365669cd
SHA256:12f94033d272f341426a6e2afa2937218346cd79960592ed2d7d79d22335ffc9
Tags:exe
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Found iframes
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTML body contains password input but no form action
HTML title does not match URL
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • osr730ky3m.exe (PID: 6528 cmdline: "C:\Users\user\Desktop\osr730ky3m.exe" MD5: 366397087C219FD1EC3465B6075C99CB)
    • chrome.exe (PID: 3128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/account MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 2464 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2460,i,9995763619029275045,8356352571819763688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 5292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4492 --field-trial-handle=2460,i,9995763619029275045,8356352571819763688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 2124 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=2460,i,9995763619029275045,8356352571819763688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 6456 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1976,i,17318209000228502612,2237949357977184644,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2008,i,17384594921740702087,194935732916387498,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: osr730ky3m.exeReversingLabs: Detection: 75%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
Machine Learning detection for sample
Source: osr730ky3m.exeJoe Sandbox ML: detected
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AS5LTARZKDMTmesad8HK-ikBAHhzz8IST8pWeRddWAkQK0XAluidDpzjNO9jfTEdmgvkZpEHl_iu&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S704733099%3A1720014422110673&ddm=0HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1110236877&timestamp=1720014429579
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AS5LTARZKDMTmesad8HK-ikBAHhzz8IST8pWeRddWAkQK0XAluidDpzjNO9jfTEdmgvkZpEHl_iu&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S704733099%3A1720014422110673&ddm=0HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AS5LTARZKDMTmesad8HK-ikBAHhzz8IST8pWeRddWAkQK0XAluidDpzjNO9jfTEdmgvkZpEHl_iu&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S704733099%3A1720014422110673&ddm=0HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1110236877&timestamp=1720014429579
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AS5LTARZKDMTmesad8HK-ikBAHhzz8IST8pWeRddWAkQK0XAluidDpzjNO9jfTEdmgvkZpEHl_iu&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S704733099%3A1720014422110673&ddm=0HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AS5LTAR8rEwgmzn0E0Ws0T6gqeUwTHX4Imt7QbDau7pnMUPXJkWdd9l8p-hbflISp2iYLL9ABE70sw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S218795270%3A1720014422347993&ddm=0HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1756697494&timestamp=1720014433319
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AS5LTAR8rEwgmzn0E0Ws0T6gqeUwTHX4Imt7QbDau7pnMUPXJkWdd9l8p-hbflISp2iYLL9ABE70sw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S218795270%3A1720014422347993&ddm=0HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AS5LTAR8rEwgmzn0E0Ws0T6gqeUwTHX4Imt7QbDau7pnMUPXJkWdd9l8p-hbflISp2iYLL9ABE70sw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S218795270%3A1720014422347993&ddm=0HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1756697494&timestamp=1720014433319
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AS5LTAR8rEwgmzn0E0Ws0T6gqeUwTHX4Imt7QbDau7pnMUPXJkWdd9l8p-hbflISp2iYLL9ABE70sw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S218795270%3A1720014422347993&ddm=0HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AS5LTARZKDMTmesad8HK-ikBAHhzz8IST8pWeRddWAkQK0XAluidDpzjNO9jfTEdmgvkZpEHl_iu&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S704733099%3A1720014422110673&ddm=0HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AS5LTAR8rEwgmzn0E0Ws0T6gqeUwTHX4Imt7QbDau7pnMUPXJkWdd9l8p-hbflISp2iYLL9ABE70sw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S218795270%3A1720014422347993&ddm=0HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AS5LTAR8rEwgmzn0E0Ws0T6gqeUwTHX4Imt7QbDau7pnMUPXJkWdd9l8p-hbflISp2iYLL9ABE70sw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S218795270%3A1720014422347993&ddm=0HTTP Parser: Title: YouTube does not match URL
Source: https://www.facebook.com/videoHTTP Parser: <input type="password" .../> found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AS5LTARZKDMTmesad8HK-ikBAHhzz8IST8pWeRddWAkQK0XAluidDpzjNO9jfTEdmgvkZpEHl_iu&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S704733099%3A1720014422110673&ddm=0HTTP Parser: <input type="password" .../> found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AS5LTAR8rEwgmzn0E0Ws0T6gqeUwTHX4Imt7QbDau7pnMUPXJkWdd9l8p-hbflISp2iYLL9ABE70sw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S218795270%3A1720014422347993&ddm=0HTTP Parser: <input type="password" .../> found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AS5LTARZKDMTmesad8HK-ikBAHhzz8IST8pWeRddWAkQK0XAluidDpzjNO9jfTEdmgvkZpEHl_iu&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S704733099%3A1720014422110673&ddm=0HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AS5LTARZKDMTmesad8HK-ikBAHhzz8IST8pWeRddWAkQK0XAluidDpzjNO9jfTEdmgvkZpEHl_iu&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S704733099%3A1720014422110673&ddm=0HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AS5LTARZKDMTmesad8HK-ikBAHhzz8IST8pWeRddWAkQK0XAluidDpzjNO9jfTEdmgvkZpEHl_iu&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S704733099%3A1720014422110673&ddm=0HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AS5LTAR8rEwgmzn0E0Ws0T6gqeUwTHX4Imt7QbDau7pnMUPXJkWdd9l8p-hbflISp2iYLL9ABE70sw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S218795270%3A1720014422347993&ddm=0HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AS5LTAR8rEwgmzn0E0Ws0T6gqeUwTHX4Imt7QbDau7pnMUPXJkWdd9l8p-hbflISp2iYLL9ABE70sw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S218795270%3A1720014422347993&ddm=0HTTP Parser: No favicon
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AS5LTAR8rEwgmzn0E0Ws0T6gqeUwTHX4Imt7QbDau7pnMUPXJkWdd9l8p-hbflISp2iYLL9ABE70sw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S218795270%3A1720014422347993&ddm=0HTTP Parser: No favicon
Source: https://www.facebook.com/videoHTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AS5LTARZKDMTmesad8HK-ikBAHhzz8IST8pWeRddWAkQK0XAluidDpzjNO9jfTEdmgvkZpEHl_iu&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S704733099%3A1720014422110673&ddm=0HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AS5LTARZKDMTmesad8HK-ikBAHhzz8IST8pWeRddWAkQK0XAluidDpzjNO9jfTEdmgvkZpEHl_iu&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S704733099%3A1720014422110673&ddm=0HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AS5LTARZKDMTmesad8HK-ikBAHhzz8IST8pWeRddWAkQK0XAluidDpzjNO9jfTEdmgvkZpEHl_iu&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S704733099%3A1720014422110673&ddm=0HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AS5LTAR8rEwgmzn0E0Ws0T6gqeUwTHX4Imt7QbDau7pnMUPXJkWdd9l8p-hbflISp2iYLL9ABE70sw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S218795270%3A1720014422347993&ddm=0HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AS5LTAR8rEwgmzn0E0Ws0T6gqeUwTHX4Imt7QbDau7pnMUPXJkWdd9l8p-hbflISp2iYLL9ABE70sw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S218795270%3A1720014422347993&ddm=0HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AS5LTAR8rEwgmzn0E0Ws0T6gqeUwTHX4Imt7QbDau7pnMUPXJkWdd9l8p-hbflISp2iYLL9ABE70sw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S218795270%3A1720014422347993&ddm=0HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/videoHTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AS5LTARZKDMTmesad8HK-ikBAHhzz8IST8pWeRddWAkQK0XAluidDpzjNO9jfTEdmgvkZpEHl_iu&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S704733099%3A1720014422110673&ddm=0HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AS5LTARZKDMTmesad8HK-ikBAHhzz8IST8pWeRddWAkQK0XAluidDpzjNO9jfTEdmgvkZpEHl_iu&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S704733099%3A1720014422110673&ddm=0HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AS5LTARZKDMTmesad8HK-ikBAHhzz8IST8pWeRddWAkQK0XAluidDpzjNO9jfTEdmgvkZpEHl_iu&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S704733099%3A1720014422110673&ddm=0HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AS5LTAR8rEwgmzn0E0Ws0T6gqeUwTHX4Imt7QbDau7pnMUPXJkWdd9l8p-hbflISp2iYLL9ABE70sw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S218795270%3A1720014422347993&ddm=0HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AS5LTAR8rEwgmzn0E0Ws0T6gqeUwTHX4Imt7QbDau7pnMUPXJkWdd9l8p-hbflISp2iYLL9ABE70sw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S218795270%3A1720014422347993&ddm=0HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AS5LTAR8rEwgmzn0E0Ws0T6gqeUwTHX4Imt7QbDau7pnMUPXJkWdd9l8p-hbflISp2iYLL9ABE70sw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S218795270%3A1720014422347993&ddm=0HTTP Parser: No <meta name="copyright".. found
Source: osr730ky3m.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49996 version: TLS 1.0
Source: unknownHTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49935 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:50101 version: TLS 1.2
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0076C2A2 FindFirstFileExW,0_2_0076C2A2
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007A68EE FindFirstFileW,FindClose,0_2_007A68EE
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007A698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_007A698F
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0079D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0079D076
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0079D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0079D3A9
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007A9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_007A9642
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007A979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_007A979D
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007A9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_007A9B2B
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0079DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0079DBBE
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007A5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_007A5C97
Source: global trafficTCP traffic: 192.168.2.5:49766 -> 1.1.1.1:53
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49996 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007ACE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_007ACE44
Source: global trafficHTTP traffic detected: GET /video HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /account HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yu/l/0,cross/WHol-iR7sqMVWgg-YkpZuD.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/y5/r/16tMAVgIV_z.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3iwqK4/yD/l/en_GB/yW5mlSpCn9mRZLWp0bJ4uPcKI4lWgwKKj-ueoATFbIw-uaTxM-JV6thYT7n1sgH1lvsz5KVEO_BkqDYvatkvPhoONu3pkqVqdCD9WJk8ujrnjKWwIwOKBPFJOCwuhXh84BiB8aEbWRwojUJXL0ygo8J-EX1Rdzuzi16yghjE4ZDgkA82rIloB7qqcm2jr73EEuMST7r_l1DuzAtWVRntr0ucTZxwWk6_vabK_-gp55HfXW__mMzi95_wmB-512pEQn4HVER6.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3iwLy4/yE/l/en_GB/ZpztLkU6jDd.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3iPlJ4/yd/l/en_GB/hZ5gcIcWbl3.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3iXK94/yt/l/en_GB/gfOaPYbADeK.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/y0/r/bwjcpfdLfwR.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/y1/r/VVfVcgNse_k7OBycsxKTmL-41uF-jEkcBzg4GbaorIyr8O0FwF42MYvlh6jit1ncqcXDV2hji4yzQ.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3i19e4/y7/l/en_GB/g25nMFNsm6P.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3i0Wo4/y4/l/en_GB/p2aYR2TDczj.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=0&byteend=825 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=826&byteend=881 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=882&byteend=122743 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3iBwS4/yw/l/en_GB/56unmhkIrehtInlbCaeLql9s9enP8ua4RYWxmlUS2FbnWfnZ8Xxo1m0k6TrftXaUSlLhKwLpm5VBVuwwDateX8xhraCBbnW2FYj8xP1iPn3AFm3SuHlNAdJkm.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=824&byteend=915 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3iWd-4/yP/l/en_GB/M-AHdbpN8xr.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=916&byteend=18791 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=0&byteend=817 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=818&byteend=873 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=874&byteend=48453 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=0&byteend=825 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=826&byteend=881 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3i-dF4/yB/l/en_GB/LQS7_eNXB7L.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yU/r/0RsSa8KyPzr.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=824&byteend=903 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=904&byteend=18604 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=0&byteend=825 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=882&byteend=122743 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=826&byteend=905 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=824&byteend=915 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=0&byteend=817 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=818&byteend=873 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=906&byteend=89068 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=824&byteend=951 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=874&byteend=48453 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=952&byteend=18888 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=0&byteend=825 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=916&byteend=18791 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=826&byteend=881 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=824&byteend=903 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=904&byteend=18604 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=0&byteend=825 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=826&byteend=881 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=0&byteend=823 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=0&byteend=825 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=882&byteend=43004 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=882&byteend=122743 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=0&byteend=817 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=826&byteend=905 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=824&byteend=915 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=916&byteend=18724 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=824&byteend=915 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=0&byteend=825 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=826&byteend=893 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=818&byteend=873 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=824&byteend=951 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=906&byteend=89068 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=0&byteend=825 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=894&byteend=366721 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=874&byteend=48453 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=0&byteend=823 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=916&byteend=18791 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=826&byteend=881 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=904&byteend=18604 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=952&byteend=18888 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=824&byteend=939 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=940&byteend=18688 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=824&byteend=903 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=3&__rev=1014647652&__s=hnigsi%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=0&byteend=825 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=0&byteend=825 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=826&byteend=905 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=906&byteend=589905 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=882&byteend=43004 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=824&byteend=915 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=826&byteend=905 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=0&byteend=823 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=916&byteend=18724 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1110236877&timestamp=1720014429579 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=824&byteend=951 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=826&byteend=893 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=906&byteend=89068 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=824&byteend=963 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/449787338_1668205580611896_7394166591359421737_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=BUim_norTLQQ7kNvgEK7JpK&_nc_ht=scontent-hou1-1.xx&oh=00_AYDjf2G2a0j2jV1UdQewqITyeaa1J826aL0FRlEI43_NPw&oe=668B281B HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/438220461_424871197194934_3396704185190857494_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=rYamK1Zi3UYQ7kNvgF_kTN7&_nc_ht=scontent-hou1-1.xx&oh=00_AYBC-JiaCx3bZCMFQ1PaIuHFgTdKR9QvXqhvkBZ_t8j1EA&oe=668B1B74 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/446046520_970955458109515_333034421707538801_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=RS0G25oWr9QQ7kNvgGxHCeo&_nc_ht=scontent-hou1-1.xx&oh=00_AYC-vaZU89WpZdj_BjufXnH3BeZBz93wiAZj1m38xs565g&oe=668B136D HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=0&byteend=825 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=0&byteend=825 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=8&__rev=1014647652&__s=hnigsi%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZe.AWWM1Pe9py0
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=952&byteend=18888 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/449712644_816422753527500_4620893420354803502_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=w3LX7afKrBsQ7kNvgEQ5S8s&_nc_ht=scontent-hou1-1.xx&oh=00_AYDgVlUrnI3YVIhnU4Rtviyi17Z7BWHmT7t4HLp7HtBchg&oe=668B44F5 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=964&byteend=18849 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=0&byteend=825 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=826&byteend=881 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=0&byteend=823 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=826&byteend=917 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=824&byteend=939 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=918&byteend=120110 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=894&byteend=366721 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/442015974_912843267314068_1743771999496193037_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=zkb3Mq01jDsQ7kNvgHbfuPm&_nc_ht=scontent-hou1-1.xx&oh=00_AYDi1cWU_CyeTN-LK4i01f38fd_u6Dcvx_s3QT3qCalc1g&oe=668B155D HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=824&byteend=915 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=940&byteend=18688 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/441199429_890954462796791_2599688641654411968_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=Ci_SargI4XEQ7kNvgG7ebvt&_nc_ht=scontent-hou1-1.xx&oh=00_AYCzsrsVdh2wmh8OT3jXnKLtKOFIQPVdK7rNhsBe6xLOqw&oe=668B12FF HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=916&byteend=18724 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=826&byteend=893 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=0&byteend=825 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=882&byteend=43004 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/438220461_424871197194934_3396704185190857494_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=rYamK1Zi3UYQ7kNvgF_kTN7&_nc_ht=scontent-hou1-1.xx&oh=00_AYBC-JiaCx3bZCMFQ1PaIuHFgTdKR9QvXqhvkBZ_t8j1EA&oe=668B1B74 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/449787338_1668205580611896_7394166591359421737_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=BUim_norTLQQ7kNvgEK7JpK&_nc_ht=scontent-hou1-1.xx&oh=00_AYDjf2G2a0j2jV1UdQewqITyeaa1J826aL0FRlEI43_NPw&oe=668B281B HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/449786290_1602805117231876_4060912889184558328_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=34Ah_F40SnsQ7kNvgH6BA0K&_nc_ht=scontent-hou1-1.xx&oh=00_AYBllGOcxhYMF3vf4H94uWio-xw5ujSDUZXsOOWKeJbvww&oe=668B3972 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/441895106_1198366088013188_6995649902217432552_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=4WgkZe3RElIQ7kNvgG2v3tP&_nc_ht=scontent-hou1-1.xx&oh=00_AYDb-M11Z0SNpwvXrjD3QZn7r2IuxM_jwUBShiw8VZhMjQ&oe=668B2C36 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=824&byteend=1011 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=1012&byteend=18621 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=0&byteend=825 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=826&byteend=905 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/442058648_1390260634990350_3671320554231620569_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=YHyfjqs1T0kQ7kNvgGvisSS&_nc_ht=scontent-hou1-1.xx&oh=00_AYBYI33eJMZCXkexmSD0KK_SoAPEM1EGdCY5gNvWJYScLA&oe=668B1CF7 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=0&byteend=823 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/446046520_970955458109515_333034421707538801_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=RS0G25oWr9QQ7kNvgGxHCeo&_nc_ht=scontent-hou1-1.xx&oh=00_AYC-vaZU89WpZdj_BjufXnH3BeZBz93wiAZj1m38xs565g&oe=668B136D HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=824&byteend=963 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=826&byteend=917 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449694296_1560210191559240_4020235943818543510_n.mp4?_nc_cat=108&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=G_r6oeHwmwAQ7kNvgG6sqtC&_nc_ht=video-hou1-1.xx&oh=00_AYDS2eQw4y1eaYumABsQPAZWQpmI7avDCc5ri5ShKEtmDA&oe=668B3299&bytestart=0&byteend=825 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=964&byteend=18849 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449694296_1560210191559240_4020235943818543510_n.mp4?_nc_cat=108&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=G_r6oeHwmwAQ7kNvgG6sqtC&_nc_ht=video-hou1-1.xx&oh=00_AYDS2eQw4y1eaYumABsQPAZWQpmI7avDCc5ri5ShKEtmDA&oe=668B3299&bytestart=826&byteend=1013 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=0&byteend=825 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=824&byteend=939 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=918&byteend=120110 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449694296_1560210191559240_4020235943818543510_n.mp4?_nc_cat=108&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=G_r6oeHwmwAQ7kNvgG6sqtC&_nc_ht=video-hou1-1.xx&oh=00_AYDS2eQw4y1eaYumABsQPAZWQpmI7avDCc5ri5ShKEtmDA&oe=668B3299&bytestart=1014&byteend=45134 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/448827281_1000449061755355_8485620690939993684_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=tmxMzlxytgsQ7kNvgGNvup2&_nc_ht=video-hou1-1.xx&oh=00_AYC3vkKp0JXb8qLN0MZER1vtR4PHP7zT3IQbzeobYJCQ2Q&oe=668B2530&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=906&byteend=589905 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=894&byteend=366721 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=940&byteend=18688 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/448827281_1000449061755355_8485620690939993684_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=tmxMzlxytgsQ7kNvgGNvup2&_nc_ht=video-hou1-1.xx&oh=00_AYC3vkKp0JXb8qLN0MZER1vtR4PHP7zT3IQbzeobYJCQ2Q&oe=668B2530&bytestart=824&byteend=1227 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/442087186_999319485526623_3702523058544328049_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=ysDgVWmhzsgQ7kNvgFJCUSV&_nc_ht=scontent-hou1-1.xx&oh=00_AYD6KPcaHZ_5J2vWme9cMQRf1tgAcyjbvd2Uq3kX6dUMTQ&oe=668B1809 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=0&byteend=825 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/449712644_816422753527500_4620893420354803502_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=w3LX7afKrBsQ7kNvgEQ5S8s&_nc_ht=scontent-hou1-1.xx&oh=00_AYDgVlUrnI3YVIhnU4Rtviyi17Z7BWHmT7t4HLp7HtBchg&oe=668B44F5 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/448827281_1000449061755355_8485620690939993684_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=tmxMzlxytgsQ7kNvgGNvup2&_nc_ht=video-hou1-1.xx&oh=00_AYC3vkKp0JXb8qLN0MZER1vtR4PHP7zT3IQbzeobYJCQ2Q&oe=668B2530&bytestart=1228&byteend=14626 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=0&byteend=825 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=826&byteend=893 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=0&byteend=823 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=894&byteend=83807 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=826&byteend=905 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449705054_491731483514107_4213972426740765497_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=sfLLDPkRnaYQ7kNvgEmsM24&_nc_ht=video-hou1-1.xx&oh=00_AYDKK53K9bXolIEERe7J3ZqtehB6VIGEfx1JVnAXC5q7jw&oe=668B388A&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=826&byteend=917 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yb/r/7NqDjYL3eb9.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yo/r/R39EhsDDUBY.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449705054_491731483514107_4213972426740765497_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=sfLLDPkRnaYQ7kNvgEmsM24&_nc_ht=video-hou1-1.xx&oh=00_AYDKK53K9bXolIEERe7J3ZqtehB6VIGEfx1JVnAXC5q7jw&oe=668B388A&bytestart=824&byteend=927 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=964&byteend=18849 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=824&byteend=1011 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/441199429_890954462796791_2599688641654411968_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=Ci_SargI4XEQ7kNvgG7ebvt&_nc_ht=scontent-hou1-1.xx&oh=00_AYCzsrsVdh2wmh8OT3jXnKLtKOFIQPVdK7rNhsBe6xLOqw&oe=668B12FF HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449705054_491731483514107_4213972426740765497_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=sfLLDPkRnaYQ7kNvgEmsM24&_nc_ht=video-hou1-1.xx&oh=00_AYDKK53K9bXolIEERe7J3ZqtehB6VIGEfx1JVnAXC5q7jw&oe=668B388A&bytestart=928&byteend=18863 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=824&byteend=963 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yp/r/xHalzKQEhj_.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449749398_919410706654359_5930299620981928735_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E2MCIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=rOrpAmpg2qEQ7kNvgHrh-6Y&_nc_ht=video-hou1-1.xx&oh=00_AYCTXVxhfNzeBOavxbvCAUwoD6y6ShLZHvezDgM-zVRHrg&oe=668B327F&bytestart=0&byteend=825 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=L88xvZKaI7iRGzfqXxrxATkRu97BOaaTnBIb9aShnOTMIkniu0k2h2Qlobgks0pT_gYtiNnf_AxzKwA9o2CgeojffejKEvr1NVLI3td5gu2JHLVVvqm0iLCp-JIUbkXKhGis3vEY_hlpzc0dtGNZvr7B9TlifjFpm_gqZlu65Sg
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=1012&byteend=18621 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449694296_1560210191559240_4020235943818543510_n.mp4?_nc_cat=108&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=G_r6oeHwmwAQ7kNvgG6sqtC&_nc_ht=video-hou1-1.xx&oh=00_AYDS2eQw4y1eaYumABsQPAZWQpmI7avDCc5ri5ShKEtmDA&oe=668B3299&bytestart=0&byteend=825 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/441895106_1198366088013188_6995649902217432552_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=4WgkZe3RElIQ7kNvgG2v3tP&_nc_ht=scontent-hou1-1.xx&oh=00_AYDb-M11Z0SNpwvXrjD3QZn7r2IuxM_jwUBShiw8VZhMjQ&oe=668B2C36 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZe.AWWM1Pe9py0
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=918&byteend=120110 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=0&byteend=825 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/449786290_1602805117231876_4060912889184558328_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=34Ah_F40SnsQ7kNvgH6BA0K&_nc_ht=scontent-hou1-1.xx&oh=00_AYBllGOcxhYMF3vf4H94uWio-xw5ujSDUZXsOOWKeJbvww&oe=668B3972 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449694296_1560210191559240_4020235943818543510_n.mp4?_nc_cat=108&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=G_r6oeHwmwAQ7kNvgG6sqtC&_nc_ht=video-hou1-1.xx&oh=00_AYDS2eQw4y1eaYumABsQPAZWQpmI7avDCc5ri5ShKEtmDA&oe=668B3299&bytestart=826&byteend=1013 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449749398_919410706654359_5930299620981928735_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E2MCIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=rOrpAmpg2qEQ7kNvgHrh-6Y&_nc_ht=video-hou1-1.xx&oh=00_AYCTXVxhfNzeBOavxbvCAUwoD6y6ShLZHvezDgM-zVRHrg&oe=668B327F&bytestart=826&byteend=905 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/448827281_1000449061755355_8485620690939993684_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=tmxMzlxytgsQ7kNvgGNvup2&_nc_ht=video-hou1-1.xx&oh=00_AYC3vkKp0JXb8qLN0MZER1vtR4PHP7zT3IQbzeobYJCQ2Q&oe=668B2530&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=906&byteend=589905 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449749398_919410706654359_5930299620981928735_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E2MCIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=rOrpAmpg2qEQ7kNvgHrh-6Y&_nc_ht=video-hou1-1.xx&oh=00_AYCTXVxhfNzeBOavxbvCAUwoD6y6ShLZHvezDgM-zVRHrg&oe=668B327F&bytestart=906&byteend=85414 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/442058648_1390260634990350_3671320554231620569_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=YHyfjqs1T0kQ7kNvgGvisSS&_nc_ht=scontent-hou1-1.xx&oh=00_AYBYI33eJMZCXkexmSD0KK_SoAPEM1EGdCY5gNvWJYScLA&oe=668B1CF7 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=0&byteend=823 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449694296_1560210191559240_4020235943818543510_n.mp4?_nc_cat=108&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=G_r6oeHwmwAQ7kNvgG6sqtC&_nc_ht=video-hou1-1.xx&oh=00_AYDS2eQw4y1eaYumABsQPAZWQpmI7avDCc5ri5ShKEtmDA&oe=668B3299&bytestart=1014&byteend=45134 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/448827281_1000449061755355_8485620690939993684_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=tmxMzlxytgsQ7kNvgGNvup2&_nc_ht=video-hou1-1.xx&oh=00_AYC3vkKp0JXb8qLN0MZER1vtR4PHP7zT3IQbzeobYJCQ2Q&oe=668B2530&bytestart=824&byteend=1227 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449701410_474789018534823_132095418009423402_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=a4-7etsBSc0Q7kNvgGNQ-c5&_nc_ht=video-hou1-1.xx&oh=00_AYBddMuxclFe9RyZwMpsaRcIsWvTHMHPaUlXWSkfhVbxJg&oe=668B2AE3&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=824&byteend=1011 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449701410_474789018534823_132095418009423402_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=a4-7etsBSc0Q7kNvgGNQ-c5&_nc_ht=video-hou1-1.xx&oh=00_AYBddMuxclFe9RyZwMpsaRcIsWvTHMHPaUlXWSkfhVbxJg&oe=668B2AE3&bytestart=824&byteend=963 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oa5o9uA9VCL7oVb&MD=hA871sDz HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/442087186_999319485526623_3702523058544328049_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=ysDgVWmhzsgQ7kNvgFJCUSV&_nc_ht=scontent-hou1-1.xx&oh=00_AYD6KPcaHZ_5J2vWme9cMQRf1tgAcyjbvd2Uq3kX6dUMTQ&oe=668B1809 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449694296_1560210191559240_4020235943818543510_n.mp4?_nc_cat=108&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=G_r6oeHwmwAQ7kNvgG6sqtC&_nc_ht=video-hou1-1.xx&oh=00_AYDS2eQw4y1eaYumABsQPAZWQpmI7avDCc5ri5ShKEtmDA&oe=668B3299&bytestart=0&byteend=825 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/448827281_1000449061755355_8485620690939993684_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=tmxMzlxytgsQ7kNvgGNvup2&_nc_ht=video-hou1-1.xx&oh=00_AYC3vkKp0JXb8qLN0MZER1vtR4PHP7zT3IQbzeobYJCQ2Q&oe=668B2530&bytestart=1228&byteend=14626 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=0&byteend=825 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=826&byteend=893 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=1012&byteend=18621 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3i8xq4/ym/l/en_GB/DKP4VMyHWvT.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449705054_491731483514107_4213972426740765497_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=sfLLDPkRnaYQ7kNvgEmsM24&_nc_ht=video-hou1-1.xx&oh=00_AYDKK53K9bXolIEERe7J3ZqtehB6VIGEfx1JVnAXC5q7jw&oe=668B388A&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449701410_474789018534823_132095418009423402_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=a4-7etsBSc0Q7kNvgGNQ-c5&_nc_ht=video-hou1-1.xx&oh=00_AYBddMuxclFe9RyZwMpsaRcIsWvTHMHPaUlXWSkfhVbxJg&oe=668B2AE3&bytestart=964&byteend=14683 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yb/r/7NqDjYL3eb9.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449705054_491731483514107_4213972426740765497_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=sfLLDPkRnaYQ7kNvgEmsM24&_nc_ht=video-hou1-1.xx&oh=00_AYDKK53K9bXolIEERe7J3ZqtehB6VIGEfx1JVnAXC5q7jw&oe=668B388A&bytestart=824&byteend=927 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449694296_1560210191559240_4020235943818543510_n.mp4?_nc_cat=108&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=G_r6oeHwmwAQ7kNvgG6sqtC&_nc_ht=video-hou1-1.xx&oh=00_AYDS2eQw4y1eaYumABsQPAZWQpmI7avDCc5ri5ShKEtmDA&oe=668B3299&bytestart=826&byteend=1013 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3ieKI4/yR/l/en_GB/0bfveO1rdQO.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/448827281_1000449061755355_8485620690939993684_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=tmxMzlxytgsQ7kNvgGNvup2&_nc_ht=video-hou1-1.xx&oh=00_AYC3vkKp0JXb8qLN0MZER1vtR4PHP7zT3IQbzeobYJCQ2Q&oe=668B2530&bytestart=0&byteend=823 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yo/r/R39EhsDDUBY.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/442047941_1143827496886141_2522773122118489220_n.jpg?stp=dst-jpg_p206x206&_nc_cat=111&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=3Q6K75JvDH0Q7kNvgGw2m2C&_nc_ht=scontent-hou1-1.xx&oh=00_AYCpsU3kmE5FznHDq06GSeIOfyiLtf4bDK23nfUESJPDSQ&oe=668B10CD HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1756697494&timestamp=1720014433319 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449694296_1560210191559240_4020235943818543510_n.mp4?_nc_cat=108&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=G_r6oeHwmwAQ7kNvgG6sqtC&_nc_ht=video-hou1-1.xx&oh=00_AYDS2eQw4y1eaYumABsQPAZWQpmI7avDCc5ri5ShKEtmDA&oe=668B3299&bytestart=1014&byteend=45134 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yp/r/xHalzKQEhj_.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZe.AWWM1Pe9py0
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/438227998_963705932159565_7340903352037785771_n.jpg?stp=dst-jpg_p296x100&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=1xjCnifaTkkQ7kNvgGL-gKy&_nc_ht=scontent-hou1-1.xx&oh=00_AYADlQRqzZ2P08jO-As9NPO_adR-6OwCkbxDjNJ2LcT8sA&oe=668B16B9 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/448827281_1000449061755355_8485620690939993684_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=tmxMzlxytgsQ7kNvgGNvup2&_nc_ht=video-hou1-1.xx&oh=00_AYC3vkKp0JXb8qLN0MZER1vtR4PHP7zT3IQbzeobYJCQ2Q&oe=668B2530&bytestart=824&byteend=1227 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=0&byteend=825 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/448827281_1000449061755355_8485620690939993684_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=tmxMzlxytgsQ7kNvgGNvup2&_nc_ht=video-hou1-1.xx&oh=00_AYC3vkKp0JXb8qLN0MZER1vtR4PHP7zT3IQbzeobYJCQ2Q&oe=668B2530&bytestart=1228&byteend=14626 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=hkWvCo4-Yo0GmlC3iXImvlg2KncAMYmCXERc2GpoxFBEjFXHxMkXDLb68u_fRCxyU0S2c0_jHFXyKFKHzTE6bSo1l9Pj4HqGRu_6BDL_hST12n6sIA5kLNYGihANrjGBwsQq2w0wGHCViUPBFxGfplwxKNzAMl6VmNR-D_uIKp0
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=894&byteend=83807 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449705054_491731483514107_4213972426740765497_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=sfLLDPkRnaYQ7kNvgEmsM24&_nc_ht=video-hou1-1.xx&oh=00_AYDKK53K9bXolIEERe7J3ZqtehB6VIGEfx1JVnAXC5q7jw&oe=668B388A&bytestart=928&byteend=18863 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=826&byteend=893 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449705054_491731483514107_4213972426740765497_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=sfLLDPkRnaYQ7kNvgEmsM24&_nc_ht=video-hou1-1.xx&oh=00_AYDKK53K9bXolIEERe7J3ZqtehB6VIGEfx1JVnAXC5q7jw&oe=668B388A&bytestart=824&byteend=927 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449749398_919410706654359_5930299620981928735_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E2MCIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=rOrpAmpg2qEQ7kNvgHrh-6Y&_nc_ht=video-hou1-1.xx&oh=00_AYCTXVxhfNzeBOavxbvCAUwoD6y6ShLZHvezDgM-zVRHrg&oe=668B327F&bytestart=0&byteend=825 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449749398_919410706654359_5930299620981928735_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E2MCIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=rOrpAmpg2qEQ7kNvgHrh-6Y&_nc_ht=video-hou1-1.xx&oh=00_AYCTXVxhfNzeBOavxbvCAUwoD6y6ShLZHvezDgM-zVRHrg&oe=668B327F&bytestart=826&byteend=905 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=L88xvZKaI7iRGzfqXxrxATkRu97BOaaTnBIb9aShnOTMIkniu0k2h2Qlobgks0pT_gYtiNnf_AxzKwA9o2CgeojffejKEvr1NVLI3td5gu2JHLVVvqm0iLCp-JIUbkXKhGis3vEY_hlpzc0dtGNZvr7B9TlifjFpm_gqZlu65Sg
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449749398_919410706654359_5930299620981928735_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E2MCIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=rOrpAmpg2qEQ7kNvgHrh-6Y&_nc_ht=video-hou1-1.xx&oh=00_AYCTXVxhfNzeBOavxbvCAUwoD6y6ShLZHvezDgM-zVRHrg&oe=668B327F&bytestart=906&byteend=85414 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/442047941_1143827496886141_2522773122118489220_n.jpg?stp=dst-jpg_p206x206&_nc_cat=111&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=3Q6K75JvDH0Q7kNvgGw2m2C&_nc_ht=scontent-hou1-1.xx&oh=00_AYCpsU3kmE5FznHDq06GSeIOfyiLtf4bDK23nfUESJPDSQ&oe=668B10CD HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449701410_474789018534823_132095418009423402_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=a4-7etsBSc0Q7kNvgGNQ-c5&_nc_ht=video-hou1-1.xx&oh=00_AYBddMuxclFe9RyZwMpsaRcIsWvTHMHPaUlXWSkfhVbxJg&oe=668B2AE3&bytestart=0&byteend=823 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449705054_491731483514107_4213972426740765497_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=sfLLDPkRnaYQ7kNvgEmsM24&_nc_ht=video-hou1-1.xx&oh=00_AYDKK53K9bXolIEERe7J3ZqtehB6VIGEfx1JVnAXC5q7jw&oe=668B388A&bytestart=0&byteend=823 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449701410_474789018534823_132095418009423402_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=a4-7etsBSc0Q7kNvgGNQ-c5&_nc_ht=video-hou1-1.xx&oh=00_AYBddMuxclFe9RyZwMpsaRcIsWvTHMHPaUlXWSkfhVbxJg&oe=668B2AE3&bytestart=824&byteend=963 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/y_/r/EujyFHnNhhH.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3iZ_a4/yg/l/en_GB/Ob6F3Vt7OqX.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449701410_474789018534823_132095418009423402_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=a4-7etsBSc0Q7kNvgGNQ-c5&_nc_ht=video-hou1-1.xx&oh=00_AYBddMuxclFe9RyZwMpsaRcIsWvTHMHPaUlXWSkfhVbxJg&oe=668B2AE3&bytestart=964&byteend=14683 HTTP/1.1Host: video-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449705054_491731483514107_4213972426740765497_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=sfLLDPkRnaYQ7kNvgEmsM24&_nc_ht=video-hou1-1.xx&oh=00_AYDKK53K9bXolIEERe7J3ZqtehB6VIGEfx1JVnAXC5q7jw&oe=668B388A&bytestart=928&byteend=18863 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=894&byteend=83807 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449749398_919410706654359_5930299620981928735_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E2MCIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=rOrpAmpg2qEQ7kNvgHrh-6Y&_nc_ht=video-hou1-1.xx&oh=00_AYCTXVxhfNzeBOavxbvCAUwoD6y6ShLZHvezDgM-zVRHrg&oe=668B327F&bytestart=906&byteend=85414 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449749398_919410706654359_5930299620981928735_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E2MCIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=rOrpAmpg2qEQ7kNvgHrh-6Y&_nc_ht=video-hou1-1.xx&oh=00_AYCTXVxhfNzeBOavxbvCAUwoD6y6ShLZHvezDgM-zVRHrg&oe=668B327F&bytestart=826&byteend=905 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/438227998_963705932159565_7340903352037785771_n.jpg?stp=dst-jpg_p296x100&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=1xjCnifaTkkQ7kNvgGL-gKy&_nc_ht=scontent-hou1-1.xx&oh=00_AYADlQRqzZ2P08jO-As9NPO_adR-6OwCkbxDjNJ2LcT8sA&oe=668B16B9 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449701410_474789018534823_132095418009423402_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=a4-7etsBSc0Q7kNvgGNQ-c5&_nc_ht=video-hou1-1.xx&oh=00_AYBddMuxclFe9RyZwMpsaRcIsWvTHMHPaUlXWSkfhVbxJg&oe=668B2AE3&bytestart=0&byteend=823 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=9&__rev=1014647652&__s=hnigsi%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZj.AWVclA2gSBU; wd=1034x870; _js_datr=UlaFZkd7zJnC6yWNhSBNqp0i
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yN/r/7mFwSll_FX0.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449749398_919410706654359_5930299620981928735_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E2MCIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=rOrpAmpg2qEQ7kNvgHrh-6Y&_nc_ht=video-hou1-1.xx&oh=00_AYCTXVxhfNzeBOavxbvCAUwoD6y6ShLZHvezDgM-zVRHrg&oe=668B327F&bytestart=0&byteend=825 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449701410_474789018534823_132095418009423402_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=a4-7etsBSc0Q7kNvgGNQ-c5&_nc_ht=video-hou1-1.xx&oh=00_AYBddMuxclFe9RyZwMpsaRcIsWvTHMHPaUlXWSkfhVbxJg&oe=668B2AE3&bytestart=824&byteend=963 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.25447-2/449701410_474789018534823_132095418009423402_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=a4-7etsBSc0Q7kNvgGNQ-c5&_nc_ht=video-hou1-1.xx&oh=00_AYBddMuxclFe9RyZwMpsaRcIsWvTHMHPaUlXWSkfhVbxJg&oe=668B2AE3&bytestart=964&byteend=14683 HTTP/1.1Host: video.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/bulk-route-definitions/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZe.AWWM1Pe9py0
Source: global trafficHTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=LLVosU5eptfcdDOIR2wNdW0L6uNEyhSMOfkL99lhTpCOY0uyL8tXOOwIj7BSudlKIcjm-5FJd0m9EspKDeAvqKHoA1fhZGtm09s1Fhe-H0FrssTZBuXUsf7eu4E3vznNytVWmtRdbPGkWeJFfIWnDJwP0mS_xnmbUUtD0mucwMY
Source: global trafficHTTP traffic detected: GET /v/t39.30808-1/449321335_395689360177909_8550182580164337098_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=102&ccb=1-7&_nc_sid=50d2ac&_nc_ohc=_Xa0Uj6O_nMQ7kNvgGuNcWv&_nc_ht=scontent-hou1-1.xx&oh=00_AYAKGvx2DcfP2mtCRlf1OfbIssA3-V862UHeEWtcU2ZXbg&oe=668B1EAB HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yy/r/VJPoervtPtX.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=a&__rev=1014647652&__s=hnigsi%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1034x870; _js_datr=UlaFZkd7zJnC6yWNhSBNqp0i; fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZm.AWV22gvLDGc
Source: global trafficHTTP traffic detected: GET /v/t39.30808-1/289004470_580488300108017_2940314955690280756_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=FAMyFz7apqoQ7kNvgFhFiWn&_nc_ht=scontent-hou1-1.xx&oh=00_AYDHLxN6yljKnFv_vu2kY2lnm3xovL4hgUVuejOCJYaU0A&oe=668B2C89 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.30808-1/449321335_395689360177909_8550182580164337098_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=102&ccb=1-7&_nc_sid=50d2ac&_nc_ohc=_Xa0Uj6O_nMQ7kNvgGuNcWv&_nc_ht=scontent-hou1-1.xx&oh=00_AYAKGvx2DcfP2mtCRlf1OfbIssA3-V862UHeEWtcU2ZXbg&oe=668B1EAB HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=LLVosU5eptfcdDOIR2wNdW0L6uNEyhSMOfkL99lhTpCOY0uyL8tXOOwIj7BSudlKIcjm-5FJd0m9EspKDeAvqKHoA1fhZGtm09s1Fhe-H0FrssTZBuXUsf7eu4E3vznNytVWmtRdbPGkWeJFfIWnDJwP0mS_xnmbUUtD0mucwMY
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/438062513_882312713691783_6862801772264223093_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=N3lYMSNitWIQ7kNvgFJ4H4B&_nc_ht=scontent-hou1-1.xx&oh=00_AYBi4m8b1qpd5xjF5VU1M1VoiLWeSG3SItPJ3m5NoUmPhg&oe=668B0E37 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.30808-1/242231534_109498171480252_4909944789575946511_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=101&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=IVI8DmqEO6gQ7kNvgHMETd2&_nc_ht=scontent-hou1-1.xx&oh=00_AYBmvLXpXkFyF_Q2oj_mbyhtb0eTAVdiAa8R6hFKTIPL9A&oe=668B2D3B HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.30808-1/289004470_580488300108017_2940314955690280756_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=FAMyFz7apqoQ7kNvgFhFiWn&_nc_ht=scontent-hou1-1.xx&oh=00_AYDHLxN6yljKnFv_vu2kY2lnm3xovL4hgUVuejOCJYaU0A&oe=668B2C89 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/441934308_773094221360767_7100231602105543691_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=U8gXjd1OGkIQ7kNvgEAX5RG&_nc_ht=scontent-hou1-1.xx&oh=00_AYC0Xmzs7bnhR3838ubHXK0x1IC-aQE4wMezNbiKTTs_MQ&oe=668B36FC HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.30808-1/244246203_368581291613392_1417098440599807693_n.jpg?stp=c5.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=C0KcJBzniAAQ7kNvgH8NYBv&_nc_ht=scontent-hou1-1.xx&oh=00_AYBOIaa_lTmoE5spXLrfBA0gucmO5IeYRK-zCRENrcYdcQ&oe=668B3AE6 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.30808-1/242231534_109498171480252_4909944789575946511_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=101&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=IVI8DmqEO6gQ7kNvgHMETd2&_nc_ht=scontent-hou1-1.xx&oh=00_AYBmvLXpXkFyF_Q2oj_mbyhtb0eTAVdiAa8R6hFKTIPL9A&oe=668B2D3B HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=b&__rev=1014647652&__s=hnigsi%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1034x870; _js_datr=UlaFZkd7zJnC6yWNhSBNqp0i; fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZp.AWVf5C-ROzE
Source: global trafficHTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=LLVosU5eptfcdDOIR2wNdW0L6uNEyhSMOfkL99lhTpCOY0uyL8tXOOwIj7BSudlKIcjm-5FJd0m9EspKDeAvqKHoA1fhZGtm09s1Fhe-H0FrssTZBuXUsf7eu4E3vznNytVWmtRdbPGkWeJFfIWnDJwP0mS_xnmbUUtD0mucwMY
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/438062513_882312713691783_6862801772264223093_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=N3lYMSNitWIQ7kNvgFJ4H4B&_nc_ht=scontent-hou1-1.xx&oh=00_AYBi4m8b1qpd5xjF5VU1M1VoiLWeSG3SItPJ3m5NoUmPhg&oe=668B0E37 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/446011137_845336897476330_471070398515497688_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=v7hJjTPWU-8Q7kNvgEv2wTk&_nc_ht=scontent-hou1-1.xx&oh=00_AYCfTZltWEu8w35W3YzOzPGVyDPH-ZqRjNGO2SbVQQFKMA&oe=668B33D6 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/441934308_773094221360767_7100231602105543691_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=U8gXjd1OGkIQ7kNvgEAX5RG&_nc_ht=scontent-hou1-1.xx&oh=00_AYC0Xmzs7bnhR3838ubHXK0x1IC-aQE4wMezNbiKTTs_MQ&oe=668B36FC HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.30808-1/448001140_758484949781403_5707096694857716649_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=0Zt0Nck3CcoQ7kNvgFdqAzb&_nc_ht=scontent-hou1-1.xx&oh=00_AYCLXqyxsipKvT3Xhku9bViUG-gAfXoGcoNY5BLzS1sHOw&oe=668B2981 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.30808-1/244246203_368581291613392_1417098440599807693_n.jpg?stp=c5.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=C0KcJBzniAAQ7kNvgH8NYBv&_nc_ht=scontent-hou1-1.xx&oh=00_AYBOIaa_lTmoE5spXLrfBA0gucmO5IeYRK-zCRENrcYdcQ&oe=668B3AE6 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/441997224_449546051214555_5260019720502139937_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=hZGlU0omaAAQ7kNvgHfdoW5&_nc_ht=scontent-hou1-1.xx&oh=00_AYBKeUbr4JQNlIF3qIQBWI-0ajfoCIj1KBg8bAz59ZEoew&oe=668B32F0 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.30808-1/313399490_461489709413533_2159168188941594444_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=A4zvnoUk0h4Q7kNvgF-Yqyj&_nc_ht=scontent-hou1-1.xx&oh=00_AYDDRJpxF-7oowhjoqkqX9nzURaH4VTVbSSrVWSeUSTTbA&oe=668B1878 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/446068353_999612811433881_8854588659946229745_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=RpsbA1wn8ZwQ7kNvgGha4UO&_nc_ht=scontent-hou1-1.xx&oh=00_AYBZ922IFWTLq33N1-vRQM-jp4KhmslU9OrrRaAV8D7U4g&oe=668B1FE7 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/446011137_845336897476330_471070398515497688_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=v7hJjTPWU-8Q7kNvgEv2wTk&_nc_ht=scontent-hou1-1.xx&oh=00_AYCfTZltWEu8w35W3YzOzPGVyDPH-ZqRjNGO2SbVQQFKMA&oe=668B33D6 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.30808-1/448001140_758484949781403_5707096694857716649_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=0Zt0Nck3CcoQ7kNvgFdqAzb&_nc_ht=scontent-hou1-1.xx&oh=00_AYCLXqyxsipKvT3Xhku9bViUG-gAfXoGcoNY5BLzS1sHOw&oe=668B2981 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.30808-1/347289288_940658950320773_5181046417556168232_n.jpg?stp=cp6_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=50d2ac&_nc_ohc=lUai_6JnLsUQ7kNvgGud4pc&_nc_ht=scontent-hou1-1.xx&oh=00_AYCZHvtcBsXaonrh2ASHSgFuSaMRue07RBVkGTtP2PHBEQ&oe=668B288F HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/441997224_449546051214555_5260019720502139937_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=hZGlU0omaAAQ7kNvgHfdoW5&_nc_ht=scontent-hou1-1.xx&oh=00_AYBKeUbr4JQNlIF3qIQBWI-0ajfoCIj1KBg8bAz59ZEoew&oe=668B32F0 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/425478622_803107061684058_7756145227518702986_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=FlZpkggWfPIQ7kNvgFXGwMR&_nc_ht=scontent-hou1-1.xx&oh=00_AYD1bicKhj_fDjkC0Jrc9uPzT9mc3-iPaH12TRxTtEkO7g&oe=668B1742 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.30808-1/313399490_461489709413533_2159168188941594444_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=A4zvnoUk0h4Q7kNvgF-Yqyj&_nc_ht=scontent-hou1-1.xx&oh=00_AYDDRJpxF-7oowhjoqkqX9nzURaH4VTVbSSrVWSeUSTTbA&oe=668B1878 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /hads-ak-prn2/1487645_6012475414660_1439393861_n.png HTTP/1.1Host: scontent.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.30808-1/433129071_935133255288704_3257703405738048815_n.jpg?stp=c0.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=otqXuLx_E1EQ7kNvgFnvvly&_nc_ht=scontent-hou1-1.xx&oh=00_AYA6D03wweMwBvay2J7uea18YYF9XZUEe_UiJceuZEtTMA&oe=668B235D HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/446068353_999612811433881_8854588659946229745_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=RpsbA1wn8ZwQ7kNvgGha4UO&_nc_ht=scontent-hou1-1.xx&oh=00_AYBZ922IFWTLq33N1-vRQM-jp4KhmslU9OrrRaAV8D7U4g&oe=668B1FE7 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yO/r/q8Uic1K195T.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.30808-1/347289288_940658950320773_5181046417556168232_n.jpg?stp=cp6_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=50d2ac&_nc_ohc=lUai_6JnLsUQ7kNvgGud4pc&_nc_ht=scontent-hou1-1.xx&oh=00_AYCZHvtcBsXaonrh2ASHSgFuSaMRue07RBVkGTtP2PHBEQ&oe=668B288F HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/425478622_803107061684058_7756145227518702986_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=FlZpkggWfPIQ7kNvgFXGwMR&_nc_ht=scontent-hou1-1.xx&oh=00_AYD1bicKhj_fDjkC0Jrc9uPzT9mc3-iPaH12TRxTtEkO7g&oe=668B1742 HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/442015974_912843267314068_1743771999496193037_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=zkb3Mq01jDsQ7kNvgHbfuPm&_nc_ht=scontent-hou1-1.xx&oh=00_AYDi1cWU_CyeTN-LK4i01f38fd_u6Dcvx_s3QT3qCalc1g&oe=668B155D HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Range: bytes=83369-83369If-Range: Mon, 01 Jul 2024 00:57:24 GMT
Source: global trafficHTTP traffic detected: GET /hads-ak-prn2/1487645_6012475414660_1439393861_n.png HTTP/1.1Host: scontent.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t39.30808-1/433129071_935133255288704_3257703405738048815_n.jpg?stp=c0.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=otqXuLx_E1EQ7kNvgFnvvly&_nc_ht=scontent-hou1-1.xx&oh=00_AYA6D03wweMwBvay2J7uea18YYF9XZUEe_UiJceuZEtTMA&oe=668B235D HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yO/r/q8Uic1K195T.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/442015974_912843267314068_1743771999496193037_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=zkb3Mq01jDsQ7kNvgHbfuPm&_nc_ht=scontent-hou1-1.xx&oh=00_AYDi1cWU_CyeTN-LK4i01f38fd_u6Dcvx_s3QT3qCalc1g&oe=668B155D HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Range: bytes=83369-90610If-Range: Mon, 01 Jul 2024 00:57:24 GMT
Source: global trafficHTTP traffic detected: GET /v/t15.5256-10/442015974_912843267314068_1743771999496193037_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=zkb3Mq01jDsQ7kNvgHbfuPm&_nc_ht=scontent-hou1-1.xx&oh=00_AYDi1cWU_CyeTN-LK4i01f38fd_u6Dcvx_s3QT3qCalc1g&oe=668B155D HTTP/1.1Host: scontent-hou1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/yT/r/aGT3gskzWBf.ico HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /data/manifest/ HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://www.facebook.com/videoAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1034x870; _js_datr=UlaFZkd7zJnC6yWNhSBNqp0i; fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZp.AWVf5C-ROzE
Source: global trafficHTTP traffic detected: GET /shared/user_preferences/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1034x870; fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZp.AWVf5C-ROzE; datr=UlaFZkd7zJnC6yWNhSBNqp0i
Source: global trafficHTTP traffic detected: GET /rsrc.php/yT/r/aGT3gskzWBf.ico HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/webstorage/process_keys/?state=1 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1034x870; fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZp.AWVf5C-ROzE; datr=UlaFZkd7zJnC6yWNhSBNqp0i
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/y0/r/eFZD1KABzRA.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/y0/r/eFZD1KABzRA.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=LLVosU5eptfcdDOIR2wNdW0L6uNEyhSMOfkL99lhTpCOY0uyL8tXOOwIj7BSudlKIcjm-5FJd0m9EspKDeAvqKHoA1fhZGtm09s1Fhe-H0FrssTZBuXUsf7eu4E3vznNytVWmtRdbPGkWeJFfIWnDJwP0mS_xnmbUUtD0mucwMY
Source: global trafficHTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=LLVosU5eptfcdDOIR2wNdW0L6uNEyhSMOfkL99lhTpCOY0uyL8tXOOwIj7BSudlKIcjm-5FJd0m9EspKDeAvqKHoA1fhZGtm09s1Fhe-H0FrssTZBuXUsf7eu4E3vznNytVWmtRdbPGkWeJFfIWnDJwP0mS_xnmbUUtD0mucwMY
Source: global trafficHTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=LLVosU5eptfcdDOIR2wNdW0L6uNEyhSMOfkL99lhTpCOY0uyL8tXOOwIj7BSudlKIcjm-5FJd0m9EspKDeAvqKHoA1fhZGtm09s1Fhe-H0FrssTZBuXUsf7eu4E3vznNytVWmtRdbPGkWeJFfIWnDJwP0mS_xnmbUUtD0mucwMY
Source: global trafficHTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=f&__rev=1014647652&__s=%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1034x870; datr=UlaFZkd7zJnC6yWNhSBNqp0i; fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZz.AWW6H7SktAk
Source: global trafficHTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=515=LLVosU5eptfcdDOIR2wNdW0L6uNEyhSMOfkL99lhTpCOY0uyL8tXOOwIj7BSudlKIcjm-5FJd0m9EspKDeAvqKHoA1fhZGtm09s1Fhe-H0FrssTZBuXUsf7eu4E3vznNytVWmtRdbPGkWeJFfIWnDJwP0mS_xnmbUUtD0mucwMY
Source: global trafficHTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=g&__rev=1014647652&__s=%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1034x870; datr=UlaFZkd7zJnC6yWNhSBNqp0i; fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZz.AWW6H7SktAk
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oa5o9uA9VCL7oVb&MD=hA871sDz HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=h&__rev=1014647652&__s=%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1034x870; datr=UlaFZkd7zJnC6yWNhSBNqp0i; fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZz.AWW6H7SktAk
Source: global trafficHTTP traffic detected: GET /ajax/webstorage/process_keys/?state=1 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1034x870; datr=UlaFZkd7zJnC6yWNhSBNqp0i; fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZz.AWW6H7SktAk
Source: global trafficHTTP traffic detected: GET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=j&__rev=1014647652&__s=%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C3 HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wd=1034x870; datr=UlaFZkd7zJnC6yWNhSBNqp0i; fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVam.AWW2V73eVqY
Source: chromecache_325.7.drString found in binary or memory: * License: https://www.facebook.com/legal/license/A4tfXiHOGrs/ equals www.facebook.com (Facebook)
Source: chromecache_379.7.drString found in binary or memory: * License: https://www.facebook.com/legal/license/CCT5pM3qiNk/ equals www.facebook.com (Facebook)
Source: chromecache_325.7.drString found in binary or memory: * License: https://www.facebook.com/legal/license/Ga6vBwdwgUx/ equals www.facebook.com (Facebook)
Source: chromecache_379.7.drString found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
Source: chromecache_379.7.drString found in binary or memory: * License: https://www.facebook.com/legal/license/OKBVmODmb-W/ equals www.facebook.com (Facebook)
Source: chromecache_379.7.drString found in binary or memory: * License: https://www.facebook.com/legal/license/V9vdYColc4k/ equals www.facebook.com (Facebook)
Source: chromecache_379.7.drString found in binary or memory: * License: https://www.facebook.com/legal/license/WRsJ32R7YJG/ equals www.facebook.com (Facebook)
Source: chromecache_379.7.drString found in binary or memory: * License: https://www.facebook.com/legal/license/aJoeSHn7XcN/ equals www.facebook.com (Facebook)
Source: chromecache_379.7.drString found in binary or memory: * License: https://www.facebook.com/legal/license/t3hOLs8wlXy/ equals www.facebook.com (Facebook)
Source: osr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: >https://www.youtube.com/accountcrosoft\WindowsINetCookies equals www.youtube.com (Youtube)
Source: chromecache_403.7.drString found in binary or memory: _.$w(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.$w(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.$w(_.ix(c))+"&hl="+_.$w(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.$w(m)+"/chromebook/termsofservice.html?languageCode="+_.$w(d)+"&regionCode="+_.$w(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded":"")+"?hl="+_.$w(d)+"&gl="+_.$w(c)+(g?"&color_scheme="+ equals www.youtube.com (Youtube)
Source: chromecache_218.7.drString found in binary or memory: __d("Chromedome",["fbt"],(function(a,b,c,d,e,f,g,h){function i(){if(document.domain==null)return null;var a=document.domain,b=/^intern\./.test(a);if(b)return null;b=/(^|\.)facebook\.(com|sg)$/.test(a);if(b)return"facebook";b=/(^|\.)instagram\.com$/.test(a);if(b)return"instagram";b=/(^|\.)threads\.net$/.test(a);if(b)return"threads";b=/(^|\.)messenger\.com$/.test(a);return b?"messenger":null}function j(a){if(a==="instagram")return h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable an Instagram feature or \"hack\" someone's account, it is a scam and will give them access to your Instagram account.");return a==="threads"?h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Threads feature or \"hack\" someone's account, it is a scam and will give them access to your Threads account."):h._("This is a browser feature intended for developers. If someone told you to copy and paste something here to enable a Facebook feature or \"hack\" someone's account, it is a scam and will give them access to your Facebook account.")}function a(a){if(top!==window)return;a=i();if(a==null)return;var b=h._("Stop!");a=j(a);var c=h._("See {url} for more information.",[h._param("url","https://www.facebook.com/selfxss")]),d="font-family:helvetica; font-size:20px; ";[[b,d+"font-size:50px; font-weight:bold; color:red; -webkit-text-stroke:1px black;"],[a,d],[c,d],["",""]].map(function(a){window.setTimeout(console.log.bind(console,"\n%c"+a[0].toString(),a[1]))})}g.start=a}),226); equals www.facebook.com (Facebook)
Source: chromecache_379.7.drString found in binary or memory: __d("CometLegalFooter.react",["fbt","ix","BaseMiddot.react","CometErrorBoundary.react","CometLazyPopoverTrigger.react","CometLink.react","CometPressable.react","FBCookieSettingsLoggedOutConfig","JSResourceForInteraction","ServerTime","TetraIcon.react","TetraText.react","XHealthPolicyCometControllerRouteBuilder","XPrivacyPolicyCometControllerRouteBuilder","fbicon","gkx","react","useCurrentRoute"],(function(a,b,c,d,e,f,g,h,i){"use strict";var j,k=j||d("react"),l=c("JSResourceForInteraction")("CometLegalFooterMoreMenu.react").__setRef("CometLegalFooter.react");function m(){try{var a;return(a=new Date(d("ServerTime").getMillis()))==null?void 0:a.getFullYear()}catch(a){return null}}function a(a){var b=a.isHelpCenter;b=b===void 0?!1:b;var e=a.isPage;e=e===void 0?!1:e;var f=a.onClick;a=d("FBCookieSettingsLoggedOutConfig").should_show_cookie_settings;var g=c("useCurrentRoute")(),j=m(),n=c("XPrivacyPolicyCometControllerRouteBuilder").buildUri({entry_point:"comet_dropdown"}),o=c("XHealthPolicyCometControllerRouteBuilder").buildUri({});e=[{href:"https://www.facebook.com/legal/terms/information_about_page_insights_data",label:h._("Information about Page Insights data"),render:e&&c("gkx")("22806")},{href:n.toString(),label:h._("Privacy"),testid:"CometDropdownPrivacy"},{href:o.toString(),label:h._("Consumer Health Privacy"),render:c("gkx")("2828"),testid:"CometDropdownHealthPrivacy"},{href:"/terms?ref=pf",label:"Impressum/Terms/NetzDG/UrhDaG",render:c("gkx")("22807")&&!c("gkx")("22808")},{href:"/terms?ref=pf",label:h._("Imprint\/terms"),render:c("gkx")("22808")},{href:"/legal/germany/",label:"UrhDaG/MStV",render:c("gkx")("22808")},{href:"/policies?ref=pf",label:h._("Terms"),render:!c("gkx")("22807")&&!c("gkx")("22808"),testid:"CometDropdownTerms"},{href:"/business/",label:h._("Advertising")},{href:"/help/568137493302217",label:k.jsxs(k.Fragment,{children:[h._("Ad choices")," ",k.jsx(c("CometErrorBoundary.react"),{children:k.jsx("span",{className:"x1n2onr6 x1qiirwl",children:k.jsx(c("TetraIcon.react"),{color:"secondary",icon:d("fbicon")._(i("871692"),12)})})})]})},{href:"/policies/cookies/",label:h._("Cookies"),testid:"CometDropdownCookies"},{href:"/privacy/cookie_settings/",label:h._("Cookie settings"),render:a},{href:"https://www.facebook.com/help/cancelcontracts?source=facebook.com",label:h._("Cancel contracts here"),open_in_new_tab:!0,render:c("gkx")("4387")}].filter(function(a){return a.render==null||a.render===!0});var p=[];if((g==null?void 0:(n=g.rootView.props)==null?void 0:n.seoCrawlingPool)&&(g==null?void 0:(o=g.rootView.props)==null?void 0:o.seoCrawlingPool.url)){Array.from(Array((g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawlingPool.multiple_links)||0)).forEach(function(a,b){p.push(k.jsxs("li",{className:"xt0psk2",children:[k.jsx(c("CometLink.react"),{color:"secondary",href:g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawlingPool.url,onClick:f,weight:"normal",children:g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawl
Source: chromecache_264.7.drString found in binary or memory: __d("FBReelsURLUtils",["ConstUriUtils","XCometFBReelControllerRouteBuilder","gkx"],(function(a,b,c,d,e,f,g){"use strict";function h(a,b,d,e,f,g,h,i){b=(b=b)!=null?b:"UNKNOWN";var j="group_other",k=void 0;if(Boolean(e)){switch(d){case"group":case"group_mall":j="group";k=f==null?void 0:f;break;case"groups_tab":j="groups_tab";break;default:break}b=j}e={group_id:k,hide_next:h==null?void 0:h,page_id:i==null||i===""?void 0:i,s:b,stack_idx:g==null?void 0:g,video_id:a==null?void 0:a};return c("XCometFBReelControllerRouteBuilder").buildURL(e)}function a(a,b,c,e,f,g){a=h(a,b,c,e,f,g);if(i()){f=(b=d("ConstUriUtils").getUri(a))==null?void 0:(c=b.getQualifiedUri())==null?void 0:(e=c.setDomain("www.facebook.com"))==null?void 0:e.toString();if(f!=null)return f}return a}function b(a){return["fb_shorts_video_deep_dive","fb_shorts_profile_video_deep_dive"].includes(a)}function i(){return c("gkx")("21034")||c("gkx")("24206")}g.getReelsURL=h;g.getReelsAbsoluteURL=a;g.isReelsRenderLocationVDD=b;g.isBizSurface=i}),98); equals www.facebook.com (Facebook)
Source: chromecache_379.7.drString found in binary or memory: __d("FacebookCookieConsentCustomization",["fbt","ix","JSResourceForInteraction","XCookiesPolicyControllerRouteBuilder","isBaseline4EnabledForLoggedOut","isCNILEnabledForLoggedOut","lazyLoadComponent"],(function(a,b,c,d,e,f,g,h,i){"use strict";var j=c("lazyLoadComponent")(c("JSResourceForInteraction")("FacebookCometCookieConsentDialogDataSettings.react").__setRef("FacebookCookieConsentCustomization"));a=function(){var a,b,d,e=null;c("isBaseline4EnabledForLoggedOut")()||c("isCNILEnabledForLoggedOut")()?(b=i("1954651"),d=i("1954649"),e=h._("More options")):(b=i("856481"),d=i("856481"),e=h._("Manage Data Settings"));a=(a=(a=c("XCookiesPolicyControllerRouteBuilder").buildUri({}).getQualifiedUri())==null?void 0:(a=a.setDomain("www.facebook.com"))==null?void 0:a.toString())!=null?a:"";return{essentialCookiesOnly:!1,faviconDark:d,faviconLight:b,policyUrl:a,productName:"FACEBOOK",secondaryAction:{label:e,viewReference:j}}};b=a;g["default"]=b}),226); equals www.facebook.com (Facebook)
Source: chromecache_283.7.drString found in binary or memory: __d("RealtimeGraphQLRequest",["invariant","RequestStreamCommonRequestStreamCommonTypes","TransportSelectingClientSingleton","nullthrows","regeneratorRuntime"],(function(a,b,c,d,e,f,g,h){"use strict";a=function(){function a(a){var b=this,e=a.method,f=a.doc_id,g=a.is_intern,i=a.extra_headers,j=a.body,k=a.instrumentation_data;a=a.sandbox;this.$12=function(a){switch(a){case d("RequestStreamCommonRequestStreamCommonTypes").FlowStatus.Started:if(b.$10){b.$9!=null||h(0,13576);a=Date.now()-c("nullthrows")(b.$9);b.$7!=null&&b.$7(a)}else b.$10=!0,b.$5!=null&&b.$5();break;case d("RequestStreamCommonRequestStreamCommonTypes").FlowStatus.Stopped:b.$9=Date.now();b.$6!=null&&b.$6(!1,!1);break;default:break}};this.$10=!1;e={method:e,doc_id:f};g===!0&&(e=babelHelpers["extends"]({},e,{www_tier:"intern"}));a!=null&&(e=babelHelpers["extends"]({},e,{www_sandbox:a.replace(/^not-www\.(\d+|\w+)\.(od|sb)\.internalfb\.com$/,"www.$1.$2.facebook.com")}));i!=null&&(e=babelHelpers["extends"]({},e,i));this.$1=e;this.$2=JSON.stringify(j);this.$11=k}var e=a.prototype;e.onResponse=function(a){this.$3=a;return this};e.onError=function(a){this.$4=a;return this};e.onActive=function(a){this.$5=a;return this};e.onPause=function(a){this.$6=a;return this};e.onResume=function(a){this.$7=a;return this};e.onRetryUpdateRequestBody=function(a){this.$8=a;this.$1=babelHelpers["extends"]({},this.$1,{request_stream_retry:"false"});return this};e.send=function(){var a,d;return b("regeneratorRuntime").async(function(e){while(1)switch(e.prev=e.next){case 0:this.$3!=null||h(0,33593);a={onData:c("nullthrows")(this.$3)};this.$4!=null&&(a=babelHelpers["extends"]({},a,{onTermination:this.$4}));a=babelHelpers["extends"]({},a,{onFlowStatus:this.$12});this.$8!=null&&(a=babelHelpers["extends"]({},a,{onRetryUpdateRequestBody:this.$8}));e.next=7;return b("regeneratorRuntime").awrap(c("TransportSelectingClientSingleton").requestStream(this.$1,this.$2,a,this.$11));case 7:d=e.sent;return e.abrupt("return",{cancel:function(){d.cancel()},amendExperimental:function(a){try{d.amendWithoutAck(JSON.stringify(a));return!0}catch(a){return!1}}});case 9:case"end":return e.stop()}},null,this)};return a}();g["default"]=a}),98); equals www.facebook.com (Facebook)
Source: osr730ky3m.exe, 00000000.00000002.2022919712.0000000001948000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/video equals www.facebook.com (Facebook)
Source: osr730ky3m.exe, 00000000.00000002.2022919712.0000000001948000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/video@o equals www.facebook.com (Facebook)
Source: osr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/videoI equals www.facebook.com (Facebook)
Source: osr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/video{ equals www.facebook.com (Facebook)
Source: osr730ky3m.exe, 00000000.00000002.2022919712.0000000001948000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: osr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: osr730ky3m.exe, 00000000.00000002.2022919712.0000000001948000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/account-o1& equals www.youtube.com (Youtube)
Source: osr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/accountG equals www.youtube.com (Youtube)
Source: osr730ky3m.exe, 00000000.00000002.2022919712.0000000001948000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/accountqn equals www.youtube.com (Youtube)
Source: osr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: osr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.facebook.comt equals www.facebook.com (Facebook)
Source: osr730ky3m.exe, 00000000.00000002.2022919712.0000000001948000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: osr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.youtube.como equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: www.youtube.com
Source: global trafficDNS traffic detected: DNS query: www.facebook.com
Source: global trafficDNS traffic detected: DNS query: scontent.xx.fbcdn.net
Source: global trafficDNS traffic detected: DNS query: video.xx.fbcdn.net
Source: global trafficDNS traffic detected: DNS query: static.xx.fbcdn.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: video-hou1-1.xx.fbcdn.net
Source: global trafficDNS traffic detected: DNS query: accounts.youtube.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: global trafficDNS traffic detected: DNS query: scontent-hou1-1.xx.fbcdn.net
Source: unknownHTTP traffic detected: POST /ajax/qm/?__a=1&__user=0&__comet_req=15&jazoest=2985 HTTP/1.1Host: www.facebook.comConnection: keep-aliveContent-Length: 124sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedsec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.facebook.comSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.facebook.com/videoAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZe.AWWM1Pe9py0; expires=Tue, 01-Oct-2024 13:47:10 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387405726054556493", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387405726054556493"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0n05Gv3yihyyN8BYN..BmhVZf..AAA.0.0.BmhVZf.AWVKscIayw4; expires=Tue, 01-Oct-2024 13:47:11 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387405730665132324", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387405730665132324"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0gbLfzMOigFDJGoqq..BmhVZi..AAA.0.0.BmhVZi.AWVUNb2eoZo; expires=Tue, 01-Oct-2024 13:47:14 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387405743835857492", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387405743835857492"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZj.AWVclA2gSBU; expires=Tue, 01-Oct-2024 13:47:15 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387405747781763758", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387405747781763758"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZm.AWV22gvLDGc; expires=Tue, 01-Oct-2024 13:47:18 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387405760578320302", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387405760578320302"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZp.AWVf5C-ROzE; expires=Tue, 01-Oct-2024 13:47:21 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387405774604004998", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387405774604004998"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZy.AWWWg5Wbsm0; expires=Tue, 01-Oct-2024 13:47:30 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387405812976483935", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387405812976483935"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZz.AWW6H7SktAk; expires=Tue, 01-Oct-2024 13:47:31 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387405817813619098", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387405817813619098"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVam.AWW2V73eVqY; expires=Tue, 01-Oct-2024 13:48:22 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=Nonereporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387406035344891284", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387406035344891284"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
Source: chromecache_403.7.drString found in binary or memory: https://accounts.google.com
Source: osr730ky3m.exe, 00000000.00000002.2022919712.00000000019AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
Source: osr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/3
Source: osr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/F88&
Source: osr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/K
Source: chromecache_403.7.drString found in binary or memory: https://accounts.google.com/TOS?loc=
Source: osr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/e
Source: osr730ky3m.exe, 00000000.00000002.2022919712.0000000001948000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o
Source: osr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/tt
Source: osr730ky3m.exe, 00000000.00000003.2021404919.00000000019AF000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000002.2022919712.00000000019AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/y
Source: osr730ky3m.exe, 00000000.00000002.2022919712.0000000001948000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comeo
Source: chromecache_255.7.dr, chromecache_273.7.drString found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_403.7.drString found in binary or memory: https://families.google.com/intl/
Source: chromecache_283.7.drString found in binary or memory: https://fburl.com/comet_preloading
Source: chromecache_283.7.drString found in binary or memory: https://fburl.com/dialog-provider).
Source: chromecache_283.7.drString found in binary or memory: https://fburl.com/wiki/m19zmtlh
Source: chromecache_285.7.dr, chromecache_200.7.drString found in binary or memory: https://fburl.com/wiki/xrzohrqb
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://g.co/recover
Source: chromecache_238.7.dr, chromecache_211.7.dr, chromecache_258.7.dr, chromecache_195.7.dr, chromecache_216.7.dr, chromecache_192.7.dr, chromecache_276.7.dr, chromecache_220.7.dr, chromecache_373.7.dr, chromecache_384.7.dr, chromecache_268.7.dr, chromecache_187.7.dr, chromecache_398.7.dr, chromecache_363.7.dr, chromecache_407.7.dr, chromecache_208.7.dr, chromecache_202.7.dr, chromecache_245.7.dr, chromecache_246.7.dr, chromecache_311.7.dr, chromecache_207.7.drString found in binary or memory: https://github.com/shaka-project/shaka-packager
Source: chromecache_238.7.dr, chromecache_211.7.dr, chromecache_258.7.dr, chromecache_195.7.dr, chromecache_216.7.dr, chromecache_192.7.dr, chromecache_276.7.dr, chromecache_220.7.dr, chromecache_373.7.dr, chromecache_384.7.dr, chromecache_268.7.dr, chromecache_187.7.dr, chromecache_398.7.dr, chromecache_363.7.dr, chromecache_407.7.dr, chromecache_208.7.dr, chromecache_202.7.dr, chromecache_245.7.dr, chromecache_246.7.dr, chromecache_311.7.dr, chromecache_207.7.drString found in binary or memory: https://github.com/shaka-project/shaka-packagerv3.2.0-release
Source: chromecache_379.7.drString found in binary or memory: https://optout.aboutads.info/
Source: chromecache_403.7.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://play.google/intl/
Source: chromecache_403.7.drString found in binary or memory: https://policies.google.com/privacy
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://policies.google.com/privacy/additional/embedded?gl=kr
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://policies.google.com/terms
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://policies.google.com/terms/location/embedded
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_200.7.drString found in binary or memory: https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
Source: chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
Source: chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_v1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
Source: chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
Source: chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/get_family_link_2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/get_family_link_dark_2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_fork_who_will_use_dark_v2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_fork_who_will_use_v2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_0.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_0.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/alreadyinstalledfamilylink.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/alreadyinstalledfamilylink_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/installfamilylink.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/installfamilylink_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_379.7.drString found in binary or memory: https://support.google.com/chrome/answer/95647
Source: chromecache_403.7.drString found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_255.7.dr, chromecache_273.7.drString found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://www.google.com
Source: chromecache_403.7.drString found in binary or memory: https://www.google.com/intl/
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_325.7.drString found in binary or memory: https://www.internalfb.com/intern/invariant/
Source: chromecache_379.7.drString found in binary or memory: https://www.youronlinechoices.com/
Source: osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/account
Source: osr730ky3m.exe, 00000000.00000002.2022919712.0000000001948000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/account-o1&
Source: osr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/accountG
Source: osr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/accountcrosoft
Source: osr730ky3m.exe, 00000000.00000002.2022919712.0000000001948000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/accountqn
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: chromecache_379.7.drString found in binary or memory: https://youradchoices.ca/
Source: chromecache_368.7.dr, chromecache_403.7.drString found in binary or memory: https://youtube.com/t/terms?gl=
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50109
Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50119
Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50121
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownHTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49935 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:50101 version: TLS 1.2
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007AEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_007AEAFF
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007AED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_007AED6A
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007AEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_007AEAFF
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0079AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0079AA57
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007C9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_007C9576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: osr730ky3m.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: osr730ky3m.exe, 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_e7f20102-9
Source: osr730ky3m.exe, 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_e2a9ab5f-6
Source: osr730ky3m.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_e1b7de65-a
Source: osr730ky3m.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_20cb7f01-0
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0079D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0079D5EB
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_00791201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00791201
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0079E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0079E8F6
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007380600_2_00738060
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007A20460_2_007A2046
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007982980_2_00798298
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0076E4FF0_2_0076E4FF
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0076676B0_2_0076676B
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007C48730_2_007C4873
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0073CAF00_2_0073CAF0
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0075CAA00_2_0075CAA0
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0074CC390_2_0074CC39
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_00766DD90_2_00766DD9
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0074B1190_2_0074B119
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007391C00_2_007391C0
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007513940_2_00751394
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007517060_2_00751706
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0075781B0_2_0075781B
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0074997D0_2_0074997D
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007379200_2_00737920
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007519B00_2_007519B0
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_00757A4A0_2_00757A4A
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_00751C770_2_00751C77
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_00757CA70_2_00757CA7
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007BBE440_2_007BBE44
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_00769EEE0_2_00769EEE
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_00751F320_2_00751F32
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: String function: 00750A30 appears 46 times
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: String function: 00739CB3 appears 31 times
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: String function: 0074F9F2 appears 40 times
Source: osr730ky3m.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal64.evad.winEXE@36/385@44/18
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007A37B5 GetLastError,FormatMessageW,0_2_007A37B5
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007910BF AdjustTokenPrivileges,CloseHandle,0_2_007910BF
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007916C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_007916C3
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007A51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_007A51CD
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007BA67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_007BA67C
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007A648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_007A648E
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007342A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_007342A2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: osr730ky3m.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\osr730ky3m.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: osr730ky3m.exeReversingLabs: Detection: 75%
Source: unknownProcess created: C:\Users\user\Desktop\osr730ky3m.exe "C:\Users\user\Desktop\osr730ky3m.exe"
Source: C:\Users\user\Desktop\osr730ky3m.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/account
Source: C:\Users\user\Desktop\osr730ky3m.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video
Source: C:\Users\user\Desktop\osr730ky3m.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1976,i,17318209000228502612,2237949357977184644,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2460,i,9995763619029275045,8356352571819763688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2008,i,17384594921740702087,194935732916387498,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4492 --field-trial-handle=2460,i,9995763619029275045,8356352571819763688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=2460,i,9995763619029275045,8356352571819763688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\osr730ky3m.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/accountJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/videoJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2460,i,9995763619029275045,8356352571819763688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4492 --field-trial-handle=2460,i,9995763619029275045,8356352571819763688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=2460,i,9995763619029275045,8356352571819763688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1976,i,17318209000228502612,2237949357977184644,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2008,i,17384594921740702087,194935732916387498,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A66AEDC-93C3-4ACC-BA96-08F5716429F7}\InProcServer32Jump to behavior
Source: Google Drive.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: osr730ky3m.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: osr730ky3m.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: osr730ky3m.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: osr730ky3m.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: osr730ky3m.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: osr730ky3m.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: osr730ky3m.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: osr730ky3m.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: osr730ky3m.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: osr730ky3m.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: osr730ky3m.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: osr730ky3m.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007342DE
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_00750A76 push ecx; ret 0_2_00750A89
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0074F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0074F98E
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007C1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_007C1C41
Source: C:\Users\user\Desktop\osr730ky3m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\osr730ky3m.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96177
Source: C:\Users\user\Desktop\osr730ky3m.exeAPI coverage: 3.0 %
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0076C2A2 FindFirstFileExW,0_2_0076C2A2
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007A68EE FindFirstFileW,FindClose,0_2_007A68EE
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007A698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_007A698F
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0079D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0079D076
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0079D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0079D3A9
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007A9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_007A9642
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007A979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_007A979D
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007A9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_007A9B2B
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0079DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0079DBBE
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007A5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_007A5C97
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007342DE
Source: osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007AEAA2 BlockInput,0_2_007AEAA2
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_00762622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00762622
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007342DE
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_00754CE8 mov eax, dword ptr fs:[00000030h]0_2_00754CE8
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_00790B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00790B62
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_00762622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00762622
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0075083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0075083F
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007509D5 SetUnhandledExceptionFilter,0_2_007509D5
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_00750C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00750C21
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_00791201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00791201
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_00772BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00772BA5
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0079B226 SendInput,keybd_event,0_2_0079B226
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007B22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_007B22DA
Source: C:\Users\user\Desktop\osr730ky3m.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/accountJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/videoJump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/Jump to behavior
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_00790B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00790B62
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_00791663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00791663
Source: osr730ky3m.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: osr730ky3m.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_00750698 cpuid 0_2_00750698
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007A8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_007A8195
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0078D27A GetUserNameW,0_2_0078D27A
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_0076B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_0076B952
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007342DE
Source: osr730ky3m.exeBinary or memory string: WIN_81
Source: osr730ky3m.exeBinary or memory string: WIN_XP
Source: osr730ky3m.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: osr730ky3m.exeBinary or memory string: WIN_XPe
Source: osr730ky3m.exeBinary or memory string: WIN_VISTA
Source: osr730ky3m.exeBinary or memory string: WIN_7
Source: osr730ky3m.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007B1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_007B1204
Source: C:\Users\user\Desktop\osr730ky3m.exeCode function: 0_2_007B1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_007B1806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Drive-by Compromise		1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomains2
Valid Accounts		Scheduled Task/Job2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		2
Valid Accounts		2
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
Access Token Manipulation		1
DLL Side-Loading		NTDS15
System Information Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
Process Injection		1
Masquerading		LSA Secrets121
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
Registry Run Keys / Startup Folder		2
Valid Accounts		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Virtualization/Sandbox Evasion		DCSync2
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
Access Token Manipulation		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
Process Injection		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1466960 Sample: osr730ky3m.exe Startdate: 03/07/2024 Architecture: WINDOWS Score: 64 40 Multi AV Scanner detection for submitted file 2->40 42 Binary is likely a compiled AutoIt script file 2->42 44 Machine Learning detection for sample 2->44 46 AI detected suspicious sample 2->46 7 osr730ky3m.exe 12 2->7         started        process3 signatures4 48 Binary is likely a compiled AutoIt script file 7->48 50 Found API chain indicative of sandbox detection 7->50 10 chrome.exe 9 7->10         started        13 chrome.exe 7->13         started        15 chrome.exe 7->15         started        process5 dnsIp6 34 192.168.2.17 unknown unknown 10->34 36 192.168.2.5, 443, 49704, 49705 unknown unknown 10->36 38 2 other IPs or domains 10->38 17 chrome.exe 10->17         started        20 chrome.exe 10->20         started        22 chrome.exe 6 10->22         started        24 chrome.exe 13->24         started        26 chrome.exe 15->26         started        process7 dnsIp8 28 www.google.com 142.250.185.132 GOOGLEUS United States 17->28 30 142.250.185.174 GOOGLEUS United States 17->30 32 17 other IPs or domains 17->32

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
osr730ky3m.exe75%ReversingLabsWin32.Spyware.Risepro
osr730ky3m.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://policies.google.com/terms/service-specific0%URL Reputationsafe
https://www.internalfb.com/intern/invariant/0%URL Reputationsafe
https://youradchoices.ca/0%URL Reputationsafe
https://apis.google.com/js/api.js0%URL Reputationsafe
https://fburl.com/wiki/xrzohrqb0%URL Reputationsafe
https://policies.google.com/privacy0%URL Reputationsafe
https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/eFZD1KABzRA.png0%URL Reputationsafe
https://optout.aboutads.info/0%URL Reputationsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=0&byteend=8250%Avira URL Cloudsafe
https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/441997224_449546051214555_5260019720502139937_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=hZGlU0omaAAQ7kNvgHfdoW5&_nc_ht=scontent-hou1-1.xx&oh=00_AYBKeUbr4JQNlIF3qIQBWI-0ajfoCIj1KBg8bAz59ZEoew&oe=668B32F00%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=916&byteend=187910%Avira URL Cloudsafe
https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/438220461_424871197194934_3396704185190857494_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=rYamK1Zi3UYQ7kNvgF_kTN7&_nc_ht=scontent-hou1-1.xx&oh=00_AYBC-JiaCx3bZCMFQ1PaIuHFgTdKR9QvXqhvkBZ_t8j1EA&oe=668B1B740%Avira URL Cloudsafe
https://video.xx.fbcdn.net/v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=826&byteend=9170%Avira URL Cloudsafe
https://play.google.com/work/enroll?identifier=0%Avira URL Cloudsafe
https://github.com/shaka-project/shaka-packager0%Avira URL Cloudsafe
https://policies.google.com/technologies/cookies0%Avira URL Cloudsafe
https://video.xx.fbcdn.net/v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=826&byteend=8930%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=0&byteend=8250%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=0&byteend=8250%Avira URL Cloudsafe
https://www.youtube.com/t/terms?chromeless=1&hl=0%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=826&byteend=9170%Avira URL Cloudsafe
https://video.xx.fbcdn.net/v/t39.25447-2/449694296_1560210191559240_4020235943818543510_n.mp4?_nc_cat=108&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=G_r6oeHwmwAQ7kNvgG6sqtC&_nc_ht=video-hou1-1.xx&oh=00_AYDS2eQw4y1eaYumABsQPAZWQpmI7avDCc5ri5ShKEtmDA&oe=668B3299&bytestart=0&byteend=8250%Avira URL Cloudsafe
https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=b&__rev=1014647652&__s=hnigsi%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C30%Avira URL Cloudsafe
https://static.xx.fbcdn.net/rsrc.php/v3/y_/r/EujyFHnNhhH.js?_nc_x=Ij3Wp8lg5Kz0%Avira URL Cloudsafe
https://video.xx.fbcdn.net/v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=826&byteend=8810%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449749398_919410706654359_5930299620981928735_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E2MCIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=rOrpAmpg2qEQ7kNvgHrh-6Y&_nc_ht=video-hou1-1.xx&oh=00_AYCTXVxhfNzeBOavxbvCAUwoD6y6ShLZHvezDgM-zVRHrg&oe=668B327F&bytestart=826&byteend=9050%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=874&byteend=484530%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=824&byteend=9150%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/448827281_1000449061755355_8485620690939993684_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=tmxMzlxytgsQ7kNvgGNvup2&_nc_ht=video-hou1-1.xx&oh=00_AYC3vkKp0JXb8qLN0MZER1vtR4PHP7zT3IQbzeobYJCQ2Q&oe=668B2530&bytestart=1228&byteend=146260%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=904&byteend=186040%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=940&byteend=186880%Avira URL Cloudsafe
https://video.xx.fbcdn.net/v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=824&byteend=10110%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/448827281_1000449061755355_8485620690939993684_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=tmxMzlxytgsQ7kNvgGNvup2&_nc_ht=video-hou1-1.xx&oh=00_AYC3vkKp0JXb8qLN0MZER1vtR4PHP7zT3IQbzeobYJCQ2Q&oe=668B2530&bytestart=824&byteend=12270%Avira URL Cloudsafe
https://video.xx.fbcdn.net/v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=0&byteend=8170%Avira URL Cloudsafe
https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/449712644_816422753527500_4620893420354803502_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=w3LX7afKrBsQ7kNvgEQ5S8s&_nc_ht=scontent-hou1-1.xx&oh=00_AYDgVlUrnI3YVIhnU4Rtviyi17Z7BWHmT7t4HLp7HtBchg&oe=668B44F50%Avira URL Cloudsafe
https://video.xx.fbcdn.net/v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=818&byteend=8730%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=906&byteend=5899050%Avira URL Cloudsafe
https://static.xx.fbcdn.net/rsrc.php/v3ieKI4/yR/l/en_GB/0bfveO1rdQO.js?_nc_x=Ij3Wp8lg5Kz0%Avira URL Cloudsafe
https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/449787338_1668205580611896_7394166591359421737_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=BUim_norTLQQ7kNvgEK7JpK&_nc_ht=scontent-hou1-1.xx&oh=00_AYDjf2G2a0j2jV1UdQewqITyeaa1J826aL0FRlEI43_NPw&oe=668B281B0%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449705054_491731483514107_4213972426740765497_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=sfLLDPkRnaYQ7kNvgEmsM24&_nc_ht=video-hou1-1.xx&oh=00_AYDKK53K9bXolIEERe7J3ZqtehB6VIGEfx1JVnAXC5q7jw&oe=668B388A&bytestart=824&byteend=9270%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=1012&byteend=186210%Avira URL Cloudsafe
https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/438062513_882312713691783_6862801772264223093_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=N3lYMSNitWIQ7kNvgFJ4H4B&_nc_ht=scontent-hou1-1.xx&oh=00_AYBi4m8b1qpd5xjF5VU1M1VoiLWeSG3SItPJ3m5NoUmPhg&oe=668B0E370%Avira URL Cloudsafe
https://www.youtube.com/account-o1&0%Avira URL Cloudsafe
https://scontent-hou1-1.xx.fbcdn.net/v/t39.30808-1/244246203_368581291613392_1417098440599807693_n.jpg?stp=c5.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=C0KcJBzniAAQ7kNvgH8NYBv&_nc_ht=scontent-hou1-1.xx&oh=00_AYBOIaa_lTmoE5spXLrfBA0gucmO5IeYRK-zCRENrcYdcQ&oe=668B3AE60%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=0&byteend=8230%Avira URL Cloudsafe
https://www.facebook.com/data/manifest/0%Avira URL Cloudsafe
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/VVfVcgNse_k7OBycsxKTmL-41uF-jEkcBzg4GbaorIyr8O0FwF42MYvlh6jit1ncqcXDV2hji4yzQ.js?_nc_x=Ij3Wp8lg5Kz0%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/448827281_1000449061755355_8485620690939993684_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=tmxMzlxytgsQ7kNvgGNvup2&_nc_ht=video-hou1-1.xx&oh=00_AYC3vkKp0JXb8qLN0MZER1vtR4PHP7zT3IQbzeobYJCQ2Q&oe=668B2530&bytestart=0&byteend=8230%Avira URL Cloudsafe
https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=a&__rev=1014647652&__s=hnigsi%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C30%Avira URL Cloudsafe
https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/441934308_773094221360767_7100231602105543691_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=U8gXjd1OGkIQ7kNvgEAX5RG&_nc_ht=scontent-hou1-1.xx&oh=00_AYC0Xmzs7bnhR3838ubHXK0x1IC-aQE4wMezNbiKTTs_MQ&oe=668B36FC0%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=0&byteend=8250%Avira URL Cloudsafe
https://static.xx.fbcdn.net/rsrc.php/v3/y5/r/16tMAVgIV_z.js?_nc_x=Ij3Wp8lg5Kz0%Avira URL Cloudsafe
https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/446046520_970955458109515_333034421707538801_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=RS0G25oWr9QQ7kNvgGxHCeo&_nc_ht=scontent-hou1-1.xx&oh=00_AYC-vaZU89WpZdj_BjufXnH3BeZBz93wiAZj1m38xs565g&oe=668B136D0%Avira URL Cloudsafe
https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/438227998_963705932159565_7340903352037785771_n.jpg?stp=dst-jpg_p296x100&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=1xjCnifaTkkQ7kNvgGL-gKy&_nc_ht=scontent-hou1-1.xx&oh=00_AYADlQRqzZ2P08jO-As9NPO_adR-6OwCkbxDjNJ2LcT8sA&oe=668B16B90%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=826&byteend=8930%Avira URL Cloudsafe
https://video.xx.fbcdn.net/v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=824&byteend=9630%Avira URL Cloudsafe
https://video.xx.fbcdn.net/v/t39.25447-2/449694296_1560210191559240_4020235943818543510_n.mp4?_nc_cat=108&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=G_r6oeHwmwAQ7kNvgG6sqtC&_nc_ht=video-hou1-1.xx&oh=00_AYDS2eQw4y1eaYumABsQPAZWQpmI7avDCc5ri5ShKEtmDA&oe=668B3299&bytestart=1014&byteend=451340%Avira URL Cloudsafe
https://static.xx.fbcdn.net/rsrc.php/v3/yb/r/7NqDjYL3eb9.png0%Avira URL Cloudsafe
https://video.xx.fbcdn.net/v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=826&byteend=8810%Avira URL Cloudsafe
https://scontent-hou1-1.xx.fbcdn.net/v/t39.30808-1/449321335_395689360177909_8550182580164337098_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=102&ccb=1-7&_nc_sid=50d2ac&_nc_ohc=_Xa0Uj6O_nMQ7kNvgGuNcWv&_nc_ht=scontent-hou1-1.xx&oh=00_AYAKGvx2DcfP2mtCRlf1OfbIssA3-V862UHeEWtcU2ZXbg&oe=668B1EAB0%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=918&byteend=1201100%Avira URL Cloudsafe
https://video.xx.fbcdn.net/v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=906&byteend=890680%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=826&byteend=9050%Avira URL Cloudsafe
https://static.xx.fbcdn.net/rsrc.php/v3iZ_a4/yg/l/en_GB/Ob6F3Vt7OqX.js?_nc_x=Ij3Wp8lg5Kz0%Avira URL Cloudsafe
https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/q8Uic1K195T.png0%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449705054_491731483514107_4213972426740765497_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=sfLLDPkRnaYQ7kNvgEmsM24&_nc_ht=video-hou1-1.xx&oh=00_AYDKK53K9bXolIEERe7J3ZqtehB6VIGEfx1JVnAXC5q7jw&oe=668B388A&bytestart=0&byteend=8230%Avira URL Cloudsafe
https://video.xx.fbcdn.net/v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=0&byteend=8230%Avira URL Cloudsafe
https://video.xx.fbcdn.net/v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=0&byteend=8230%Avira URL Cloudsafe
https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/441199429_890954462796791_2599688641654411968_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=Ci_SargI4XEQ7kNvgG7ebvt&_nc_ht=scontent-hou1-1.xx&oh=00_AYCzsrsVdh2wmh8OT3jXnKLtKOFIQPVdK7rNhsBe6xLOqw&oe=668B12FF0%Avira URL Cloudsafe
https://video.xx.fbcdn.net/v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=0&byteend=8230%Avira URL Cloudsafe
https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=j&__rev=1014647652&__s=%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C30%Avira URL Cloudsafe
https://www.youtube.com/accountcrosoft0%Avira URL Cloudsafe
https://static.xx.fbcdn.net/rsrc.php/v3i0Wo4/y4/l/en_GB/p2aYR2TDczj.js?_nc_x=Ij3Wp8lg5Kz0%Avira URL Cloudsafe
https://www.youtube.com/accountqn0%Avira URL Cloudsafe
https://video.xx.fbcdn.net/v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=0&byteend=8230%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=964&byteend=188490%Avira URL Cloudsafe
https://video.xx.fbcdn.net/v/t39.25447-2/449749398_919410706654359_5930299620981928735_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E2MCIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=rOrpAmpg2qEQ7kNvgHrh-6Y&_nc_ht=video-hou1-1.xx&oh=00_AYCTXVxhfNzeBOavxbvCAUwoD6y6ShLZHvezDgM-zVRHrg&oe=668B327F&bytestart=0&byteend=8250%Avira URL Cloudsafe
https://scontent-hou1-1.xx.fbcdn.net/v/t39.30808-1/289004470_580488300108017_2940314955690280756_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=FAMyFz7apqoQ7kNvgFhFiWn&_nc_ht=scontent-hou1-1.xx&oh=00_AYDHLxN6yljKnFv_vu2kY2lnm3xovL4hgUVuejOCJYaU0A&oe=668B2C890%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449749398_919410706654359_5930299620981928735_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E2MCIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=rOrpAmpg2qEQ7kNvgHrh-6Y&_nc_ht=video-hou1-1.xx&oh=00_AYCTXVxhfNzeBOavxbvCAUwoD6y6ShLZHvezDgM-zVRHrg&oe=668B327F&bytestart=0&byteend=8250%Avira URL Cloudsafe
https://static.xx.fbcdn.net/rsrc.php/v3iPlJ4/yd/l/en_GB/hZ5gcIcWbl3.js?_nc_x=Ij3Wp8lg5Kz0%Avira URL Cloudsafe
https://video.xx.fbcdn.net/v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=1012&byteend=186210%Avira URL Cloudsafe
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage0%Avira URL Cloudsafe
https://scontent-hou1-1.xx.fbcdn.net/v/t39.30808-1/433129071_935133255288704_3257703405738048815_n.jpg?stp=c0.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=otqXuLx_E1EQ7kNvgFnvvly&_nc_ht=scontent-hou1-1.xx&oh=00_AYA6D03wweMwBvay2J7uea18YYF9XZUEe_UiJceuZEtTMA&oe=668B235D0%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=894&byteend=838070%Avira URL Cloudsafe
https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/442058648_1390260634990350_3671320554231620569_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=YHyfjqs1T0kQ7kNvgGvisSS&_nc_ht=scontent-hou1-1.xx&oh=00_AYBYI33eJMZCXkexmSD0KK_SoAPEM1EGdCY5gNvWJYScLA&oe=668B1CF70%Avira URL Cloudsafe
https://static.xx.fbcdn.net/rsrc.php/v3i8xq4/ym/l/en_GB/DKP4VMyHWvT.js?_nc_x=Ij3Wp8lg5Kz0%Avira URL Cloudsafe
https://video.xx.fbcdn.net/v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=826&byteend=8930%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=894&byteend=3667210%Avira URL Cloudsafe
https://scontent-hou1-1.xx.fbcdn.net/v/t39.30808-1/347289288_940658950320773_5181046417556168232_n.jpg?stp=cp6_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=50d2ac&_nc_ohc=lUai_6JnLsUQ7kNvgGud4pc&_nc_ht=scontent-hou1-1.xx&oh=00_AYCZHvtcBsXaonrh2ASHSgFuSaMRue07RBVkGTtP2PHBEQ&oe=668B288F0%Avira URL Cloudsafe
https://static.xx.fbcdn.net/rsrc.php/v3iwLy4/yE/l/en_GB/ZpztLkU6jDd.js?_nc_x=Ij3Wp8lg5Kz0%Avira URL Cloudsafe
https://static.xx.fbcdn.net/rsrc.php/v3iWd-4/yP/l/en_GB/M-AHdbpN8xr.js?_nc_x=Ij3Wp8lg5Kz0%Avira URL Cloudsafe
https://play.google.com/log?format=json&hasfast=true&authuser=00%Avira URL Cloudsafe
https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/446068353_999612811433881_8854588659946229745_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=RpsbA1wn8ZwQ7kNvgGha4UO&_nc_ht=scontent-hou1-1.xx&oh=00_AYBZ922IFWTLq33N1-vRQM-jp4KhmslU9OrrRaAV8D7U4g&oe=668B1FE70%Avira URL Cloudsafe
https://policies.google.com/privacy/additional0%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=0&byteend=8230%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=818&byteend=8730%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449701410_474789018534823_132095418009423402_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=a4-7etsBSc0Q7kNvgGNQ-c5&_nc_ht=video-hou1-1.xx&oh=00_AYBddMuxclFe9RyZwMpsaRcIsWvTHMHPaUlXWSkfhVbxJg&oe=668B2AE3&bytestart=964&byteend=146830%Avira URL Cloudsafe
https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=8&__rev=1014647652&__s=hnigsi%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C30%Avira URL Cloudsafe
https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449705054_491731483514107_4213972426740765497_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=sfLLDPkRnaYQ7kNvgEmsM24&_nc_ht=video-hou1-1.xx&oh=00_AYDKK53K9bXolIEERe7J3ZqtehB6VIGEfx1JVnAXC5q7jw&oe=668B388A&bytestart=928&byteend=188630%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
star-mini.c10r.facebook.com
157.240.0.35
truefalse
    		unknown
    youtube-ui.l.google.com
    		142.250.185.78
    		truefalse
      		unknown
      scontent.xx.fbcdn.net
      		157.240.253.1
      		truefalse
        		unknown
        www3.l.google.com
        		142.250.186.110
        		truefalse
          		unknown
          play.google.com
          		142.250.186.46
          		truefalse
            		unknown
            scontent-hou1-1.xx.fbcdn.net
            		157.240.24.13
            		truefalse
              		unknown
              video.xx.fbcdn.net
              		157.240.252.22
              		truefalse
                		unknown
                www.google.com
                		142.250.185.132
                		truefalse
                  		unknown
                  video-hou1-1.xx.fbcdn.net
                  		157.240.24.20
                  		truefalse
                    		unknown
                    www.facebook.com
                    		unknown
                    		unknownfalse
                      		unknown
                      accounts.youtube.com
                      		unknown
                      		unknownfalse
                        		unknown
                        www.youtube.com
                        		unknown
                        		unknownfalse
                          		unknown
                          static.xx.fbcdn.net
                          		unknown
                          		unknownfalse
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=0&byteend=825false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=0&byteend=825false
                            • Avira URL Cloud: safe
                            		unknown
                            https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/438220461_424871197194934_3396704185190857494_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=rYamK1Zi3UYQ7kNvgF_kTN7&_nc_ht=scontent-hou1-1.xx&oh=00_AYBC-JiaCx3bZCMFQ1PaIuHFgTdKR9QvXqhvkBZ_t8j1EA&oe=668B1B74false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video.xx.fbcdn.net/v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=826&byteend=893false
                            • Avira URL Cloud: safe
                            		unknown
                            https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/441997224_449546051214555_5260019720502139937_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=hZGlU0omaAAQ7kNvgHfdoW5&_nc_ht=scontent-hou1-1.xx&oh=00_AYBKeUbr4JQNlIF3qIQBWI-0ajfoCIj1KBg8bAz59ZEoew&oe=668B32F0false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=916&byteend=18791false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video.xx.fbcdn.net/v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=826&byteend=917false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=0&byteend=825false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=826&byteend=917false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449749398_919410706654359_5930299620981928735_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E2MCIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=rOrpAmpg2qEQ7kNvgHrh-6Y&_nc_ht=video-hou1-1.xx&oh=00_AYCTXVxhfNzeBOavxbvCAUwoD6y6ShLZHvezDgM-zVRHrg&oe=668B327F&bytestart=826&byteend=905false
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=b&__rev=1014647652&__s=hnigsi%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C3false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video.xx.fbcdn.net/v/t39.25447-2/449694296_1560210191559240_4020235943818543510_n.mp4?_nc_cat=108&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=G_r6oeHwmwAQ7kNvgG6sqtC&_nc_ht=video-hou1-1.xx&oh=00_AYDS2eQw4y1eaYumABsQPAZWQpmI7avDCc5ri5ShKEtmDA&oe=668B3299&bytestart=0&byteend=825false
                            • Avira URL Cloud: safe
                            		unknown
                            https://static.xx.fbcdn.net/rsrc.php/v3/y_/r/EujyFHnNhhH.js?_nc_x=Ij3Wp8lg5Kzfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://video.xx.fbcdn.net/v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=826&byteend=881false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=874&byteend=48453false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=824&byteend=915false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/448827281_1000449061755355_8485620690939993684_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=tmxMzlxytgsQ7kNvgGNvup2&_nc_ht=video-hou1-1.xx&oh=00_AYC3vkKp0JXb8qLN0MZER1vtR4PHP7zT3IQbzeobYJCQ2Q&oe=668B2530&bytestart=1228&byteend=14626false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=904&byteend=18604false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=940&byteend=18688false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/448827281_1000449061755355_8485620690939993684_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=tmxMzlxytgsQ7kNvgGNvup2&_nc_ht=video-hou1-1.xx&oh=00_AYC3vkKp0JXb8qLN0MZER1vtR4PHP7zT3IQbzeobYJCQ2Q&oe=668B2530&bytestart=824&byteend=1227false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video.xx.fbcdn.net/v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=0&byteend=817false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video.xx.fbcdn.net/v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=824&byteend=1011false
                            • Avira URL Cloud: safe
                            		unknown
                            https://static.xx.fbcdn.net/rsrc.php/v3ieKI4/yR/l/en_GB/0bfveO1rdQO.js?_nc_x=Ij3Wp8lg5Kzfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=906&byteend=589905false
                            • Avira URL Cloud: safe
                            		unknown
                            https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/449712644_816422753527500_4620893420354803502_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=w3LX7afKrBsQ7kNvgEQ5S8s&_nc_ht=scontent-hou1-1.xx&oh=00_AYDgVlUrnI3YVIhnU4Rtviyi17Z7BWHmT7t4HLp7HtBchg&oe=668B44F5false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video.xx.fbcdn.net/v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=818&byteend=873false
                            • Avira URL Cloud: safe
                            		unknown
                            https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/449787338_1668205580611896_7394166591359421737_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=BUim_norTLQQ7kNvgEK7JpK&_nc_ht=scontent-hou1-1.xx&oh=00_AYDjf2G2a0j2jV1UdQewqITyeaa1J826aL0FRlEI43_NPw&oe=668B281Bfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449705054_491731483514107_4213972426740765497_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=sfLLDPkRnaYQ7kNvgEmsM24&_nc_ht=video-hou1-1.xx&oh=00_AYDKK53K9bXolIEERe7J3ZqtehB6VIGEfx1JVnAXC5q7jw&oe=668B388A&bytestart=824&byteend=927false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=1012&byteend=18621false
                            • Avira URL Cloud: safe
                            		unknown
                            https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/438062513_882312713691783_6862801772264223093_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=N3lYMSNitWIQ7kNvgFJ4H4B&_nc_ht=scontent-hou1-1.xx&oh=00_AYBi4m8b1qpd5xjF5VU1M1VoiLWeSG3SItPJ3m5NoUmPhg&oe=668B0E37false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=0&byteend=823false
                            • Avira URL Cloud: safe
                            		unknown
                            https://scontent-hou1-1.xx.fbcdn.net/v/t39.30808-1/244246203_368581291613392_1417098440599807693_n.jpg?stp=c5.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=C0KcJBzniAAQ7kNvgH8NYBv&_nc_ht=scontent-hou1-1.xx&oh=00_AYBOIaa_lTmoE5spXLrfBA0gucmO5IeYRK-zCRENrcYdcQ&oe=668B3AE6false
                            • Avira URL Cloud: safe
                            		unknown
                            https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/VVfVcgNse_k7OBycsxKTmL-41uF-jEkcBzg4GbaorIyr8O0FwF42MYvlh6jit1ncqcXDV2hji4yzQ.js?_nc_x=Ij3Wp8lg5Kzfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.google.com/favicon.icofalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.facebook.com/data/manifest/false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/448827281_1000449061755355_8485620690939993684_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=tmxMzlxytgsQ7kNvgGNvup2&_nc_ht=video-hou1-1.xx&oh=00_AYC3vkKp0JXb8qLN0MZER1vtR4PHP7zT3IQbzeobYJCQ2Q&oe=668B2530&bytestart=0&byteend=823false
                            • Avira URL Cloud: safe
                            		unknown
                            https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/441934308_773094221360767_7100231602105543691_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=U8gXjd1OGkIQ7kNvgEAX5RG&_nc_ht=scontent-hou1-1.xx&oh=00_AYC0Xmzs7bnhR3838ubHXK0x1IC-aQE4wMezNbiKTTs_MQ&oe=668B36FCfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=a&__rev=1014647652&__s=hnigsi%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C3false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=0&byteend=825false
                            • Avira URL Cloud: safe
                            		unknown
                            https://static.xx.fbcdn.net/rsrc.php/v3/y5/r/16tMAVgIV_z.js?_nc_x=Ij3Wp8lg5Kzfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/446046520_970955458109515_333034421707538801_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=RS0G25oWr9QQ7kNvgGxHCeo&_nc_ht=scontent-hou1-1.xx&oh=00_AYC-vaZU89WpZdj_BjufXnH3BeZBz93wiAZj1m38xs565g&oe=668B136Dfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/438227998_963705932159565_7340903352037785771_n.jpg?stp=dst-jpg_p296x100&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=1xjCnifaTkkQ7kNvgGL-gKy&_nc_ht=scontent-hou1-1.xx&oh=00_AYADlQRqzZ2P08jO-As9NPO_adR-6OwCkbxDjNJ2LcT8sA&oe=668B16B9false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=826&byteend=893false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video.xx.fbcdn.net/v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=824&byteend=963false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video.xx.fbcdn.net/v/t39.25447-2/449694296_1560210191559240_4020235943818543510_n.mp4?_nc_cat=108&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=G_r6oeHwmwAQ7kNvgG6sqtC&_nc_ht=video-hou1-1.xx&oh=00_AYDS2eQw4y1eaYumABsQPAZWQpmI7avDCc5ri5ShKEtmDA&oe=668B3299&bytestart=1014&byteend=45134false
                            • Avira URL Cloud: safe
                            		unknown
                            https://static.xx.fbcdn.net/rsrc.php/v3/yb/r/7NqDjYL3eb9.pngfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/eFZD1KABzRA.pngfalse
                            • URL Reputation: safe
                            		unknown
                            https://video.xx.fbcdn.net/v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=826&byteend=881false
                            • Avira URL Cloud: safe
                            		unknown
                            https://scontent-hou1-1.xx.fbcdn.net/v/t39.30808-1/449321335_395689360177909_8550182580164337098_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=102&ccb=1-7&_nc_sid=50d2ac&_nc_ohc=_Xa0Uj6O_nMQ7kNvgGuNcWv&_nc_ht=scontent-hou1-1.xx&oh=00_AYAKGvx2DcfP2mtCRlf1OfbIssA3-V862UHeEWtcU2ZXbg&oe=668B1EABfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=918&byteend=120110false
                            • Avira URL Cloud: safe
                            		unknown
                            https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/q8Uic1K195T.pngfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://video.xx.fbcdn.net/v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=906&byteend=89068false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=826&byteend=905false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449705054_491731483514107_4213972426740765497_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=sfLLDPkRnaYQ7kNvgEmsM24&_nc_ht=video-hou1-1.xx&oh=00_AYDKK53K9bXolIEERe7J3ZqtehB6VIGEfx1JVnAXC5q7jw&oe=668B388A&bytestart=0&byteend=823false
                            • Avira URL Cloud: safe
                            		unknown
                            https://static.xx.fbcdn.net/rsrc.php/v3iZ_a4/yg/l/en_GB/Ob6F3Vt7OqX.js?_nc_x=Ij3Wp8lg5Kzfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://video.xx.fbcdn.net/v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=0&byteend=823false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video.xx.fbcdn.net/v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=0&byteend=823false
                            • Avira URL Cloud: safe
                            		unknown
                            https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/441199429_890954462796791_2599688641654411968_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=Ci_SargI4XEQ7kNvgG7ebvt&_nc_ht=scontent-hou1-1.xx&oh=00_AYCzsrsVdh2wmh8OT3jXnKLtKOFIQPVdK7rNhsBe6xLOqw&oe=668B12FFfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://video.xx.fbcdn.net/v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=0&byteend=823false
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=j&__rev=1014647652&__s=%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C3false
                            • Avira URL Cloud: safe
                            		unknown
                            https://static.xx.fbcdn.net/rsrc.php/v3i0Wo4/y4/l/en_GB/p2aYR2TDczj.js?_nc_x=Ij3Wp8lg5Kzfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=964&byteend=18849false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video.xx.fbcdn.net/v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=0&byteend=823false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video.xx.fbcdn.net/v/t39.25447-2/449749398_919410706654359_5930299620981928735_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E2MCIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=rOrpAmpg2qEQ7kNvgHrh-6Y&_nc_ht=video-hou1-1.xx&oh=00_AYCTXVxhfNzeBOavxbvCAUwoD6y6ShLZHvezDgM-zVRHrg&oe=668B327F&bytestart=0&byteend=825false
                            • Avira URL Cloud: safe
                            		unknown
                            https://scontent-hou1-1.xx.fbcdn.net/v/t39.30808-1/289004470_580488300108017_2940314955690280756_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=FAMyFz7apqoQ7kNvgFhFiWn&_nc_ht=scontent-hou1-1.xx&oh=00_AYDHLxN6yljKnFv_vu2kY2lnm3xovL4hgUVuejOCJYaU0A&oe=668B2C89false
                            • Avira URL Cloud: safe
                            		unknown
                            https://static.xx.fbcdn.net/rsrc.php/v3iPlJ4/yd/l/en_GB/hZ5gcIcWbl3.js?_nc_x=Ij3Wp8lg5Kzfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449749398_919410706654359_5930299620981928735_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E2MCIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=rOrpAmpg2qEQ7kNvgHrh-6Y&_nc_ht=video-hou1-1.xx&oh=00_AYCTXVxhfNzeBOavxbvCAUwoD6y6ShLZHvezDgM-zVRHrg&oe=668B327F&bytestart=0&byteend=825false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video.xx.fbcdn.net/v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=1012&byteend=18621false
                            • Avira URL Cloud: safe
                            		unknown
                            https://scontent-hou1-1.xx.fbcdn.net/v/t39.30808-1/433129071_935133255288704_3257703405738048815_n.jpg?stp=c0.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=otqXuLx_E1EQ7kNvgFnvvly&_nc_ht=scontent-hou1-1.xx&oh=00_AYA6D03wweMwBvay2J7uea18YYF9XZUEe_UiJceuZEtTMA&oe=668B235Dfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/442058648_1390260634990350_3671320554231620569_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=YHyfjqs1T0kQ7kNvgGvisSS&_nc_ht=scontent-hou1-1.xx&oh=00_AYBYI33eJMZCXkexmSD0KK_SoAPEM1EGdCY5gNvWJYScLA&oe=668B1CF7false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=894&byteend=83807false
                            • Avira URL Cloud: safe
                            		unknown
                            https://static.xx.fbcdn.net/rsrc.php/v3i8xq4/ym/l/en_GB/DKP4VMyHWvT.js?_nc_x=Ij3Wp8lg5Kzfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://video.xx.fbcdn.net/v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=826&byteend=893false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=894&byteend=366721false
                            • Avira URL Cloud: safe
                            		unknown
                            https://static.xx.fbcdn.net/rsrc.php/v3iwLy4/yE/l/en_GB/ZpztLkU6jDd.js?_nc_x=Ij3Wp8lg5Kzfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://scontent-hou1-1.xx.fbcdn.net/v/t39.30808-1/347289288_940658950320773_5181046417556168232_n.jpg?stp=cp6_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=50d2ac&_nc_ohc=lUai_6JnLsUQ7kNvgGud4pc&_nc_ht=scontent-hou1-1.xx&oh=00_AYCZHvtcBsXaonrh2ASHSgFuSaMRue07RBVkGTtP2PHBEQ&oe=668B288Ffalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://static.xx.fbcdn.net/rsrc.php/v3iWd-4/yP/l/en_GB/M-AHdbpN8xr.js?_nc_x=Ij3Wp8lg5Kzfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=0&byteend=823false
                            • Avira URL Cloud: safe
                            		unknown
                            https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/446068353_999612811433881_8854588659946229745_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=RpsbA1wn8ZwQ7kNvgGha4UO&_nc_ht=scontent-hou1-1.xx&oh=00_AYBZ922IFWTLq33N1-vRQM-jp4KhmslU9OrrRaAV8D7U4g&oe=668B1FE7false
                            • Avira URL Cloud: safe
                            		unknown
                            https://play.google.com/log?format=json&hasfast=true&authuser=0false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=818&byteend=873false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449701410_474789018534823_132095418009423402_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=a4-7etsBSc0Q7kNvgGNQ-c5&_nc_ht=video-hou1-1.xx&oh=00_AYBddMuxclFe9RyZwMpsaRcIsWvTHMHPaUlXWSkfhVbxJg&oe=668B2AE3&bytestart=964&byteend=14683false
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=8&__rev=1014647652&__s=hnigsi%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C3false
                            • Avira URL Cloud: safe
                            		unknown
                            https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449705054_491731483514107_4213972426740765497_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=sfLLDPkRnaYQ7kNvgEmsM24&_nc_ht=video-hou1-1.xx&oh=00_AYDKK53K9bXolIEERe7J3ZqtehB6VIGEfx1JVnAXC5q7jw&oe=668B388A&bytestart=928&byteend=18863false
                            • Avira URL Cloud: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://play.google.com/work/enroll?identifier=chromecache_368.7.dr, chromecache_403.7.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://policies.google.com/terms/service-specificchromecache_368.7.dr, chromecache_403.7.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://github.com/shaka-project/shaka-packagerchromecache_238.7.dr, chromecache_211.7.dr, chromecache_258.7.dr, chromecache_195.7.dr, chromecache_216.7.dr, chromecache_192.7.dr, chromecache_276.7.dr, chromecache_220.7.dr, chromecache_373.7.dr, chromecache_384.7.dr, chromecache_268.7.dr, chromecache_187.7.dr, chromecache_398.7.dr, chromecache_363.7.dr, chromecache_407.7.dr, chromecache_208.7.dr, chromecache_202.7.dr, chromecache_245.7.dr, chromecache_246.7.dr, chromecache_311.7.dr, chromecache_207.7.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://policies.google.com/technologies/cookieschromecache_368.7.dr, chromecache_403.7.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.internalfb.com/intern/invariant/chromecache_325.7.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://www.youtube.com/t/terms?chromeless=1&hl=chromecache_368.7.dr, chromecache_403.7.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://youradchoices.ca/chromecache_379.7.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://apis.google.com/js/api.jschromecache_255.7.dr, chromecache_273.7.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://www.youtube.com/account-o1&osr730ky3m.exe, 00000000.00000002.2022919712.0000000001948000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://fburl.com/wiki/xrzohrqbchromecache_285.7.dr, chromecache_200.7.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://policies.google.com/privacychromecache_403.7.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://optout.aboutads.info/chromecache_379.7.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://www.youtube.com/accountcrosoftosr730ky3m.exe, 00000000.00000002.2022919712.000000000196D000.00000004.00000020.00020000.00000000.sdmp, osr730ky3m.exe, 00000000.00000003.2021404919.000000000196D000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.youtube.com/accountqnosr730ky3m.exe, 00000000.00000002.2022919712.0000000001948000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessagechromecache_368.7.dr, chromecache_403.7.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://policies.google.com/privacy/additionalchromecache_368.7.dr, chromecache_403.7.drfalse
                            • Avira URL Cloud: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            142.250.186.46
                            		play.google.comUnited States
                            		15169GOOGLEUSfalse
                            142.250.185.78
                            		youtube-ui.l.google.comUnited States
                            		15169GOOGLEUSfalse
                            157.240.24.20
                            		video-hou1-1.xx.fbcdn.netUnited States
                            		32934FACEBOOKUSfalse
                            31.13.71.14
                            		unknownIreland
                            		32934FACEBOOKUSfalse
                            157.240.0.6
                            		unknownUnited States
                            		32934FACEBOOKUSfalse
                            142.250.186.110
                            		www3.l.google.comUnited States
                            		15169GOOGLEUSfalse
                            157.240.252.35
                            		unknownUnited States
                            		32934FACEBOOKUSfalse
                            157.240.252.13
                            		unknownUnited States
                            		32934FACEBOOKUSfalse
                            142.250.186.78
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            157.240.0.35
                            		star-mini.c10r.facebook.comUnited States
                            		32934FACEBOOKUSfalse
                            142.250.185.132
                            		www.google.comUnited States
                            		15169GOOGLEUSfalse
                            239.255.255.250
                            		unknownReserved
                            		unknownunknownfalse
                            142.250.185.174
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            157.240.253.1
                            		scontent.xx.fbcdn.netUnited States
                            		32934FACEBOOKUSfalse
                            157.240.24.13
                            		scontent-hou1-1.xx.fbcdn.netUnited States
                            		32934FACEBOOKUSfalse

                            Private

                            IP
                            192.168.2.17
                            192.168.2.6
                            192.168.2.5

                            General Information

                            Joe Sandbox version:40.0.0 Tourmaline
                            Analysis ID:1466960
                            Start date and time:2024-07-03 15:46:06 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 5m 46s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:15
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:osr730ky3m.exe
                            renamed because original name is a hash value
                            Original Sample Name:12f94033d272f341426a6e2afa2937218346cd79960592ed2d7d79d22335ffc9.exe
                            Detection:MAL
                            Classification:mal64.evad.winEXE@36/385@44/18
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:
                            • Successful, ratio: 96%
                            • Number of executed functions: 33
                            • Number of non-executed functions: 317
                            Cookbook Comments:
                            • Found application associated with file extension: .exe

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 216.58.212.131, 142.250.110.84, 172.217.18.14, 34.104.35.123, 142.250.186.131, 142.250.181.227, 216.58.212.138, 172.217.16.202, 142.250.186.42, 142.250.184.234, 142.250.184.202, 172.217.18.10, 142.250.186.170, 172.217.23.106, 216.58.212.170, 142.250.186.106, 142.250.186.138, 142.250.185.74, 142.250.186.74, 172.217.16.138, 142.250.181.234, 216.58.206.74, 142.250.185.106, 172.217.18.106, 142.250.185.170, 142.250.185.138, 64.233.184.84, 173.222.108.226, 192.229.221.95, 142.250.184.227, 108.177.15.84, 93.184.221.240, 142.250.185.206
                            • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com
                            • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size exceeded maximum capacity and may have missing network information.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • VT rate limit hit for: osr730ky3m.exe

                            Simulations

                            Behavior and APIs

                            No simulations

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            239.255.255.250https://uglb4.roperelo.com/caGPey/Get hashmaliciousUnknownBrowse
                              https://hr.economictimes.indiatimes.com/etl.php?url=https://hr.economictimes.indiatimes.com/etl.php?url=//maansaa.com/new/auth//xp8tpwsulfhjn/%2F/YW5keS5ncmVmcmF0aEBrcHMuY29tGet hashmaliciousHTMLPhisherBrowse
                                https://url7304.disco-mailer.net/ls/click?upn=u001.DWLeRfOXStcSaUNphm6ZnGquuezyvOF0FIuLMCSCrIQ9t3e8n3fjexKHJjVTV-2BQUFT1dnxR3BcyXaxz-2BblhjX71zswvTIlAGm31luuFhJgeOGXb3dn9Itq74-2Fe-2BlKg-2Bs0-2F4odRns7kSdvfqBhyqSbrYsnPmx4SeDwlRdlhHbM3UucitnipcwJ1gR7h8DzOIUWsvEslHUA8FsNTNWtsq3Q-2FU-2FPeBtGbo-2Fx3kgcXxAZuE-3DPmkq_5KlZmZKASPtIpYbHU6HHQmxS-2FHe3g010GX01BBBmlalJnMdBClXoEYQADKPWInqgHw-2B5921oa-2Fum9DxIHV8wgOarlsOnYJwzp6I2lNDfeCQdFcL55956QetBM0U9iihLLCXzc7MWVFcQDUwnaU8PUgQFrTwK63nQhJu8ngVllYSJR-2BUamfX7Ej8Gpp4vMWsL8t65JTtpjdFVQ36IgP-2B2LxLYSj9SfdmLAt97TCVXHWn7xANKqYpl-2BYx09SetkszDOjJuUV9L9bqZ-2FbmClOsUrPLylG74RJ8zQAREr7-2BUktmlWKoc8C7oqqTOKv340mZnTc-2FztCVjFgPMm1Bz5lR5AptUVEvvSBboXVGluKKoNkkMFkS-2BmNybyD3Aa-2BX8UZ5sGet hashmaliciousHTMLPhisherBrowse
                                  https://www.evernote.com/shard/s371/sh/f041cc04-2eb8-11e1-1279-c0c24914207a/LWhD3rgdQ5xR5t--iDOJ7P-MUkYVUhgRq62dC8LVzLZOnctWRKJm5hEzqgGet hashmaliciousHTMLPhisherBrowse
                                    https://liga-rosta.rest/Get hashmaliciousUnknownBrowse
                                      https://drive.google.com/file/d/1hoYv9TPKcR0hItoqz6dLm86GrOGkF9F7/viewGet hashmaliciousUnknownBrowse
                                        CBlg4Jy7gR.exeGet hashmaliciousUnknownBrowse
                                          http://beonlineboo.comGet hashmaliciousUnknownBrowse
                                            https://us-west-2.protection.sophos.com/?d=office.com&u=aHR0cHM6Ly9mb3Jtcy5vZmZpY2UuY29tL2UvOU5MNkVlc25GTEtSSzdrNmI0SW96bldPM3cyaFJFP293bGE9VHEwOWpLMkI=&i=NjIwNmM1MTE2ZjQ1OTkxM2Q5ZWQzZDYz&t=NlBkb3BHbGhXWHVKVGZIZHpDVjBnTGFBQnp3MDB0Z29sMGlIMy9VS0czOD0=&h=2cf113948c5f4474a880ebb55f313d62&s=AVNPUEhUT0NFTkNSWVBUSVY_vrZFZs2MARay2KUc6hybDJzgfHJ9UMRyeYT7Hri8SyBEUVdk1gh1uXBCWcOcZ-yKC1pbcrpkCZ0eHh-04oGo3dGuqDeoCVB8UFxrrxyncAGet hashmaliciousUnknownBrowse
                                              https://kdftoiturescom.sharepoint.com/:f:/s/Public/EiJsAXrCZntIvTidUnkdk68B9BO58WCESI-JRSxpXut8mQ?e=5%3aDy13C9&at=9&xsdata=MDV8MDJ8bW5hZGVhdTJAc3FpLmdvdXYucWMuY2F8MTFlZGY3MWU5M2M0NDBjZTRmYzEwOGRjOWFjYmM5MjZ8YzRjZWI1N2Y3ZGY3NDFkMThiOTdhODUwNDhiOGU5NWV8MHwwfDYzODU1NTQ0NzI1ODU2Nzg2NnxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=ZnAvNUFualYyN0tLODVxUFB1eTNHc3hVNWNPU05tK1g1VzQxZ2xJMlhnOD0%3d&clickparams=eyAiWC1BcHBOYW1lIiA6ICJNaWNyb3NvZnQgT3V0bG9vayIsICJYLUFwcFZlcnNpb24iIDogIjE2LjAuMTc1MzEuMjAxOTAiLCAiT1MiIDogIldpbmRvd3MiIH0%3DGet hashmaliciousHTMLPhisherBrowse

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                video.xx.fbcdn.netCBlg4Jy7gR.exeGet hashmaliciousUnknownBrowse
                                                • 157.240.253.2
                                                https://t.co/2dNESf0PrbGet hashmaliciousUnknownBrowse
                                                • 157.240.252.22
                                                4iKF4KJpOY.exeGet hashmaliciousUnknownBrowse
                                                • 157.240.0.3
                                                http://www.bcluxuryauto.comGet hashmaliciousUnknownBrowse
                                                • 157.240.253.2
                                                http://viewtoday.co.za/wp-content/uploads/2019/08/afrihost-h-fc-rgb-01.pngGet hashmaliciousUnknownBrowse
                                                • 157.240.252.22
                                                http://www.itbcbuffalonation.orgGet hashmaliciousUnknownBrowse
                                                • 157.240.252.22
                                                https://is.gd/Drz8uTGet hashmaliciousUnknownBrowse
                                                • 157.240.251.2
                                                https://aguleri.blog/Get hashmaliciousUnknownBrowse
                                                • 157.240.0.3
                                                7cY0lb621E.exeGet hashmaliciousUnknownBrowse
                                                • 157.240.0.3
                                                S1hHTcLgm2.exeGet hashmaliciousUnknownBrowse
                                                • 157.240.251.2

                                                ASNs

                                                No context

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                1138de370e523e824bbca92d049a3777https://hr.economictimes.indiatimes.com/etl.php?url=https://hr.economictimes.indiatimes.com/etl.php?url=//maansaa.com/new/auth//xp8tpwsulfhjn/%2F/YW5keS5ncmVmcmF0aEBrcHMuY29tGet hashmaliciousHTMLPhisherBrowse
                                                • 23.1.237.91
                                                https://liga-rosta.rest/Get hashmaliciousUnknownBrowse
                                                • 23.1.237.91
                                                https://drive.google.com/file/d/1hoYv9TPKcR0hItoqz6dLm86GrOGkF9F7/viewGet hashmaliciousUnknownBrowse
                                                • 23.1.237.91
                                                https://u6071375.ct.sendgrid.net/ls/click?upn=u001.jNebCYco-2BJgBMGJDj1kJWP39IKixFvDeSBij1PLovvXT0hkMSWjEhuIEgwQ-2F309CwGFmoY6-2Bl45VLW7K9Sd8-2Fg-3D-3Dm1D8_bgsmQmhs-2BDkrnAcljUiGIti1-2F3303-2FliL2Lyr586-2FN9rAlBFKILfRyjObk6Iz5-2FtMSxC-2FhiWOZXbqnmzeZXBiy3CSpPIYxz2-2BTcFMtFX6z-2FFKaL9cuMNNsd9H8Soth9M-2BiGwIhw5kRyphke6a8RYyV0rtdDONsX7lNk6Cr796v-2FIJZ8nzBJ39o6b-2FDySakEM-2B9nvScrgUWzDogJp7LxfPQ-3D-3DGet hashmaliciousHTMLPhisherBrowse
                                                • 23.1.237.91
                                                https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFhSZp6GshBFVdVLEzBsru52fhlDAZ8Q3OfCA-2F-2Bk2qB9l25yp_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZM3qYZS8WARR8FVyg-2FqvoINWytiD-2FheyMDzu6v-2BoRt5KWyPoztbWkeGPmxB3DyZYTb9a0dAMPLFunr2Ay3ayAFAAvKLYcNXJh5TbSbsyQLthHxBhJhxiFX8keWC7AD3Hw3SgmU-2Be6lkIQuq7tgnHL9CbCr8GEaIyKgtaL1D3uFR7kdAbCakzZIHLBzzIP6uu3b9lr3L70N6m-2FPL5vz2WpJ-2B4Z2WkXjdKV6CAWTeZlidHHDlZecGQIcrIqiWGF6jpeY-3D#Dsonya.buzzard@aggregate.comGet hashmaliciousUnknownBrowse
                                                • 23.1.237.91
                                                Novolog (Pharm-Up 1966) LTD_SKM_C590368369060_417161.pdfGet hashmaliciousHTMLPhisherBrowse
                                                • 23.1.237.91
                                                https://gitlab.com/mydocuments3/cv/-/raw/main/curriculum-vitae.vbs?inline=falseGet hashmaliciousUnknownBrowse
                                                • 23.1.237.91
                                                https://esg-frontend-service.livelybush-ffb58a47.northeurope.azurecontainerapps.io/Get hashmaliciousUnknownBrowse
                                                • 23.1.237.91
                                                https://bombeirosamora-my.sharepoint.com/:o:/g/personal/geral_comando_bombeirosamora_pt/EqT53jeWO6ZGkv1O_1FowosB2CSGfrKDmTZiEPPt31Ds7g?e=5%3aGFx4a1&at=9Get hashmaliciousHTMLPhisherBrowse
                                                • 23.1.237.91
                                                https://www.itanhangasaude.com.br/www/1475312998d8aKqdmPdPNJZi4JNq7WIowwvYGOvuIT___714820ufgtMx5cBwKyVuzlJn3VAYy1QdJUF0IuhCb1EFSueBwxxR9n7T4VNMSyrZd9kcF9rD67v2lJn3VufgtMP8xfiVl9n3IuhCbR9n7Tx5cBw4VNMSx5cBwi3vtsVl9n3MryfS1EFSuufgtMi3vts7O1AR408519___47741237d8aKqdmPdPNJZi4JNq7WIowwvYGOvuITGet hashmaliciousHTMLPhisherBrowse
                                                • 23.1.237.91
                                                28a2c9bd18a11de089ef85a160da29e4https://hr.economictimes.indiatimes.com/etl.php?url=https://hr.economictimes.indiatimes.com/etl.php?url=//maansaa.com/new/auth//xp8tpwsulfhjn/%2F/YW5keS5ncmVmcmF0aEBrcHMuY29tGet hashmaliciousHTMLPhisherBrowse
                                                • 13.85.23.86
                                                • 23.43.61.160
                                                https://url7304.disco-mailer.net/ls/click?upn=u001.DWLeRfOXStcSaUNphm6ZnGquuezyvOF0FIuLMCSCrIQ9t3e8n3fjexKHJjVTV-2BQUFT1dnxR3BcyXaxz-2BblhjX71zswvTIlAGm31luuFhJgeOGXb3dn9Itq74-2Fe-2BlKg-2Bs0-2F4odRns7kSdvfqBhyqSbrYsnPmx4SeDwlRdlhHbM3UucitnipcwJ1gR7h8DzOIUWsvEslHUA8FsNTNWtsq3Q-2FU-2FPeBtGbo-2Fx3kgcXxAZuE-3DPmkq_5KlZmZKASPtIpYbHU6HHQmxS-2FHe3g010GX01BBBmlalJnMdBClXoEYQADKPWInqgHw-2B5921oa-2Fum9DxIHV8wgOarlsOnYJwzp6I2lNDfeCQdFcL55956QetBM0U9iihLLCXzc7MWVFcQDUwnaU8PUgQFrTwK63nQhJu8ngVllYSJR-2BUamfX7Ej8Gpp4vMWsL8t65JTtpjdFVQ36IgP-2B2LxLYSj9SfdmLAt97TCVXHWn7xANKqYpl-2BYx09SetkszDOjJuUV9L9bqZ-2FbmClOsUrPLylG74RJ8zQAREr7-2BUktmlWKoc8C7oqqTOKv340mZnTc-2FztCVjFgPMm1Bz5lR5AptUVEvvSBboXVGluKKoNkkMFkS-2BmNybyD3Aa-2BX8UZ5sGet hashmaliciousHTMLPhisherBrowse
                                                • 13.85.23.86
                                                • 23.43.61.160
                                                https://liga-rosta.rest/Get hashmaliciousUnknownBrowse
                                                • 13.85.23.86
                                                • 23.43.61.160
                                                https://drive.google.com/file/d/1hoYv9TPKcR0hItoqz6dLm86GrOGkF9F7/viewGet hashmaliciousUnknownBrowse
                                                • 13.85.23.86
                                                • 23.43.61.160
                                                CBlg4Jy7gR.exeGet hashmaliciousUnknownBrowse
                                                • 13.85.23.86
                                                • 23.43.61.160
                                                http://beonlineboo.comGet hashmaliciousUnknownBrowse
                                                • 13.85.23.86
                                                • 23.43.61.160
                                                https://us-west-2.protection.sophos.com/?d=office.com&u=aHR0cHM6Ly9mb3Jtcy5vZmZpY2UuY29tL2UvOU5MNkVlc25GTEtSSzdrNmI0SW96bldPM3cyaFJFP293bGE9VHEwOWpLMkI=&i=NjIwNmM1MTE2ZjQ1OTkxM2Q5ZWQzZDYz&t=NlBkb3BHbGhXWHVKVGZIZHpDVjBnTGFBQnp3MDB0Z29sMGlIMy9VS0czOD0=&h=2cf113948c5f4474a880ebb55f313d62&s=AVNPUEhUT0NFTkNSWVBUSVY_vrZFZs2MARay2KUc6hybDJzgfHJ9UMRyeYT7Hri8SyBEUVdk1gh1uXBCWcOcZ-yKC1pbcrpkCZ0eHh-04oGo3dGuqDeoCVB8UFxrrxyncAGet hashmaliciousUnknownBrowse
                                                • 13.85.23.86
                                                • 23.43.61.160
                                                https://lnkd.in/exwPeXjcGet hashmaliciousHTMLPhisherBrowse
                                                • 13.85.23.86
                                                • 23.43.61.160
                                                https://hr.economictimes.indiatimes.com/etl.php?url=https:**Ahr.economictimes.indiatimes.com*etl.php*url=**Ayrtdtrdtyuikmmoix.pages.dev**Aemail=bWphY2tzb25AdHFsLmNvbQ==__;Ly8vPy8vIz8!!HkjQSg!xM0xOkWiB4abX6VJj84K1M3pVXJBP_GNPKTGuCBQdGUHkKmAbpL4OU1gL4uMAa_niGNzFWaU4aO2SbOw3s8pm3wmWgo$Get hashmaliciousUnknownBrowse
                                                • 13.85.23.86
                                                • 23.43.61.160
                                                https://inpzk.useringimportdulcimer.ink/?=vxkncwole9Get hashmaliciousHTMLPhisherBrowse
                                                • 13.85.23.86
                                                • 23.43.61.160

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:46:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2677
                                                Entropy (8bit):3.9771408347753745
                                                Encrypted:false
                                                SSDEEP:48:8vd/T3jBHHidAKZdA19ehwiZUklqeh+y+3:8N/vhy
                                                MD5:505CDDC25084024D571CED04158CDC76
                                                SHA1:2D66761887985E49F3A70358FB8BF5C0C44B3068
                                                SHA-256:2797257DF214F9DF26B01F9B026EA47348A9BA2BEDFF77475DC268C943B7D96F
                                                SHA-512:52E697D1D2CA815EAF734F86D9A9730642975E959A15DFB56AAB678BFCAD8EF7693305928D6CC94924FB01350251102A8316C3EBB5A77818275471C26E0D715E
                                                Malicious:false
                                                Reputation:low
                                                Preview:L..................F.@.. ...$+.,.......yO...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............cs.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:46:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2679
                                                Entropy (8bit):3.9880192258619083
                                                Encrypted:false
                                                SSDEEP:48:8Yd/T3jBHHidAKZdA1weh/iZUkAQkqehRy+2:8g/V9Qoy
                                                MD5:62D60464FE06700DD372D81054B51011
                                                SHA1:2ACC2F4837623833C7B4C9FBD801FB41E029ACBB
                                                SHA-256:7F41B00E3BE1D7416AC6D27A05567B8F61DFEFBB2DBD12ED4B786C3FC32DB6C3
                                                SHA-512:B2E35E0111CFB92839AD8C780A7E359EAFC29D0EA8116AED8BDB7C8920F49F0D482ACD33D822BF821FC1D022C13B19D44B794A693041296D907E096334467952
                                                Malicious:false
                                                Reputation:low
                                                Preview:L..................F.@.. ...$+.,....0w.yO...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............cs.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2693
                                                Entropy (8bit):4.003252355041641
                                                Encrypted:false
                                                SSDEEP:48:8xUd/T3jsHHidAKZdA14tseh7sFiZUkmgqeh7sby+BX:8x8/ynly
                                                MD5:E1084F1A8BCA849D6A0635894248AAEF
                                                SHA1:F90AEA627EAF1779D8939AE21C3B81B14B0371E3
                                                SHA-256:EC6C51EC7EE6F7ED859DDE8588B23203C7140D3B2C6D6BBE3C65AD304FA2B6CA
                                                SHA-512:436EAB7FEE644F294D7295CDE00AAA73C89B64A5DDE7C3FA53084349493E87B08F939F9425AB41A976BF7E589A6070834EEC20CBE4D127512AA66BB5DF94B451
                                                Malicious:false
                                                Reputation:low
                                                Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............cs.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:46:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2681
                                                Entropy (8bit):3.9902934100768994
                                                Encrypted:false
                                                SSDEEP:48:8MUd/T3jBHHidAKZdA1vehDiZUkwqehNy+R:89/2Dy
                                                MD5:CD3B7E71B71A9682D9D9D4143FDB6397
                                                SHA1:DC4252976C0FDAD4C2DBB19A97F9780A931A6A95
                                                SHA-256:3523774419C8E80ABEA1C1DE30E184181A9BB03CBF2DA5F24D001F4FA7D2E3EB
                                                SHA-512:A1CF54F099CAC4B9BA209A52EC2DF3BFB3F23F7B4F87CB5F38C1DA99A589664F58EEE62525F96E67FFDA47DC4572E5750499A9D19AA4CBEF190D4EE6E94B32DE
                                                Malicious:false
                                                Reputation:low
                                                Preview:L..................F.@.. ...$+.,.....P.yO...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............cs.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:46:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2681
                                                Entropy (8bit):3.97687402275164
                                                Encrypted:false
                                                SSDEEP:48:8ad/T3jBHHidAKZdA1hehBiZUk1W1qeh/y+C:8u/W9fy
                                                MD5:CDD4F3D0918DD05C8B28107444F55631
                                                SHA1:00ACE3AAD35C628FA60F4D3BAB82E1F22217B352
                                                SHA-256:9C3F33322BDB713D9841D800B474F5024DFC2DAD7FA6E4A41C1B3FF5AFDB5344
                                                SHA-512:0FC605F59AE6EA196775986270E58A75378BD48877F4BD8A09F225E518F4D3A405321C04BA6D8729A2160664B549C261A2D4E54C119C1C6F72E53183E48E251D
                                                Malicious:false
                                                Reputation:low
                                                Preview:L..................F.@.. ...$+.,.......yO...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............cs.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 12:46:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2683
                                                Entropy (8bit):3.98644160508935
                                                Encrypted:false
                                                SSDEEP:48:837d/T3jBHHidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbly+yT+:8J/oT/TbxWOvTbly7T
                                                MD5:A23D14DFFE519D0D1302707EB26CCB9C
                                                SHA1:CB66830B0454F25DBE2851461C9BBC1EE48AB90C
                                                SHA-256:FCAF246D86F4F2A05DDDC63757E31D37D8C17FD3071DADF5BC6BFD086F652238
                                                SHA-512:FC5C62DFE64DAD8383BF2C416568E9BAFA3C9F26183C2A9F373CDC09051611F47F1EA3B3B565AA2ABF4DBBEEA1E2ECC6248E0B915992927B3CE0FE2D913400EB
                                                Malicious:false
                                                Reputation:low
                                                Preview:L..................F.@.. ...$+.,....li.yO...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............cs.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                Chrome Cache Entry: 180

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):13720
                                                Entropy (8bit):7.864513802682525
                                                Encrypted:false
                                                SSDEEP:192:xjbdumLRWEVu7Rp8XL1MSDEN8ab2uXMEvP9JYBFYnqshKpv6hbMJMckw3lVepBy9:hdu60Vp871MR8DlwP9JY/Yqs05kmKTZA
                                                MD5:EA0A58BF372F62A3D595A4043D7142D9
                                                SHA1:E7C7F8B8A789B556E7648C93210FA16ED39253B6
                                                SHA-256:8D6A26C42602BA6FAABD0119AE27BD78F089285240693DC05BE7D4FC5A251733
                                                SHA-512:E5E7D7CCAF0192AD0000FFAE794298929798095F5AC53049B6D5E9F70519022D9A9230A75B08B1CA847EE40388A1A83381C5E5D472E43A2958E86472BC1D3E6E
                                                Malicious:false
                                                Preview:...4moof....mfhd............traf....tfhd...*....................tfdt............trun...........<...........o...x...[...c...w...h...`...a...:...9...>...................................................!.......%...H...S...H...E...0...*...5................................................sbgp....roll..............4dmdat!!E..P.F..A].....p`...................................................................................................................................................................................................................................................................!M........},..*...UB4....8....s......sSg........>..>.g1....@.8..d......c...;..$..BD.B|B.9......Rh].....u.%n/f..{.<...@x.....|..X...$...`.b......C.H&&.'4..a{..k....d;0._j..O.rT}.'.q.....h.....Y...! .N.&........[.iY...c.|..j.6...z.....sSg...2.=..a.....p..N.........Q.ZZZ^!z.....aP..SvT..r.P,..T..P.#..6..#O...#..M............../.b.?@.de...w..?.....fi...T..J.Zn?.u...;=.e..q.j.._.....LV...

                                                Chrome Cache Entry: 181

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):826
                                                Entropy (8bit):3.5180132696972732
                                                Encrypted:false
                                                SSDEEP:12:LuA47S0U5hXSkouwKJRLrv9ZEckp2hU5kOcRS+xtEqC95I10HZ/UY:LuAUS0JnKJL1hjVRS+eI1
                                                MD5:191F4AB024431AB44353859FBE16B843
                                                SHA1:4B442BC28664B047231967FE6648CAB67232089F
                                                SHA-256:8CD59B412DEE3910F6DD17D293828FAA203AD6A5D85167E7301C03C4FB8B79A8
                                                SHA-512:E315D928D7CD0684F354E5BB8D1DBF3FA76AECB936B16D9DDCA17E70DE62FD9E094B6869B2ECEA62035BB6C65E1BFCFDCB5911100E778CCD4C135A7C57EB8D85
                                                Malicious:false
                                                Preview:...(ftypmp41....iso8isommp41dashav01cmfc....moov...lmvhd......O..O..<.....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd......O..O............................................................@..............vmdia... mdhd......O..O..<.....U......-hdlr........vide............VideoHandler....!minf...$dinf....dref............url ........stbl....stsd............av01.............................H...H.........AOM Coding.............................av1C.........,.?./....$....colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 182

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):826
                                                Entropy (8bit):3.4937874048299005
                                                Encrypted:false
                                                SSDEEP:12:LuA47S0aXSkouwKJRLrv96ckth3OcRS+xtEKt95I10HZ/e:LuAUS0VnKJLoh3VRS+3ZI1
                                                MD5:BC36F9F1A1CEE3B3F85869D46579F017
                                                SHA1:4D60D81546B94209011F7937FC731ED97C25F5D5
                                                SHA-256:3224DD02F0602618130387538A9CC4EE7BA2EBCAE74995D82A87F44CCD028D84
                                                SHA-512:E621B6A030A7A5C33592CEEBB72F91C16150BD2FED1B22A903A227C1B9723E83BDA50B785D5A9C9D424D0BCD0C5B5DC3677FD6F3B8A1894DC9685CE9E958EBE0
                                                Malicious:false
                                                Preview:...(ftypmp41....iso8isommp41dashav01cmfc....moov...lmvhd.....n'.n'..<.....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd.....n'.n'............................................................@....@.........vmdia... mdhd.....n'.n'..<.....U......-hdlr........vide............VideoHandler....!minf...$dinf....dref............url ........stbl....stsd............av01.........................@...H...H.........AOM Coding.............................av1C.........$...._....H....colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 183

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (1192)
                                                Category:downloaded
                                                Size (bytes):96558
                                                Entropy (8bit):5.542959034430961
                                                Encrypted:false
                                                SSDEEP:1536:h5K9QgDoJZFMZZMR3Du4JnSyg/FyO7D4yQFPA0tEFHvnAwDyHK:K9rYFjDu4Jnzg/AO7hWPA0tE9vGHK
                                                MD5:E020446EC64C78D8127C8E4D0C8D08DB
                                                SHA1:6447A74183CD590FAB25C008E60F838D09BF12E1
                                                SHA-256:32779135C0EC086DA69B2DC597A8620CAEE8E104E079B5A02D98A8676712577E
                                                SHA-512:08348FAF64E033574D45446D75B8DFA01EE111C0FEE508ECE2E685C7C4986B833594279BD681E5DA2A02C5FB27DF039DF7E9751BB63A115AF4D3BB0688EA7659
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.tJAV7vL1l6c.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAAJYBMgM/d=1/exm=AvtSve,CMcBD,EFQ78c,EN3i8d,F6sNGb,Fndnac,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,eVCnO,gJzDyc,hc6Ubd,inNHtf,lRrMHd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qmdT9,r1n9ec,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHSmMVe3EF2eQKql4kfMC1M0jwtog/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,qPfo0c,yRXbo,bTi8wc,ywOR5c,PHUIyb"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ltDFwf");.var jxb=_.y("ltDFwf");var CU=function(a){_.K.call(this,a.Fa);var b=this.oa();this.xb=this.Sa("P1ekSe");this.mb=this.Sa("cQwEuf");this.da=b.getData("progressvalue").number(0);this.ja=b.getData("buffervalue").number(1);this.Ca=b.Cb("B6Vhqe");this.Oa=b.Cb("juhVM");this.wa=b.Cb("D6TUi");this.aa=b.Cb("qdulke");this.La=this.da!==0;this.Ka=this.ja!==1;this.Ga=[];this.ea=_.is(this).Vb(function(){this.Ga.length&&(this.Ga.forEach(this.g$,this),this.Ga=[]);this.La&&(this.La=!1,this.xb.rb("transform","scaleX("+this.da+")"));this.Ka&&.(this.Ka=!1,this.mb.rb("transform","scaleX("+this.ja+")"));_.er(b,"B6Vhqe",this.Ca);_.er(b,"D6TUi",this.wa);_.er(b,"juhVM",this.Oa);_.er(b,"qdulke",this.aa)}).build();this.ea();_.Fg&&_.is(this).Vb(function(){b.tb("ieri7c")}).Fe().build()();_.bA(this.oa().el(),this.Ta.bind(this))};_.B(CU,_.K);CU.Ba=_.K.Ba;.CU.prototype.Ta=function(a,b){kxb(this

                                                Chrome Cache Entry: 184

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):824
                                                Entropy (8bit):3.4428088002720307
                                                Encrypted:false
                                                SSDEEP:12:AS4AHXSkouwKJRLrtX9gDZkF/lAFA/m+ZWFyKaQS5I10Lrw8NPtR/qM:ASwnKJxgse+Z2S5I1aHZ6
                                                MD5:97DAF6517F4C4837268F4F117D1546F6
                                                SHA1:7AF0803B1D67F9B8102881B567DBD61973317457
                                                SHA-256:78E36DBDE3B81561C58C7A25AADE0EED837F613EE512C98C7BD1627E8A4211B4
                                                SHA-512:0F5ED95508B78F950F168DC5BCE2D4839ECC64D144F2B28452B8441AA2998D0B73F4596F040EE4019C1202825509F858451FDF7F29A85648887C3F90E083895F
                                                Malicious:false
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd.....-.-...D....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd.....-.-............................................................@..............Tmdia... mdhd.....-.-...D....U......-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a.........................D.....)esds...........@..............+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd.....)0.... trex........................

                                                Chrome Cache Entry: 185

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:dropped
                                                Size (bytes):42758
                                                Entropy (8bit):7.941701758582908
                                                Encrypted:false
                                                SSDEEP:768:3ZsumsUQOI7K8YOmnP6e+Eqzoj0mVcswv0pEblYtxx/HjIIrEs6L:3ZsumsoI7XV4CrLUSlMEYtxZDFrENL
                                                MD5:221C3B1C4F37E7A4C1646FB78E50EE29
                                                SHA1:7456E3DC57A75F61C04CFBA1BDE2E3CBCCC65808
                                                SHA-256:182247AC44477DBE25AD226ABF6C7CBBC308931E023EC807F26AA5FE068409C6
                                                SHA-512:5FF4496087F9EDCD8BFB6C73FBC6E0110115F30539CB0AE690DCFE0D6D40EA54D4C842C11A4DFC626AF746D4C2B4C0CFD959B87D5A1B01F25505487F6C182FA3
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f010000691600006b360000b9370000d7380000b9500000966e0000c5740000f27600000579000006a70000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."...........................................................................................................................................................................................................................................................................................................................................................................TQQEE..TP..TQQEE..TQQEE..TQQEE............=..~.9._...................z...4+...u.u.8.^9.^9.^9...u.u.u.9.\9.]...]..:........:..:..:.|.^..$.x..U..<[....g..5},M...Q..O.C...T.d..z..A.:.+..u.^M..M.K.z......<.^....9.6..zA...^........\.cQ..........zs.....#...y..)..3..6...[.d.u....t:...d.q...8.K.q....J........>.....-.

                                                Chrome Cache Entry: 186

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):80
                                                Entropy (8bit):2.3894383268210744
                                                Encrypted:false
                                                SSDEEP:3:rBltIlyzW/hCv1n6bF:Vl2yi/hC8bF
                                                MD5:0C1FCCD4BF726E228F4B48F6BDC46798
                                                SHA1:42D7EAC7FA0361C55F200BDE7363B105F2ABC08A
                                                SHA-256:547D030799405E91B9EF57B68132E0301BB83EE90EBE2ADD386D8D296C0C1297
                                                SHA-512:671016BCAC0D7A58FF2634E96FD1F96D26A8967CCF5692CEB0CAE8B66321751A093826147B143F4752C0538B683B75D4CA1E394F3713F795B2CD479C2B64F519
                                                Malicious:false
                                                Preview:...Psidx..........<...............Xc..,...........,.......!...,.......B{..$.....

                                                Chrome Cache Entry: 187

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):824
                                                Entropy (8bit):3.4626747454307254
                                                Encrypted:false
                                                SSDEEP:12:ASOtJXSkouwKJRLrtX9iZkF/xt42/INA/m+ZWFyKmMQoK5I10Lrw8NPtR/QQO:ASOWnKJx5xj/m+Z/b5I1aHZgQ
                                                MD5:AD764EB7638168DDA857CE117D7BEB83
                                                SHA1:1A33C347B74A13CD33813693B43773B5B1654B86
                                                SHA-256:110E620D87DB081EB8F0FF88C9063C522B84E5338CF4600DC66361A170656EF1
                                                SHA-512:7CE65A6C791AD67A59B74704B4297AC4387BD681232F317558426C4FCCCC2B41DEC3A34007C35C678AF288B709452DBBDEA37A2E9761CE9A255B385A6289C1E5
                                                Malicious:false
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd..................................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd......................................................................@..............Tmdia... mdhd.........................-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a...............................)esds...........@..............+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 188

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (777)
                                                Category:downloaded
                                                Size (bytes):7624
                                                Entropy (8bit):5.356859202879639
                                                Encrypted:false
                                                SSDEEP:192:mnwTgK8AwrKbbW8UFBlkU+/IrlQFsq1o98fYlp2PDYGym4nV9U:9ZwrKbaV/38xW8jn
                                                MD5:23ED78C00699D0EF97404A3901525DD3
                                                SHA1:09125039F07B8B3DE33761BFEBB4E0754AEA6738
                                                SHA-256:B21A2E0BD7B733D42DB2FBC676E0710D00CF95491967ED46C8A204605DBFDA29
                                                SHA-512:22AE4F4142F19399EE8C5ACF4EED70F9D91C41E3BB138522F340684CBA2C4E1FFF5233950DC9328861F79970ACABE2F5A28B396392AA72AD1A92429D61425D67
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.tJAV7vL1l6c.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAAJYBMgM/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EN3i8d,F6sNGb,FCpbqb,Fndnac,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,VwDzFe,WhJNk,Wt6vjf,YHI3We,YTxL4,YgOFye,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,hhhU8,iAskyc,inNHtf,lRrMHd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,r1n9ec,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHSmMVe3EF2eQKql4kfMC1M0jwtog/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.ENa=_.y("wg1P6b",[_.Nx,_.Hl,_.Ol]);._.k("wg1P6b");.var K2a=function(a,b){b=b||_.Ha;for(var c=0,d=a.length,e;c<d;){var f=c+(d-c>>>1);var g=b(0,a[f]);g>0?c=f+1:(d=f,e=!g)}return e?c:-c-1},L2a=function(a,b){for(;b=b.previousSibling;)if(b==a)return-1;return 1},M2a=function(a,b){var c=a.parentNode;if(c==b)return-1;for(;b.parentNode!=c;)b=b.parentNode;return L2a(b,a)},N2a=function(a,b){if(a==b)return 0;if(a.compareDocumentPosition)return a.compareDocumentPosition(b)&2?1:-1;if("sourceIndex"in a||a.parentNode&&"sourceIndex"in a.parentNode){var c=a.nodeType==.1,d=b.nodeType==1;if(c&&d)return a.sourceIndex-b.sourceIndex;var e=a.parentNode,f=b.parentNode;return e==f?L2a(a,b):!c&&_.lh(e,b)?-1*M2a(a,b):!d&&_.lh(f,a)?M2a(b,a):(c?a.sourceIndex:e.sourceIndex)-(d?b.sourceIndex:f.sourceIndex)}d=_.ah(a);c=d.createRange();c.selectNode(a);c.collapse(!0);a=d.createRange();a.selectNode(b);a.colla

                                                Chrome Cache Entry: 189

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (574)
                                                Category:downloaded
                                                Size (bytes):3477
                                                Entropy (8bit):5.499342889552936
                                                Encrypted:false
                                                SSDEEP:96:oIByrBKfKVHcikUJFtlPMETAKv78pUCCjIw:INKS/vP3hv7mUbZ
                                                MD5:E18219F32F2747C14548BCFEE58B13CD
                                                SHA1:85307A7D3376A623245EB21D245B8BC4FA481908
                                                SHA-256:6479CFCD0C8840DD31DA0C55F596BDA37C28074517B5F063F5A5830EC27D0280
                                                SHA-512:EFE83897B3C1EE154EA3C14B3FFB4C242C065303F3F5A3DFA3E6E26C154B44509FE8E580D2402553CCDFABACEDD3F000FAC9171E861BBF22E6D56C5A6355CF47
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.tJAV7vL1l6c.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAAJYBMgM/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EN3i8d,F6sNGb,Fndnac,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,VwDzFe,YHI3We,YTxL4,YgOFye,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,lRrMHd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,r1n9ec,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHSmMVe3EF2eQKql4kfMC1M0jwtog/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("Wt6vjf");.var jua=function(){var a=_.ge();return _.Bi(a,1)};var wq=function(a){this.Ea=_.t(a,0,wq.messageId)};_.B(wq,_.v);wq.prototype.Ha=function(){return _.ti(this,1)};wq.prototype.Za=function(a){return _.Ki(this,1,a)};wq.messageId="f.bo";var xq=function(){_.Fk.call(this)};_.B(xq,_.Fk);xq.prototype.Yc=function(){this.BP=!1;kua(this);_.Fk.prototype.Yc.call(this)};xq.prototype.aa=function(){lua(this);if(this.nA)return mua(this),!1;if(!this.xR)return yq(this),!0;this.dispatchEvent("p");if(!this.hL)return yq(this),!0;this.fJ?(this.dispatchEvent("r"),yq(this)):mua(this);return!1};.var nua=function(a){var b=new _.An(a.J0);a.iM!=null&&_.Ml(b,"authuser",a.iM);return b},mua=function(a){a.nA=!0;var b=nua(a),c="rt=r&f_uid="+_.Sg(a.hL);_.jl(b,(0,_.vf)(a.ea,a),"POST",c)};.xq.prototype.ea=function(a){a=a.target;lua(this);if(_.ml(a)){this.hH=0;if(this.fJ)this.nA=!1,this.dispatchEvent

                                                Chrome Cache Entry: 190

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):82914
                                                Entropy (8bit):7.981827036276602
                                                Encrypted:false
                                                SSDEEP:1536:jsadz4+i0deJ/p+qcyzPseUzdQP0m7A9ZKxQvZlcXbPWidT3HVDjcaM:zdzo0GpEyzPseUzG8/9ZiQvjcXb5dLVO
                                                MD5:D39929994E9E51796FF424A0EE12E3A0
                                                SHA1:786E1DE94019CEBB0B814BA807D5B4C890ACAA7A
                                                SHA-256:67016F31D33D6EC923AF81D00F2C1F6BA43CD6FEFE7378FD0940B21AC50E9427
                                                SHA-512:114BD9E3DE48A00662315B65AE591E85D37547AF786D8B7C434407C2BA9FBD562497CD9E2137A8719563C26119C8EFBA6DAA65E8F61BA2715A4CF309D4320865
                                                Malicious:false
                                                Preview:....moof....mfhd............traf....tfhd...*....................tfdt...........ptrun..................'4...g.......A.......&.......t...............K...............*.......>.......).......~...............!.......................)...............I.......................M.......Q.......%.......D...............M...............2.......`....... .......n.......!...............%.......9.......s.......................................................................................\...............>...............................................................................................]...............)..............!........................v.......................v.......K.......................P..A&mdat.....$.7._2...H2.N...i...D........ ....m.. .wp......y.%.#0.P.?lW..A...}P^.&......e..m.z...c..i...#_.....F...Q.J.>...*'Y!.....I.j5....r".5..p......B8n.d?.>...t2.F9@x..j..-K.ge..B8..Ph...o..~]..H.DcRYI..ig..........~.y?.....b.)W...l....Nd.....n.]u.{...,...E......By...U.i..S&...s&C.].

                                                Chrome Cache Entry: 191

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 25 x 523, 8-bit colormap, non-interlaced
                                                Category:dropped
                                                Size (bytes):3471
                                                Entropy (8bit):7.355139633660245
                                                Encrypted:false
                                                SSDEEP:96:U6xkFjp9qd3J3T7vtjMayOJkppIwD3tSi:UblqdtT7FcOCpP
                                                MD5:FD9E384EFF31A8A747FD6511657CCE5B
                                                SHA1:C445137F8BBA478C8363A086156E5EA559D8BFAF
                                                SHA-256:7DD239ACD6DB6D4474ABFEF0637CD7ACD2B2EAE000A05F22A2F6A8D658A8D9F3
                                                SHA-512:F53E6B5CFF98105C8115CF6C1A677895930D864F890E46CA30B2ADEAAF95A48B976C8FD944A81412BB3F9C837CC02438BAF97D0F31A2A2EFEB22A8027D3B2E98
                                                Malicious:false
                                                Preview:.PNG........IHDR.............*.......PLTEGpL...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................tRNS.Z.>.......$."...Nt.d...J......@....\..8.......(...&|.D.*lXP....,....f..V..j...<..`.2...BZ.FT..4.vH.R..n.p.^.~.r. 0L.....b...8..6.",....hD..x|x...:..$....:. ....v..\.z.p...jn...h.H..Y...XIDATx^...w.F...K...v.b.E.K...+Q....X.-7.....8.o.f.l.....w...0.f....$'.9...p...$M...8O.......N..}_.x..^....q...4.-.b..R#..&...M....(M..}.n..by..".......d...`I...2". .bF.&....Ql..1l..U%.

                                                Chrome Cache Entry: 192

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):826
                                                Entropy (8bit):3.5057593003377163
                                                Encrypted:false
                                                SSDEEP:12:LuA47SFXSkouwKJRLrv9W1ckp2VOcRS+xtEqy95I10HZ/i:LuAUSwnKJLBVVRS+OI1
                                                MD5:FC1E726542FFC4C1919F9AD38CF6EF7A
                                                SHA1:B1E52AF6D074EC43B153ADE3AD83DD51DF155F74
                                                SHA-256:27AF84BF7D4C3223768B979FFCD3347D73BB667B55B233213AAD939EBB524CDF
                                                SHA-512:9A7D0E79F3F62E8DB67311192E0F90B92178A05E2DA4391F272EFD83ED42540ED1186C1E4A6FAB58B7CE7535009661987A198E01EC2CC9D06012DA8AF6C14E5D
                                                Malicious:false
                                                Preview:...(ftypmp41....iso8isommp41dashav01cmfc....moov...lmvhd.....~b.~b..<.....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd.....~b.~b............................................................@..............vmdia... mdhd.....~b.~b..<.....U......-hdlr........vide............VideoHandler....!minf...$dinf....dref............url ........stbl....stsd............av01.............................H...H.........AOM Coding.............................av1C.........,.?./....$....colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd......F.... trex........................

                                                Chrome Cache Entry: 193

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                Category:dropped
                                                Size (bytes):1757
                                                Entropy (8bit):7.15507358509442
                                                Encrypted:false
                                                SSDEEP:24:gqd9Ls7c1sppvw/IG2xhgnNXRFiCp1eO0ibCO9U/mQ6qagATkyi94/vEVhxk4+tq:g1iWxw/IvxkPZLbC7ggATkyPih7t
                                                MD5:62805DF35C64AA776CF1B75413C1F44D
                                                SHA1:06E9B93E9AA882196B26546062924EA405CDBC4A
                                                SHA-256:7DF172AF15B748E67513520C34508B0D28088CC0F2D3A028A52782126058DAA3
                                                SHA-512:9C246945A04A52DE537F07AE7C5EA677AE24B20FA9E00D5426B4A06B70C670181CC700EB7D178D3F09B9D9A0A8885C2502AAE4C08198A32AC1D20B3DF2168290
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e010000e80100008e020000e90200003a03000001040000c0040000000500005a050000a4050000dd060000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."............................................................................. uF..R.....9.8$....T.....,.L.....(\....T..S....].f.....l:.i..4.+...#.............................!.#2............U..2<........n..<.P[..H.8......g.AM.Z.{..G.n.....Z.....X..l...Vr.b/.S.....|.Flomk.:...(..7=...G.6...............$..........................2!"#13Qb........?.........@}-4..7E..[.._#>.J....#..]..(...l.R.So|?..........................!..1"2........?..~#...).;e^...bQ..{)Ggg.1....+........................!1QA.#23q.. "Bab.........?..SV..?x..f.Q.op`p}T.l.a....'..;Qc.8..,.F.....Po..G.w.TC.>.co.4..Gf....S....a.Q.m..........k.|.h..8....+.;=_..Z.:.*.E7'..z;q>...ReE........X.....$.........

                                                Chrome Cache Entry: 194

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                Category:downloaded
                                                Size (bytes):8442
                                                Entropy (8bit):7.8704276048287
                                                Encrypted:false
                                                SSDEEP:192:deYaHD8Vi+ZDDahnHmbgbL/qQ7fDukX8jN9c/O8/o4:dB8eiIbgX/qwfuH2
                                                MD5:9A414DDFF01FA83E99C386F6F43E33D6
                                                SHA1:DAC109062475A09BB4784DD5BD233B022E19BA1B
                                                SHA-256:F9A165ED1782DD6FD2877828D4182C0EEDAC42379AFD8D0530BF8D5F4B53C193
                                                SHA-512:4F1332FD6A54BA0B0A5769AD877849EED72020FCB5AEDCEE5CE206B29B9960BBE5FC26AE954C1AFF67C869117364745CAAB06CBF8042A70854398057249407B0
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/442047941_1143827496886141_2522773122118489220_n.jpg?stp=dst-jpg_p206x206&_nc_cat=111&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=3Q6K75JvDH0Q7kNvgGw2m2C&_nc_ht=scontent-hou1-1.xx&oh=00_AYCpsU3kmE5FznHDq06GSeIOfyiLtf4bDK23nfUESJPDSQ&oe=668B10CD
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e0100005b040000140800006b080000fe080000290f00003515000048160000c61600005b170000fa200000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n....".............................................................................H..............................................u.c.t.....g...s...:..(....q@...Y..}/...ya.m..z[.4v}.............<..C.........f`..........F>...OE..r.1.|.Y..D$Bd........6..!"2H.6'N.R..[tK3.d.2.^fd....\.~...y.....r...'f.,....V..S,r...um.....J.yr.=..D.sD..de1..).e0......ji._.......{.*is.v..M.Wt.,..n.......$L...A.j.o2.#....B..9..?I7)..f$.,s.=.g-)...2Fd.A..FYa.[..n...K...x..wD.g..-..y..g......,"..rlc1g.p=?....'..MN./....T.I..{,..r...}.*Z..4.....M...q.0.W...m.4.Cv...Ouo..Z...]>.....F.cYv.7N.n. .e|.p..k...Cw@..UsI......-.......&.....8..-.O!..].!'[.|.q._3......z..:........O.../~?..

                                                Chrome Cache Entry: 195

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):824
                                                Entropy (8bit):3.455065918560999
                                                Encrypted:false
                                                SSDEEP:12:ASZXSkouwKJRLrtX9iZkF/kA/m+ZWFyKaQi5I10Lrw8NPtR/c+:AS8nKJx56+Z2i5I1aHZ
                                                MD5:190FF87CAC2E07307F79BF720DC9140C
                                                SHA1:2D878383F5C9885DA7A6E68DFB6DA39405DB09F0
                                                SHA-256:3B977E09CE3D2903F33EB14562E9084A938A1ADEF35F1505C3459A442E74896E
                                                SHA-512:F395BD0C410BF3962D48440BFA71D83DA5EBDDD3C29C72CEB09DA92DF47BBA74F8A49012D9B3CB74482E493BB4823B206B62339CBAE5A91091D4E6F146CD40A5
                                                Malicious:false
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd...........D....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd....................................................................@..............Tmdia... mdhd...........D....U......-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a.........................D.....)esds...........@..............+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd...... .... trex........................

                                                Chrome Cache Entry: 196

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:BS image, Version 30820, Quantization 26995, (Decompresses to 0 words)
                                                Category:dropped
                                                Size (bytes):56
                                                Entropy (8bit):2.2408024126583173
                                                Encrypted:false
                                                SSDEEP:3:jBltIlm5jjrH:9l2m5HrH
                                                MD5:BA8425D1A8F72E12D541D7239CD7865D
                                                SHA1:C0685B67728A7746EE80AC1E4840E31089650071
                                                SHA-256:76A513A028E09C39CF56A9688BC1BC64108B14BCFD2EA2DB370F29DBE0219988
                                                SHA-512:12FD95FA3DE19985DE5DC5015178C7300A167A420D3A6F1F24CCAF5BFD6B946E23CD16DE3E94545B0854F02B61AEA3359BF0155DFD8E7A0D02D6EFA07DFFA6AE
                                                Malicious:false
                                                Preview:...8sidx..........<...................,.......N.........

                                                Chrome Cache Entry: 197

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:downloaded
                                                Size (bytes):33544
                                                Entropy (8bit):7.933515346032863
                                                Encrypted:false
                                                SSDEEP:768:NURJ6XTdnzSbxpHSfS23+yYMgu5zGfAjnofMNHqTJbtsNz1:N+J6DdnzSbxpH9Y+9MNCAD/sTJ6h
                                                MD5:39E7CA102A71D8DE8CBBC909A46EC44B
                                                SHA1:BE337412D3917A3532FB0C628801993DEF0491D2
                                                SHA-256:B35AD5E63D46863F3015DABB80F2D2145918659976C29D285926993ACF0B03EA
                                                SHA-512:BE8AE898B6A2EF07B1E480FA56449986EC5F4DDFE5B4FD508A0B2A5BB4C3D2EA6F28A09210FCFF562BC4947A3DC32D584E882A3319CB1010964FA27ED782F0E8
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/442087186_999319485526623_3702523058544328049_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=ysDgVWmhzsgQ7kNvgFJCUSV&_nc_ht=scontent-hou1-1.xx&oh=00_AYD6KPcaHZ_5J2vWme9cMQRf1tgAcyjbvd2Uq3kX6dUMTQ&oe=668B1809
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f0100000a1700000a2c0000df2d00005a2f0000a03b00008f510000c3570000af5a00006a5d000008830000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."............................................................................................................................................................................................................................................................................................................................................................................................................................./.>............OD.....^.......n/h<g...y..9..x..5............_.4<.:G;...G..w.<......=).S.....i...y.CY..mz..}+.[>/_c&....[.....!._...}.....)...=.u....M.:..........Z..d>...xx.OG|..Y.N..c..@.........]..Dx.a.<.}X.o..[.8]=....O........5....M..8]..lp....W..<...q....r.".7ty

                                                Chrome Cache Entry: 198

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):68
                                                Entropy (8bit):2.6696022575517366
                                                Encrypted:false
                                                SSDEEP:3:HBltTMXlkqMlzJlon:hlDqTn
                                                MD5:2F415E4A48775B38987AB796EDE45963
                                                SHA1:FCC02F828057446B1DE7B781DB316A771E2A7D85
                                                SHA-256:ACDF9CCCCF696C6F865A3E53BF6A35B8F597F18AA3569D8FF9334127CDBA7F96
                                                SHA-512:C899F92D0B1DE01EC5120766B021CB7AE7B8B74BE922C48616626CB1D709F965A55C720EC0AEE5741FDFAB35A90662443960DB26D2C83113C8DECC1F74DF1AAC
                                                Malicious:false
                                                Preview:...Dsidx..........u/..............C...I...........I.................

                                                Chrome Cache Entry: 199

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):824
                                                Entropy (8bit):3.45814995487565
                                                Encrypted:false
                                                SSDEEP:12:AShXSkouwKJRLrtX9JkZkF/EA/m+ZWFyKaQi5I10Lrw8NPtR/JG:ASEnKJxJ7a+Z2i5I1aHZ
                                                MD5:342A232004182339BE9BB973569AF78E
                                                SHA1:0D63AF4B99D241885970413F94C177FE5F545ED7
                                                SHA-256:1BEA1922769A7430053138AB8539BDC152F9F0165355D06F946D26F560A37333
                                                SHA-512:0BA38CD51FB3E5DB9B8C50B6E52E426AA604D4CC54C6400B2C02EC8DBC75EF3F6A9C79C16EF45998221ED20FB9A09D4E55E35203790CF90DA23F5312ACF0D7C6
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=0&byteend=823
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd...........D....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd....................................................................@..............Tmdia... mdhd...........D....U......-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a.........................D.....)esds...........@.......t...t..+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd......#.... trex........................

                                                Chrome Cache Entry: 200

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (6328)
                                                Category:downloaded
                                                Size (bytes):346217
                                                Entropy (8bit):5.381081775773796
                                                Encrypted:false
                                                SSDEEP:3072:fXm9zrAtQPUFGkXgXlYomAGgK9A2PfcrnHUGOFnGWMCOZOzyAQFvEVk0HdybW3I7:fJQPUUWgXlYom3nqKkBbWWx
                                                MD5:514EDA2B1375D112DE02685FD40CC529
                                                SHA1:E0FC8607225D76AF40CEAE39590314B931035CC0
                                                SHA-256:63E4B95499307D60411F797275DEF841CCCAE4C1B9E82E03DFDB779CDBB96080
                                                SHA-512:156EF5BBAB0613FE6217BC987ACA59C8E91DDE70CB585C652AB911D1CDABC15CA404688E1EA97610522A5FEAA75E23C744609C8F297B7E9C73FC56C6F09E791C
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3iBwS4/yw/l/en_GB/56unmhkIrehtInlbCaeLql9s9enP8ua4RYWxmlUS2FbnWfnZ8Xxo1m0k6TrftXaUSlLhKwLpm5VBVuwwDateX8xhraCBbnW2FYj8xP1iPn3AFm3SuHlNAdJkm.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/..__d("MinGapType",["$InternalEnum"],(function(a,b,c,d,e,f){a=b("$InternalEnum")({UNKNOWN:0,ORGANIC:1,ENGAGEMENT:2,FIXED_POSITION:3,PROMOTION:4,SPONSORED:5,END_OF_FEED_CONTENT:6,FB_STORIES:7,HIGH_VALUE_PROMOTION:8,FB_STORIES_ENGAGEMENT:9,PYMK:10,SHOWCASE:11,FB_SHORTS:12,TRENDING:13,IFR:14,ENGAGEMENT_QP:15,GROUPS_TAB_UNCONNECTED:16,END_OF_FEED_REELS:17,FRIEND_REQUESTS:18,FB_SHORTS_FALLBACK:19});c=a;f["default"]=c}),66);.__d("AdsExtremeGapUtils",["gkx"],(function(a,b,c,d,e,f,g){"use strict";var h=3,i=6;function a(a,b){if(b!==5)return!1;b=c("gkx")("23035");if(!b)return!1;b=j(a,0);return b>i}function j(a,b){if(a.length===0||b>i)return b;var c=a.length,d=k(a);if(d===-1)return b;return c-d<=h?j(a.slice(0,d),b+1):b}function k(a){for(var b=a.length-1;b>=0;b--)if(a[b].minGapType===5)return b;return-1}g.EXTREME_GAP_DISTANCE=h;g.shouldApplyExtremeGapProtection=a;g.getLastSponsoredStoryPosition=k}),98);.__d("CometAdsProductLoggingFalcoEvent",["FalcoLoggerInternal","getFalcoLogPoli

                                                Chrome Cache Entry: 201

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 10 x 10, 8-bit/color RGB, non-interlaced
                                                Category:downloaded
                                                Size (bytes):79
                                                Entropy (8bit):4.71696959175789
                                                Encrypted:false
                                                SSDEEP:3:yionv//thPlH1tnt/tAhHGZscm1olkqCwbp:6v/lhP6hHDcZCYp
                                                MD5:8DC258A49B60FAE051E9A7CE11AD05CF
                                                SHA1:DAFEF280663F4205FC7F0E47799E9945E6A68D6D
                                                SHA-256:C8CAED93847AFFC154CB3D424E34FC146E7340BB29ABEBD5EBA7063E3DCA0604
                                                SHA-512:5F11ED60D79A80EF7CCEFFA907CD55F31D8DB19BD2A7F4C2650C62A355C5071C5FB61DA1EB0A2071CE22ECDC35C0D12F51E4D13AAC3B0FDB95ED4629815B5AFB
                                                Malicious:false
                                                URL:https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png
                                                Preview:.PNG........IHDR..............PX.....IDAT.Wc...0a.!..)....A,....Zl....IEND.B`.

                                                Chrome Cache Entry: 202

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):824
                                                Entropy (8bit):3.463762848528104
                                                Encrypted:false
                                                SSDEEP:12:ASNXSkouwKJRLrtX9OZkF/C/INA/m+ZWFyKaQi5I10Lrw8NPtR/B:AS4nKJxtC/m+Z2i5I1aHZ
                                                MD5:52006BFA036FB66D4B1ABA4E92B8F6CB
                                                SHA1:7CE7793647295B32EDB9E8FCAEC124C99EC15E3D
                                                SHA-256:E12CB70EA6B7061BACFBE6957370A65803B4CD62FDCBCBBFD8AA2EE805C82ED0
                                                SHA-512:30AB05E5A5F022ECCFB0A5C8E474EF2492A8B66422FCF10D94FCAC65F8FFF189F45A9C1CC88B8E7CAC6C60086029B21AA41C9D54C557A2106E0915B56095A950
                                                Malicious:false
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd.............D....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd......................................................................@..............Tmdia... mdhd.............D...........-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a.........................D.....)esds...........@..............+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd.......... trex........................

                                                Chrome Cache Entry: 203

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (4975)
                                                Category:downloaded
                                                Size (bytes):23416
                                                Entropy (8bit):5.433690538619997
                                                Encrypted:false
                                                SSDEEP:384:Br67RYZAqd9Ou/gVrr4efaNJiJMeMElTJgNT5NPtxUMv:4YZbd9oVn4tQ73Jk
                                                MD5:FD8B3B29D91E85DE56FABE886983F606
                                                SHA1:69BAB971039AE104B6B7EFED38F29343C2BD3A1F
                                                SHA-256:50ECD1FFF5A987FDB990A444DFA9A6361E368C6124FC67D304A4A72AE10903B6
                                                SHA-512:BB1CA0D76EEFD1F502490CEF0FFB33CFEA5650DBD0F7E2B5F837BE88D1C7432241BFA02F9266F8A7212C97B4BF5A0FC74DA4D904F44D1762732CD3BCDE5231FC
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3ieKI4/yR/l/en_GB/0bfveO1rdQO.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/..__d("ArrowLeftOutline24.svg.react",["react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||d("react");function a(a){return i.jsxs("svg",babelHelpers["extends"]({viewBox:"0 0 24 24",width:"1em",height:"1em",fill:"currentColor"},a,{children:[a.title!=null&&i.jsx("title",{children:a.title}),a.children!=null&&i.jsx("defs",{children:a.children}),i.jsx("g",{fillRule:"evenodd",transform:"translate(-444 -204)",children:i.jsxs("g",{fillRule:"nonzero",children:[i.jsx("path",{d:"M99.78 56.78a.75.75 0 0 0-1.06-1.06l-6.25 6.25a.75.75 0 0 0 0 1.06l6.25 6.25a.75.75 0 0 0 1.06-1.06l-5.72-5.72 5.72-5.72z",transform:"translate(355 153.5)"}),i.jsx("path",{d:"M109 61.75H93.625a.75.75 0 1 0 0 1.5H109a.75.75 0 1 0 0-1.5z",transform:"translate(355 153.5)"})]})})]}))}a.displayName=a.name+" [from "+f.id+"]";a._isSVG=!0;b=a;g["default"]=b}),98);.__d("BaseMenuFocusGroup",["fbt","CometComponentWithKeyCommands.react","CometKeys","FocusGroup.react","focusScopeQueries","react"],(function(a,b,c,

                                                Chrome Cache Entry: 204

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (405)
                                                Category:downloaded
                                                Size (bytes):1600
                                                Entropy (8bit):5.234706685474562
                                                Encrypted:false
                                                SSDEEP:48:o79bWW+d1xb0KeRV8YtQy0aqdHgxbaQ77DfTBpbrw:oAB6KOVddbqSnLzw
                                                MD5:777F1FD23230384A286E78C5ACD6AC33
                                                SHA1:CC33BAC75FDD7CE9AD535CBCEAD5C91D974DF975
                                                SHA-256:277C957E852CD541B5D6D50B9A1CC3E6E6120DC704B529AADDA0171367557D98
                                                SHA-512:F785634C17C38826894B2D0D4363C26110418A9160AB36ACDFF2E6B76A2E07D32DD1BDA3D2D0F4D9BE3254DB834EB808FEA392A95B224AB5B94B429E69EBD1F0
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.ZU1EFvXsC20.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAgJYBMgM/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EN3i8d,F6sNGb,Fndnac,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,lRrMHd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,r1n9ec,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEfiLuEnjxYrdf-rk4qPrRacOxopQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,VwDzFe,A7fCU"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("w9hDv");._.xf(_.mja);_.ew=function(a){_.J.call(this,a.Fa);this.aa=a.ab.cache};_.B(_.ew,_.J);_.ew.Na=_.J.Na;_.ew.Ba=function(){return{ab:{cache:_.mp}}};_.ew.prototype.execute=function(a){_.kb(a,function(b){var c;_.oe(b)&&(c=b.eb.Qb(b.jb));c&&this.aa.FD(c)},this);return{}};_.Pq(_.Hja,_.ew);._.l();._.k("VwDzFe");.var IE=function(a){_.J.call(this,a.Fa);this.aa=a.Da.Pj;this.ea=a.Da.metadata;this.da=a.Da.Zq};_.B(IE,_.J);IE.Na=_.J.Na;IE.Ba=function(){return{Da:{Pj:_.iE,metadata:_.FWa,Zq:_.fE}}};IE.prototype.execute=function(a){var b=this;a=this.da.create(a);return _.kb(a,function(c){var d=b.ea.getType(c.Hd())===2?b.aa.Vb(c):b.aa.aa(c);return _.Lj(c,_.jE)?d.then(function(e){return _.gd(e)}):d},this)};_.Pq(_.Mja,IE);._.l();._.k("sP4Vbe");._.EWa=new _.Ce(_.Ija);._.l();._.k("A7fCU");.var nE=function(a){_.J.call(this,a.Fa);this.aa=a.Da.lM};_.B(nE,_.J);nE.Na=_.J.Na;nE.Ba=function(){r

                                                Chrome Cache Entry: 205

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 189 x 225, 8-bit colormap, non-interlaced
                                                Category:dropped
                                                Size (bytes):8450
                                                Entropy (8bit):7.895050815212879
                                                Encrypted:false
                                                SSDEEP:96:AitzuyVV24e+bAuln1N+xI/xtZfo9H3FBPuKJ+Bv4xMZ5X+sWrVfWXfmaalzXRut:LpVXVp1N+Ivdo4KoCi+sWrsUJh5y
                                                MD5:A800DC8DBB6A59E1A3E00E840BE91F4A
                                                SHA1:08BD90B1CEACE67B7BBB9D1DC42F5DD7D923408C
                                                SHA-256:92399D4E87E05C80A1D90E859AF0D871A7171D4558557EFFF39E50DD69F178C9
                                                SHA-512:1FAD6E8F0860E8AEA00D44D35B225CED34BFE4D2554B22D556D7315938A74E32212DE1E1741E331D4C627B1DF8A127E80E0617024DFEF21F38385DA4F920D25C
                                                Malicious:false
                                                Preview:.PNG........IHDR..............ED.....PLTE.....................GpL..........................................................................................................................................................................................................................................................................................5Ec....................................................................................................!!!................v..|..x......................w..w................................................x..w...........................w..w.......>>>............555...............zzzSSS........................................w.........................mmm.w...x........w..w..v..w...........w.@@@.......v..w..y..v...........w.VVVTTT..........w..........S......tRNSf....>..........7...Z.....P.......H:.*p.!0.$.Mw.....d\..E.T..~W.3...'.,irB...i..^f.@za....r....l..,.~..2........-k_...a..6..R..m...Jh..@.K....x....f.@......].Fv.!.J.

                                                Chrome Cache Entry: 206

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (9885)
                                                Category:downloaded
                                                Size (bytes):17215
                                                Entropy (8bit):5.1487947409826695
                                                Encrypted:false
                                                SSDEEP:192:7j4rD4rzDSqrxjkqEJnqzBuJRLUQ5V31HcCfRVlx8hf0:7j0AJjFQRLUQqkRVR
                                                MD5:8B4C72FAEEE315CCFA9DD0B424D32362
                                                SHA1:57BCA0955EEFAA8E1C1D216769EDB9921509E3FC
                                                SHA-256:7B1E4B18662377C64882D0EB20540CC1F86348E478922E96D2D9F4DF52E13277
                                                SHA-512:DF6FE757A39D473369842DF21F4FD79DF4DA9A528885C961BA8AE03735A0F4AA8C0928500B073C38B24DE48CAB72E0209C1C9F8624F7ADF481D73BE72D3081AA
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3/yy/r/VJPoervtPtX.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/..__d("CometVideoHomePlaylistPlaceholder.react",["FDSGlimmer.react","react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||d("react"),j={cover:{height:"x1vd4hg5",width:"xh8yej3",$$css:!0},description:{borderTopStartRadius:"x107yiy2",borderTopEndRadius:"xv8uw2v",borderBottomEndRadius:"x1tfwpuw",borderBottomStartRadius:"x2g32xy",height:"x1qx5ct2",marginBottom:"x1yztbdb",overflowX:"x6ikm8r",overflowY:"x10wlt62",width:"x1oysuqx",$$css:!0},header:{borderTopStartRadius:"x107yiy2",borderTopEndRadius:"xv8uw2v",borderBottomEndRadius:"x1tfwpuw",borderBottomStartRadius:"x2g32xy",height:"x1qx5ct2",marginBottom:"x1yztbdb",overflowX:"x6ikm8r",overflowY:"x10wlt62",width:"x1oysuqx",$$css:!0},metadata:{borderTopStartRadius:"x107yiy2",borderTopEndRadius:"xv8uw2v",borderBottomEndRadius:"x1tfwpuw",borderBottomStartRadius:"x2g32xy",height:"x1qx5ct2",overflowX:"x6ikm8r",overflowY:"x10wlt62",width:"xrostsh",$$css:!0},name:{borderTopStartRadius:"x10m1dyt",borderTopEndRadius:"xx7vh7w",borde

                                                Chrome Cache Entry: 207

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):824
                                                Entropy (8bit):3.466018055506166
                                                Encrypted:false
                                                SSDEEP:12:ASDCHXSkouwKJRLrtX9FsZkF/aCC2/INA/m+ZWFyKmMQL5I10Lrw8NPtR/c:ASXnKJxRB/m+Z/L5I1aHZ
                                                MD5:15E567AFF33A0F9DB7B4ECC6A1E3FBFE
                                                SHA1:498F477E9EF13360796ED58C012732EB339E26B8
                                                SHA-256:C86C63FC47DD36E021E2924AEA166BF34EEA5CCC1F5A8E603F652FD168F2ABB8
                                                SHA-512:6D92AD2255F659AC955FAEE48AB53EAEC0B84D6385604E02F5641749D5C5ECA1D14BB6826B5FA1E70F71767D3C4BCC039627529C640D3BABC3F03407FEFC85DB
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=0&byteend=823
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd......!..!........................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd......!..!............................................................@..............Tmdia... mdhd......!..!...............-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a...............................)esds...........@.......W...W..+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 208

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):824
                                                Entropy (8bit):3.4428088002720307
                                                Encrypted:false
                                                SSDEEP:12:AS4AHXSkouwKJRLrtX9gDZkF/lAFA/m+ZWFyKaQS5I10Lrw8NPtR/qM:ASwnKJxgse+Z2S5I1aHZ6
                                                MD5:97DAF6517F4C4837268F4F117D1546F6
                                                SHA1:7AF0803B1D67F9B8102881B567DBD61973317457
                                                SHA-256:78E36DBDE3B81561C58C7A25AADE0EED837F613EE512C98C7BD1627E8A4211B4
                                                SHA-512:0F5ED95508B78F950F168DC5BCE2D4839ECC64D144F2B28452B8441AA2998D0B73F4596F040EE4019C1202825509F858451FDF7F29A85648887C3F90E083895F
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/448827281_1000449061755355_8485620690939993684_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=tmxMzlxytgsQ7kNvgGNvup2&_nc_ht=video-hou1-1.xx&oh=00_AYC3vkKp0JXb8qLN0MZER1vtR4PHP7zT3IQbzeobYJCQ2Q&oe=668B2530&bytestart=0&byteend=823
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd.....-.-...D....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd.....-.-............................................................@..............Tmdia... mdhd.....-.-...D....U......-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a.........................D.....)esds...........@..............+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd.....)0.... trex........................

                                                Chrome Cache Entry: 209

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):80
                                                Entropy (8bit):2.5445179762781582
                                                Encrypted:false
                                                SSDEEP:3:rBltcXw5bfzClHll6sllUUv/:Vlv6bv/
                                                MD5:F8BF567FB0A50D6BFF777C48B563869A
                                                SHA1:E68EAD11271AC323F200FFC7B464D5388E55EB27
                                                SHA-256:A5DA9840B996D3A3F996EB52728BDD7C74499B33118799CA6DC746EEC87637CE
                                                SHA-512:DEBFED0E3DBD7319FED703D40901ACAD1C48E48E19BBA14577B89BB4BF010EC64C52D1857C478DE710B1C01C754D27A00FEDFDF995E4B2DCB932EAA262BA035F
                                                Malicious:false
                                                Preview:...Psidx...........D..............E%..\>......?...X.......?...X...........7.....

                                                Chrome Cache Entry: 210

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):82914
                                                Entropy (8bit):7.981827036276602
                                                Encrypted:false
                                                SSDEEP:1536:jsadz4+i0deJ/p+qcyzPseUzdQP0m7A9ZKxQvZlcXbPWidT3HVDjcaM:zdzo0GpEyzPseUzG8/9ZiQvjcXb5dLVO
                                                MD5:D39929994E9E51796FF424A0EE12E3A0
                                                SHA1:786E1DE94019CEBB0B814BA807D5B4C890ACAA7A
                                                SHA-256:67016F31D33D6EC923AF81D00F2C1F6BA43CD6FEFE7378FD0940B21AC50E9427
                                                SHA-512:114BD9E3DE48A00662315B65AE591E85D37547AF786D8B7C434407C2BA9FBD562497CD9E2137A8719563C26119C8EFBA6DAA65E8F61BA2715A4CF309D4320865
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=894&byteend=83807
                                                Preview:....moof....mfhd............traf....tfhd...*....................tfdt...........ptrun..................'4...g.......A.......&.......t...............K...............*.......>.......).......~...............!.......................)...............I.......................M.......Q.......%.......D...............M...............2.......`....... .......n.......!...............%.......9.......s.......................................................................................\...............>...............................................................................................]...............)..............!........................v.......................v.......K.......................P..A&mdat.....$.7._2...H2.N...i...D........ ....m.. .wp......y.%.#0.P.?lW..A...}P^.&......e..m.z...c..i...#_.....F...Q.J.>...*'Y!.....I.j5....r".5..p......B8n.d?.>...t2.F9@x..j..-K.ge..B8..Ph...o..~]..H.DcRYI..ig..........~.y?.....b.)W...l....Nd.....n.]u.{...,...E......By...U.i..S&...s&C.].

                                                Chrome Cache Entry: 211

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):826
                                                Entropy (8bit):3.505679134773534
                                                Encrypted:false
                                                SSDEEP:12:LuA47STXSkouwKJRLrv9uckg/OcRS+xtEqltEf95I10HZ/8:LuAUSSnKJLR/VRS+TDEnI1
                                                MD5:8315A80BFB1FF769A5B2BA8B921E11EC
                                                SHA1:B812B318E40501077896DF89336ED7CAD130F2FA
                                                SHA-256:C73C738DEFB1144E4C4618F5A06F81B70E7936CBECBECC5026C8BD1740FBACA0
                                                SHA-512:96AF526E44C0474230A9C67E9E91DB7819F8E9FB7852B253CE877758FC450A1AD1B1445809757806906F4B53EEA81D1A9E76DD55A3CEDF9A64CD0704787AD9DF
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=0&byteend=825
                                                Preview:...(ftypmp41....iso8isommp41dashav01cmfc....moov...lmvhd............2.....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd......................................................................@....h.........vmdia... mdhd............2.....U......-hdlr........vide............VideoHandler....!minf...$dinf....dref............url ........stbl....stsd............av01.........................h...H...H.........AOM Coding.............................av1C..........M..@..........colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 212

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (777)
                                                Category:downloaded
                                                Size (bytes):1481
                                                Entropy (8bit):5.316577802144649
                                                Encrypted:false
                                                SSDEEP:24:kMYD7xmEu0IvxqcNzoYcurO/qb99nyobhzWuNA+CkadpUGbX7MNa4VGbwCSF57M8:o7xmR0I5kc7b91xbf0dpUGbYNa4VGbwl
                                                MD5:FC2DC9D5B7292B603D399F3E3046665B
                                                SHA1:92D25D672FDDD209D97ED306541CE686B6FD51CE
                                                SHA-256:614049A345B7E332826D74B79163DF74EDDE93CA1A661EE468352D4E5F94574C
                                                SHA-512:7348DBAF2A5A1FC87E3017B9E504EF22A3EBA65EC6FD255DD127DB78384B56B80A101BE9101F5BADBA4717FBE460C6A8DBE07DBA5F918413BE36EF0D88716C50
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.tJAV7vL1l6c.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAAJYBMgM/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EN3i8d,F6sNGb,Fndnac,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,lRrMHd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,r1n9ec,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHSmMVe3EF2eQKql4kfMC1M0jwtog/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=bm51tf"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("kMFpHd");._.FWa=new _.Ce(_.Kk);._.l();._.k("bm51tf");.var IWa=!!(_.$f[0]>>26&1);var KWa=function(a,b,c,d,e){this.ea=a;this.wa=b;this.ja=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=JWa(this)},LWa=function(a){var b={};_.Ma(a.xO(),function(e){b[e]=!0});var c=a.jO(),d=a.pO();return new KWa(a.dL(),c.aa()*1E3,a.NN(),d.aa()*1E3,b)},JWa=function(a){return Math.random()*Math.min(a.wa*Math.pow(a.ja,a.aa),a.Ca)},oE=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var pE=function(a){_.J.call(this,a.Fa);this.Jc=null;this.ea=a.Da.sR;this.ja=a.Da.metadata;a=a.Da.Faa;this.da=a.ea.bind(a)};_.B(pE,_.J);pE.Na=_.J.Na;pE.Ba=function(){return{Da:{sR:_.GWa,metadata:_.FWa,Faa:_.zWa}}};pE.prototype.aa=function(a,b){if(this.ja.getType(a.Hd())!=1)return _.Vk(a);var c=this.ea.aa;return(c=c?LWa(c):null)&&oE(c)?_.Aua(a,MWa(this,a,b,c)):_.Vk(a)};.var MWa=function(a,b,c,d){return c.then(function(e)

                                                Chrome Cache Entry: 213

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:HTML document, ASCII text, with very long lines (687)
                                                Category:downloaded
                                                Size (bytes):4140
                                                Entropy (8bit):5.371702264924607
                                                Encrypted:false
                                                SSDEEP:96:GPWUbFMvF/ygbQgs8qUoaCyPj8LvUe8tOFw:SWIF1R8qUVCywzzgt
                                                MD5:7DD911B1022E2F37811F8AAEEB74862E
                                                SHA1:36F79706B7E839CFF0DE16EE9CC7B026EE5019A2
                                                SHA-256:DD48C9475C9D2B02ED29382E9DD32791D671004BB217DB0B0F6750DA3011CD66
                                                SHA-512:03996AD04C65D47A9C364C63AEBCB3F58F41CCCE4DAD70840316853BEF2967A38797744FE62BFFF418B799EC71476DC6B49CFE3053F2B9BEBE62CF5A30EA7847
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.tJAV7vL1l6c.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAAJYBMgM/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EN3i8d,F6sNGb,Fndnac,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,VwDzFe,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,lRrMHd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,r1n9ec,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHSmMVe3EF2eQKql4kfMC1M0jwtog/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
                                                Preview:"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.xf(_.Joa);._.k("sOXFj");.var Wq=function(a){_.J.call(this,a.Fa)};_.B(Wq,_.J);Wq.Na=_.J.Na;Wq.Ba=_.J.Ba;Wq.prototype.aa=function(a){return a()};_.Pq(_.Ioa,Wq);._.l();._.k("oGtAuc");._.Dua=new _.Ce(_.Joa);._.l();._.k("q0xTif");.var Bva=function(a){var b=function(d){_.Wl(d)&&(_.Wl(d).Cc=null,_.ir(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},ur=function(a){_.up.call(this,a.Fa);this.Pa=this.dom=null;if(this.Ei()){var b=_.qk(this.Of(),[_.Ok,_.Nk]);b=_.vh([b[_.Ok],b[_.Nk]]).then(function(c){this.Pa=c[0];this.dom=c[1]},null,this);_.Jq(this,b)}this.Oa=a.Ih.Y8};_.B(ur,_.up);ur.Ba=function(){return{Ih:{Y8:function(){return _.nf(this)}}}};ur.prototype.getContext=function(a){return this.Oa.getContext(a)};.ur.prototype.getData=function(a){return this.Oa.getData(a)};ur.protot

                                                Chrome Cache Entry: 214

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):68
                                                Entropy (8bit):2.6696022575517366
                                                Encrypted:false
                                                SSDEEP:3:HBltTMXlkqMlzJlon:hlDqTn
                                                MD5:2F415E4A48775B38987AB796EDE45963
                                                SHA1:FCC02F828057446B1DE7B781DB316A771E2A7D85
                                                SHA-256:ACDF9CCCCF696C6F865A3E53BF6A35B8F597F18AA3569D8FF9334127CDBA7F96
                                                SHA-512:C899F92D0B1DE01EC5120766B021CB7AE7B8B74BE922C48616626CB1D709F965A55C720EC0AEE5741FDFAB35A90662443960DB26D2C83113C8DECC1F74DF1AAC
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=826&byteend=893
                                                Preview:...Dsidx..........u/..............C...I...........I.................

                                                Chrome Cache Entry: 215

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):13720
                                                Entropy (8bit):7.864513802682525
                                                Encrypted:false
                                                SSDEEP:192:xjbdumLRWEVu7Rp8XL1MSDEN8ab2uXMEvP9JYBFYnqshKpv6hbMJMckw3lVepBy9:hdu60Vp871MR8DlwP9JY/Yqs05kmKTZA
                                                MD5:EA0A58BF372F62A3D595A4043D7142D9
                                                SHA1:E7C7F8B8A789B556E7648C93210FA16ED39253B6
                                                SHA-256:8D6A26C42602BA6FAABD0119AE27BD78F089285240693DC05BE7D4FC5A251733
                                                SHA-512:E5E7D7CCAF0192AD0000FFAE794298929798095F5AC53049B6D5E9F70519022D9A9230A75B08B1CA847EE40388A1A83381C5E5D472E43A2958E86472BC1D3E6E
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449701410_474789018534823_132095418009423402_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=a4-7etsBSc0Q7kNvgGNQ-c5&_nc_ht=video-hou1-1.xx&oh=00_AYBddMuxclFe9RyZwMpsaRcIsWvTHMHPaUlXWSkfhVbxJg&oe=668B2AE3&bytestart=964&byteend=14683
                                                Preview:...4moof....mfhd............traf....tfhd...*....................tfdt............trun...........<...........o...x...[...c...w...h...`...a...:...9...>...................................................!.......%...H...S...H...E...0...*...5................................................sbgp....roll..............4dmdat!!E..P.F..A].....p`...................................................................................................................................................................................................................................................................!M........},..*...UB4....8....s......sSg........>..>.g1....@.8..d......c...;..$..BD.B|B.9......Rh].....u.%n/f..{.<...@x.....|..X...$...`.b......C.H&&.'4..a{..k....d;0._j..O.rT}.'.q.....h.....Y...! .N.&........[.iY...c.|..j.6...z.....sSg...2.=..a.....p..N.........Q.ZZZ^!z.....aP..SvT..r.P,..T..P.#..6..#O...#..M............../.b.?@.de...w..?.....fi...T..J.Zn?.u...;=.e..q.j.._.....LV...

                                                Chrome Cache Entry: 216

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):826
                                                Entropy (8bit):3.4937874048299005
                                                Encrypted:false
                                                SSDEEP:12:LuA47S0aXSkouwKJRLrv96ckth3OcRS+xtEKt95I10HZ/e:LuAUS0VnKJLoh3VRS+3ZI1
                                                MD5:BC36F9F1A1CEE3B3F85869D46579F017
                                                SHA1:4D60D81546B94209011F7937FC731ED97C25F5D5
                                                SHA-256:3224DD02F0602618130387538A9CC4EE7BA2EBCAE74995D82A87F44CCD028D84
                                                SHA-512:E621B6A030A7A5C33592CEEBB72F91C16150BD2FED1B22A903A227C1B9723E83BDA50B785D5A9C9D424D0BCD0C5B5DC3677FD6F3B8A1894DC9685CE9E958EBE0
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449749398_919410706654359_5930299620981928735_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E2MCIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=rOrpAmpg2qEQ7kNvgHrh-6Y&_nc_ht=video-hou1-1.xx&oh=00_AYCTXVxhfNzeBOavxbvCAUwoD6y6ShLZHvezDgM-zVRHrg&oe=668B327F&bytestart=0&byteend=825
                                                Preview:...(ftypmp41....iso8isommp41dashav01cmfc....moov...lmvhd.....n'.n'..<.....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd.....n'.n'............................................................@....@.........vmdia... mdhd.....n'.n'..<.....U......-hdlr........vide............VideoHandler....!minf...$dinf....dref............url ........stbl....stsd............av01.........................@...H...H.........AOM Coding.............................av1C.........$...._....H....colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 217

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):365828
                                                Entropy (8bit):7.998193233283559
                                                Encrypted:true
                                                SSDEEP:6144:NI+DUU6KcRhlWH8leSSLshB2Ot3ilv6vV3+H0/SSm9gukgevTbce1ix:g7RnWH8ozsf2Oolv64H0uKfgne1ix
                                                MD5:30FC3465655DD0F4137647687EAA3969
                                                SHA1:A40E7C11386BCED6003040000E0E0D2EB9FC048E
                                                SHA-256:C3B408A94BAFCC7E6271A08DEE306BE07D8C8BE8DD1513BF5F66D64616CF05EA
                                                SHA-512:71510846A31BA4BB0729C8937F4CB4176C1575737795AA1FC31CDC8317C147B08807BB2AF5E79FC059534A3A86EA821412BD8C1FE1212EE8D9FD854852E63B8F
                                                Malicious:false
                                                Preview:....moof....mfhd............traf....tfhd...*....................tfdt...........ptrun...................H../x...............)...............C.......-.......s..............J...............................................................K<...............N.......e.......1...............%..............W........?...............*...............................?......O........2.......1...............w.......................I......L........................s.......Z..............................D........................^......$........................$......P............................... ...............................Na.............................."........v.......).......J......'................^...Hmdat.....$.7._2...H2...........0...'... ....Kr..e.x......^u.YL9.....;d..>r...F.w<....1...@......Y....f..o.<N&.$.H...).-.../.>....ls./..5.`.H..$.B.u.J...g../.yhN...........s.&>.......,c....R..<r[...........}.-...?m.. .....w.....{.....:Z....;=..6;+.Z.....XO....6..=..<....R....%.*.Y2.

                                                Chrome Cache Entry: 218

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (8477)
                                                Category:downloaded
                                                Size (bytes):469520
                                                Entropy (8bit):5.567945047839263
                                                Encrypted:false
                                                SSDEEP:6144:9Temh/tn9jOc7S6IuF3830ZGxrpsU6Fl7:9TemhVn91IuRYGh
                                                MD5:431D8E3CB3C1E0CFCACE50A6A457861F
                                                SHA1:5245A4C80DFB321345A5255A3634E1E4E5F0FD1C
                                                SHA-256:B862DE4A32B58ABC17D3C4470381218F72C255526F3D0CADA078650E928C9EED
                                                SHA-512:8C23E20784104BDAEA6B85F5A981A6B68AF61D498EF9A2DE89337EC50F22C132768EBDF5ACEC9BE30BAEF7CEA544E332C1CCD1B91D5B8BF2E3B58B44D7DD4E8B
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3i8xq4/ym/l/en_GB/DKP4VMyHWvT.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/..__d("AccessibilityWebAssistiveTechTypedLoggerLite",["generateLiteTypedLogger"],(function(a,b,c,d,e,f){"use strict";e.exports=b("generateLiteTypedLogger")("logger:AccessibilityWebAssistiveTechLoggerConfig")}),null);.__d("AcfToastImpressionFalcoEvent",["FalcoLoggerInternal","getFalcoLogPolicy_DO_NOT_USE"],(function(a,b,c,d,e,f,g){"use strict";a=c("getFalcoLogPolicy_DO_NOT_USE")("1873550");b=d("FalcoLoggerInternal").create("acf_toast_impression",a);e=b;g["default"]=e}),98);.__d("AsyncTypedRequest",["AsyncRequest"],(function(a,b,c,d,e,f,g){"use strict";a=function(a){babelHelpers.inheritsLoose(b,a);function b(b){b=a.call(this,b)||this;b.setReplaceTransportMarkers();return b}var c=b.prototype;c.promisePayload=function(b){return a.prototype.promisePayload.call(this,b)};c.setPayloadHandler=function(b){a.prototype.setPayloadHandler.call(this,b);return this};return b}(c("AsyncRequest"));g["default"]=a}),98);.__d("BDSignalBufferData",[],(function(a,b,c,d,e,f){"use strict";a={};

                                                Chrome Cache Entry: 219

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (777)
                                                Category:downloaded
                                                Size (bytes):1481
                                                Entropy (8bit):5.316577802144649
                                                Encrypted:false
                                                SSDEEP:24:kMYD7xmEu0IvxqcNzoYcurO/qb99nyobhzWuNA+CkadpUGbX7MNa4VGbwCSF57M8:o7xmR0I5kc7b91xbf0dpUGbYNa4VGbwl
                                                MD5:FC2DC9D5B7292B603D399F3E3046665B
                                                SHA1:92D25D672FDDD209D97ED306541CE686B6FD51CE
                                                SHA-256:614049A345B7E332826D74B79163DF74EDDE93CA1A661EE468352D4E5F94574C
                                                SHA-512:7348DBAF2A5A1FC87E3017B9E504EF22A3EBA65EC6FD255DD127DB78384B56B80A101BE9101F5BADBA4717FBE460C6A8DBE07DBA5F918413BE36EF0D88716C50
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.ZU1EFvXsC20.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAgJYBMgM/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EN3i8d,F6sNGb,Fndnac,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,lRrMHd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,r1n9ec,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEfiLuEnjxYrdf-rk4qPrRacOxopQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=bm51tf"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("kMFpHd");._.FWa=new _.Ce(_.Kk);._.l();._.k("bm51tf");.var IWa=!!(_.$f[0]>>26&1);var KWa=function(a,b,c,d,e){this.ea=a;this.wa=b;this.ja=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=JWa(this)},LWa=function(a){var b={};_.Ma(a.xO(),function(e){b[e]=!0});var c=a.jO(),d=a.pO();return new KWa(a.dL(),c.aa()*1E3,a.NN(),d.aa()*1E3,b)},JWa=function(a){return Math.random()*Math.min(a.wa*Math.pow(a.ja,a.aa),a.Ca)},oE=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var pE=function(a){_.J.call(this,a.Fa);this.Jc=null;this.ea=a.Da.sR;this.ja=a.Da.metadata;a=a.Da.Faa;this.da=a.ea.bind(a)};_.B(pE,_.J);pE.Na=_.J.Na;pE.Ba=function(){return{Da:{sR:_.GWa,metadata:_.FWa,Faa:_.zWa}}};pE.prototype.aa=function(a,b){if(this.ja.getType(a.Hd())!=1)return _.Vk(a);var c=this.ea.aa;return(c=c?LWa(c):null)&&oE(c)?_.Aua(a,MWa(this,a,b,c)):_.Vk(a)};.var MWa=function(a,b,c,d){return c.then(function(e)

                                                Chrome Cache Entry: 220

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):826
                                                Entropy (8bit):3.5372576493487236
                                                Encrypted:false
                                                SSDEEP:12:LuA47S5XSkouwKJRLrv9i1ckaPZOcRS+xtEK295I10HZ/UDM:LuAUScnKJLTPZVRS+CI1
                                                MD5:1BDB37C6FA0AA9E7446E809D8454C8FD
                                                SHA1:D3B514AA1A7D65B066FC2F7159A4E61AB68BA854
                                                SHA-256:87838240CAF884754AA8CE4AEAC57DA3CAC35CA66892CE31339FF762A27A750E
                                                SHA-512:2B1AB1A6D181165829585BF48E01D0F9EF6DDC4FC313B6E1C19D141AC3E66CD23C838B078176F4E111EE64BC1A0CE5187A319D54000BA2C7AEFE8710EEB9D5E0
                                                Malicious:false
                                                Preview:...(ftypmp41....iso8isommp41dashav01cmfc....moov...lmvhd..........<.....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd....................................................................@..............vmdia... mdhd..........<.....U......-hdlr........vide............VideoHandler....!minf...$dinf....dref............url ........stbl....stsd............av01.............................H...H.........AOM Coding.............................av1C.........$.7._....H....colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd......&.... trex........................

                                                Chrome Cache Entry: 221

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):17701
                                                Entropy (8bit):7.8708161117066915
                                                Encrypted:false
                                                SSDEEP:384:amUA/Gv6kIGrTRagTH013MwcU5Td8daL8SaXASafi7e6nweE:amFOv68xDT8cwcWtxqiBMVE
                                                MD5:ECF3123F436575206905A48382B690A1
                                                SHA1:825644C34A7807B0A1F1FB1BC91C84E4D31B070C
                                                SHA-256:54D576D1C9F9C17CBEBF522F8D2DFDF7D646C241C8F32945CA5B9EB90D253C99
                                                SHA-512:05C4A45B8CC8E878D685CE5032B85DC6B8DB5E0A22DC51DAE1D7BF962CA2CFF4E00EBE2FE24A2C613216051E2B80B6546A4DB112E5797A4EB23116985AF7BCD6
                                                Malicious:false
                                                Preview:...4moof....mfhd............traf....tfhd...*....................tfdt............trun...........<...s...t...s...........................................r...b...M...V...z.......y...y...h...s...]...i.......l...o...Z...R...e...W...c...Z...y...e...........j...T...\...U...[...`...g...d....sbgp....roll..............C.mdat!.E..P.F.=..<.@............................................................................................................................................................................................................................................................................................D)iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiix!!E..P.F...............................................................................................................................................................................................................................................................................................)iiiiiiiiiiiiiiiii

                                                Chrome Cache Entry: 222

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):13399
                                                Entropy (8bit):7.80174230762493
                                                Encrypted:false
                                                SSDEEP:384:TUFY6fum4oCMs0gRlw1H65Yjtlxw2oNqySvFI:AFjfX4o1Nx+YhIHSK
                                                MD5:FA53C0F143755F3FA2E861000C6FAD4C
                                                SHA1:91FEFE48EB9423418A387A54364F8B5C34657E72
                                                SHA-256:9750CD3A62877A733A289E6C9ABD40A2F628932B5570E891AEA03D786841F160
                                                SHA-512:FF593E786E531B88D8E6C10566423D2765F11B7C970DFCF3CD2797BF06A883C6B88D96FBD4F04A78082F5306678BB18D31013E04AA5B0E4400CBCF3434295178
                                                Malicious:false
                                                Preview:...4moof....mfhd............traf....tfhd...*....................tfdt............trun...........<.......................R...S...W...H...G...2...2.../...3.......'...*...!.......#..............."...................................<........................................................sbgp....roll..............3#mdat!.E..P.F..A].....p`...................................................................................................................................................................................................................................................................!.E..P.F.!p............................................................................................................................................................................................................................................................................!...........0......L...&..j.-..D..S)i.MZB ..........)iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii

                                                Chrome Cache Entry: 223

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):17610
                                                Entropy (8bit):7.889127962263205
                                                Encrypted:false
                                                SSDEEP:384:xMOYQPTfDj06UyoScepRdq6qQ9MYGg2OSwK7Wmkz:xnYQPTtX9ZdqNQ9MYGg2p7Wmkz
                                                MD5:4ED59023D64D2E353C6E5C7F5C5A5D67
                                                SHA1:981933D2CB7045875DA442D742809EB27979298C
                                                SHA-256:74AFA12AA1641C6A2FE127C50FAFE2A9EC55403A5685A7CB03DA3C5A859D607A
                                                SHA-512:619243B906B62F0B53C6B76353659156F9F039C8B20370D9404FFC6A97570541940535590745622E35DF6D65DC570A019C0A7950B45FAB18865F656E0506DD48
                                                Malicious:false
                                                Preview:...Dmoof....mfhd...........,traf....tfhd...*....................tfdt............trun.......2...L...U...U.......................|...g...d...[...T...O...L...a...[...Z...A...I...F...D...F...F...@...@...]...J...T...P...P...E...?...D...K...T...F...A...W.......P...Z...K...N...H...H...D...E...M...K...H....sbgp....roll.......2......C.mdat!.E..P.F.M..<.@.............................................................................................................................................................................................................................................................................................)iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiix!+O........jL$......)(.......3.....JJ'kv..@..............ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ]..

                                                Chrome Cache Entry: 224

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x370, components 3
                                                Category:downloaded
                                                Size (bytes):23847
                                                Entropy (8bit):7.970889531509346
                                                Encrypted:false
                                                SSDEEP:384:pk9/vBvUN/9rc6fcpCykInDc0htZnTI+VPfm1Xh/bIASAx8yQq+hX:pmXF8/Vc6fcpPDJ1Uh/LnVq
                                                MD5:B162533E54EE1892B79DAA91BB03F0DF
                                                SHA1:BEBB5C3BBF9D13803CB8C5389200C9A3ED6F3D65
                                                SHA-256:5B70B76182A5CDAAE09643BDA38EAD63D257D6868F3E9239B3FDCC59E0C276AC
                                                SHA-512:B9AE31F7EFDE6FC470B5D77563D086F1555E8CC47B86EC7802D466C46826FA481009284BDC8594DF34FECA7C023F3DD926A506648E0B66D50F61C22A1DCBD720
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/438227998_963705932159565_7340903352037785771_n.jpg?stp=dst-jpg_p296x100&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=1xjCnifaTkkQ7kNvgGL-gKy&_nc_ht=scontent-hou1-1.xx&oh=00_AYADlQRqzZ2P08jO-As9NPO_adR-6OwCkbxDjNJ2LcT8sA&oe=668B16B9
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a70010000d008000001140000dd1600000919000031230000a6350000373700002d3a0000903c0000275d0000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......r.(.."...................................................................................4.4.4.D.chy..G........8....=.?.Y..N.|.'@.@1.. X..H.H.....#$...i ..g.......w.h.I.j@.LG.r...;%"...)."R$.DM+..(.4Yz.g..r%"Hd.,....q....?.d...N......w...._L..|.h..6....$. Q$y:..;.P...3Fl8.....63C.@..l..k..$..!zG..}.6.&..b..(.d. ..D....w.jqoX|cLwRq........I....J....Y:.bN..L$.#...n.}&o9=_+.3y.....#.[..G./>....)..A#.D..Z...LB.01..r..t..f......\.I!3.$.K*..Bn2M.)...m....UgL\...E.WGj....q.^.).........-.n.Y........,;<..,.@..P|.L...<.jn.:...h.1..A kZn..J...I..;9....|.......+t\.AfM......(..<.a....TvWz.<...X...W.A0I..DV.......@k....<.q.C,...6.....[..j.'.w3/.a.....5(.l..[f.....3....X...d.....]

                                                Chrome Cache Entry: 225

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):140
                                                Entropy (8bit):2.600839578110449
                                                Encrypted:false
                                                SSDEEP:3:fBnltcXlMvXYllBtllGlEtllV9FllN0vtll3llkM/v9l:pnloMpCZLs/vH
                                                MD5:109D4D0C4FA6ACBBD80EB65605F750ED
                                                SHA1:CDFD7F7251B028338603034998B688A425300808
                                                SHA-256:5C45D348DE3CAEB69FBE70AA437DC1C3C862BC776715871395A15B08B4A15810
                                                SHA-512:70C2215C64FC3BCD95E9BCA1BCD95792F0272E6E40BF1A9CCD613A069BD4F7CC07AE9B8A5AE7CCF7461218D648869B9B375F12BFC542272215D11ADA422DD4A7
                                                Malicious:false
                                                Preview:....sidx...........D..............5...\>......0...X...........X.......1:..X......./J..X......./a..X.......0I..X.......0...`........d........

                                                Chrome Cache Entry: 226

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):119193
                                                Entropy (8bit):7.994141171638286
                                                Encrypted:true
                                                SSDEEP:3072:RzoF9ZGSL5bz7IsZavfDUs1/GniQnu8h0iOiz:F69ZGSLzavAsBcu8h7z
                                                MD5:0393EF7A8900396546CE8153F27A8D59
                                                SHA1:122F7F68C5346E79B6949F160E73C531D648C33B
                                                SHA-256:6BC078E9EB64F6B60326683AF93B37F6019E5F4F2593518BE3A93783C4799049
                                                SHA-512:36CA331EA3E96B8C3660B4B9E1CC86D178CB4E1446BCA9AA53885CE8DF6C8B26E3F078370BFBED8AAB40A2144EA52323AA7CC95A8C2393207977D33DD7C14510
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=918&byteend=120110
                                                Preview:...Xmoof....mfhd...........@traf....tfhd...*....................tfdt............trun.......}...`..........KS.......Y.......................t.......A.......9..............&...............................................................'........................$...............................@......((.......Y.......m.......K.......P.......x.......[......._...... ?.......................X.......W.......<...............Y..............._....... .......A...............b.......q.......Y...............T...............=.......W...............g.......................!.......e...............G.......#.......Amdat......M..Z.d....2.7...)..(.G....>s. ...3C.m].S.z.n.B...b..J.PV..,..{%X.o.Tn.p..3.-.z..1{...e.T.".u..D.[.....0....)P.....n.. P....G..Y2.A.f...Uh.}B....X.$.S(......v....6%`..xQ...%DV..W..._|8W.}..X..`+U...[.+..X..R..P..GN...i.o.O.P.iK.D...N.+......)....yE....7od.s-...{..o.~.....k.A.\.N...z..z....d......r...*.$...M..9....4....9eh..*.J..N.|...}.'.O..B...g.r-"..2\z......*...

                                                Chrome Cache Entry: 227

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                Category:downloaded
                                                Size (bytes):5430
                                                Entropy (8bit):3.6534652184263736
                                                Encrypted:false
                                                SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                                                MD5:F3418A443E7D841097C714D69EC4BCB8
                                                SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                                                SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                                                SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                                                Malicious:false
                                                URL:https://www.google.com/favicon.ico
                                                Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                                                Chrome Cache Entry: 228

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):188
                                                Entropy (8bit):2.6230437113472553
                                                Encrypted:false
                                                SSDEEP:3:PBnltNXlCkZRl/llclXGGXmetlnXbil1lXIXwdNysmGXklfkevtl8n1t:5nlTX8kZRyYjbXd01sznH
                                                MD5:4C05112901854DD6341FD9B359313CA0
                                                SHA1:B5BF3154DB1C5AFD4B865B9DD54F76007E870250
                                                SHA-256:66CB9FD9CB4F6F9BE39C8335D705E29650623CEC8AB1DDD5E67AC209C436DA3C
                                                SHA-512:76C01AA3A79D8817E0D50746EAAC2737F9BA2C5F6FF51CD0B4B3D42D4A8074D696E6CF346913FC89E123B21F5A65839F5FAFD0133A64D1C809B03D8A4B3DAFDC
                                                Malicious:false
                                                Preview:....sidx..........................D...|>......@*..x.......?...x.......>...p.......?...x.......?5..x.......@...x.......@v..x.......?...x.......?...x.......?...x.......>...p........<..7....

                                                Chrome Cache Entry: 229

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):13399
                                                Entropy (8bit):7.80174230762493
                                                Encrypted:false
                                                SSDEEP:384:TUFY6fum4oCMs0gRlw1H65Yjtlxw2oNqySvFI:AFjfX4o1Nx+YhIHSK
                                                MD5:FA53C0F143755F3FA2E861000C6FAD4C
                                                SHA1:91FEFE48EB9423418A387A54364F8B5C34657E72
                                                SHA-256:9750CD3A62877A733A289E6C9ABD40A2F628932B5570E891AEA03D786841F160
                                                SHA-512:FF593E786E531B88D8E6C10566423D2765F11B7C970DFCF3CD2797BF06A883C6B88D96FBD4F04A78082F5306678BB18D31013E04AA5B0E4400CBCF3434295178
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/448827281_1000449061755355_8485620690939993684_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=tmxMzlxytgsQ7kNvgGNvup2&_nc_ht=video-hou1-1.xx&oh=00_AYC3vkKp0JXb8qLN0MZER1vtR4PHP7zT3IQbzeobYJCQ2Q&oe=668B2530&bytestart=1228&byteend=14626
                                                Preview:...4moof....mfhd............traf....tfhd...*....................tfdt............trun...........<.......................R...S...W...H...G...2...2.../...3.......'...*...!.......#..............."...................................<........................................................sbgp....roll..............3#mdat!.E..P.F..A].....p`...................................................................................................................................................................................................................................................................!.E..P.F.!p............................................................................................................................................................................................................................................................................!...........0......L...&..j.-..D..S)i.MZB ..........)iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii

                                                Chrome Cache Entry: 230

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:dropped
                                                Size (bytes):68399
                                                Entropy (8bit):7.981139890304293
                                                Encrypted:false
                                                SSDEEP:1536:qdjlB605XiuwREy2PNCytwFvfZn6cM4+6NlWnio:oB605yu17Ufxn6cw4lEio
                                                MD5:14480A40B8D0A7AA7F4BDFDBC011390C
                                                SHA1:546155E21D31A287AE8A09E96CEC2FD74571FDD4
                                                SHA-256:AA31A0653CEE606D7A39FD0A58043C941E66E39E57762BBE03E76BC947D576D4
                                                SHA-512:F66ACC59345BDFCF74A1450222B6FF2C8E1A0141FED260CAE4B42F3AB6234206F80635D950D9997C693BA10588FEBFDB6D239E56CEF659B7F885A063634A0B2B
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a71010000f82200005e5200001d590000bd5e00009c7600006da7000099ad00005bb5000032bc00002f0b0100....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".................................................................................sk..Q3..w.+.........-s....#M..j.ZQ^............t.5|:f.^r.t....\:#....5.W..X..1..P..k..RkG..J@Ke.....M ....EF....>.~~..dJ....LG.b/65..q....j.......y.M..u..k*+...L.wGP.'..+......P`:.. ...R!.$.V...zd...#..a.a..p.#k.-..Q..t}5.p.s.t3.`.d...2C.\..Q....gI........q[.bm...s.m....o0.45.@o...}.;Y.e.LG.p.60^u.T.g.k.}.{...V\c..G...|W.tg..Q.U..;..v.llS&Z.5..5...##.....].^...K`*&...[.nk.....p.L..c..I..\-.z..0.y.EX.|..Q.....|Zg]..7.=cq-...l..^........]...f#.*..E.....c.:(.!.......Etw.. X.f..[..L..."s\=...29/$....X..c..c.j.k...$k..9.N......8tF!..!...3.5V....5u...$w R....:..G.(..cw.~zi..-k!...|.0.

                                                Chrome Cache Entry: 231

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):92
                                                Entropy (8bit):2.598712188490132
                                                Encrypted:false
                                                SSDEEP:3:vBltcXSgck5bfXFllo/llE+P/llGfH:ZlOtp
                                                MD5:124800A586FDFF3413F84E5049C8CFEA
                                                SHA1:61F602AACCE7889AE580DA9947F04F0D5F74F935
                                                SHA-256:E8E0F514FE814FBEF4FB4766397C64341858B250500E0E164DDF48AF6E020E11
                                                SHA-512:147FF0DFDF66852EC2578E70B5932CA7829068F3B65FB22DC59873FEB34806D5A0E27DDD2FC254693C7DC84A05F26F1CB87896F12030ED3BE4ABCC719B87CFC3
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=824&byteend=915
                                                Preview:...\sidx...........D..............E...\>......@K..X.......?...X.......?...X.......5R..#.....

                                                Chrome Cache Entry: 232

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (574)
                                                Category:downloaded
                                                Size (bytes):3477
                                                Entropy (8bit):5.499342889552936
                                                Encrypted:false
                                                SSDEEP:96:oIByrBKfKVHcikUJFtlPMETAKv78pUCCjIw:INKS/vP3hv7mUbZ
                                                MD5:E18219F32F2747C14548BCFEE58B13CD
                                                SHA1:85307A7D3376A623245EB21D245B8BC4FA481908
                                                SHA-256:6479CFCD0C8840DD31DA0C55F596BDA37C28074517B5F063F5A5830EC27D0280
                                                SHA-512:EFE83897B3C1EE154EA3C14B3FFB4C242C065303F3F5A3DFA3E6E26C154B44509FE8E580D2402553CCDFABACEDD3F000FAC9171E861BBF22E6D56C5A6355CF47
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.ZU1EFvXsC20.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAgJYBMgM/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EN3i8d,F6sNGb,Fndnac,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,VwDzFe,YHI3We,YTxL4,YgOFye,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,lRrMHd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,r1n9ec,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xiZRqc,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEfiLuEnjxYrdf-rk4qPrRacOxopQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("Wt6vjf");.var jua=function(){var a=_.ge();return _.Bi(a,1)};var wq=function(a){this.Ea=_.t(a,0,wq.messageId)};_.B(wq,_.v);wq.prototype.Ha=function(){return _.ti(this,1)};wq.prototype.Za=function(a){return _.Ki(this,1,a)};wq.messageId="f.bo";var xq=function(){_.Fk.call(this)};_.B(xq,_.Fk);xq.prototype.Yc=function(){this.BP=!1;kua(this);_.Fk.prototype.Yc.call(this)};xq.prototype.aa=function(){lua(this);if(this.nA)return mua(this),!1;if(!this.xR)return yq(this),!0;this.dispatchEvent("p");if(!this.hL)return yq(this),!0;this.fJ?(this.dispatchEvent("r"),yq(this)):mua(this);return!1};.var nua=function(a){var b=new _.An(a.J0);a.iM!=null&&_.Ml(b,"authuser",a.iM);return b},mua=function(a){a.nA=!0;var b=nua(a),c="rt=r&f_uid="+_.Sg(a.hL);_.jl(b,(0,_.vf)(a.ea,a),"POST",c)};.xq.prototype.ea=function(a){a=a.target;lua(this);if(_.ml(a)){this.hH=0;if(this.fJ)this.nA=!1,this.dispatchEvent

                                                Chrome Cache Entry: 233

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:dropped
                                                Size (bytes):52708
                                                Entropy (8bit):7.961241012485158
                                                Encrypted:false
                                                SSDEEP:1536:JDzIgMfLeOJonOC48Sq9TM+NFeKUsn9rlLTFPHInr:hqf6Eydrd7jnFFF/Y
                                                MD5:2CA7F06527D9CC1FE14E3719B28E2425
                                                SHA1:5B1C764324A81F0E2252309B478BD7F2E1D3D95D
                                                SHA-256:93A89521E5C4F70F8A26CF2312F9891499EC8465A7F7D1FF01CDE2C19969CE1D
                                                SHA-512:42F29EDDCA3F8B31DAA49E774525FD01FE1860A2DEEC2BDD460C8F8BB42BC12B6D819E5EC6CF36CC429AA312240EBADD15463342611124364E7BCE8023F25B4F
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a700100001e190000842f00006233000060360000064100005e650000b46b00007171000065760000e4cd0000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."....................................................................................a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.`....A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A!.h`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`.gH`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..a!.h`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`.M!..!..!..!..!..!..!..!..!..!..!..!..!..!..!..!..!............................................d..$.$.$.$.$.$.$.$.$.%..HH...HH......h$$I.I.I.I.M.*$$I.I.I.I.I.I.I.I.I.I..*.!..!..!..!..Z=\....Vs.W.;.G\.p.*...8.k....s..y....-.s.N...R8;<yX.t0C.0C.0C.0C.0C.d..!..!..!..!..[.......V.."..f.[9..ty..tc^Lu.yM.[.=....L.t.

                                                Chrome Cache Entry: 234

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):824
                                                Entropy (8bit):3.4401221017922103
                                                Encrypted:false
                                                SSDEEP:12:AS0wXXSkouwKJRLrtX99EZkF/hwVA/m+ZWFyKaQf65I10Lrw8NPtR/U:AS0BnKJxRhU+Z2C5I1aHZ
                                                MD5:451DC5C4148AB3A8EAC8A907C9A69D6D
                                                SHA1:987C5186E42D2D4E1E653572329C87EB2A276385
                                                SHA-256:960E7BB41BBEC376A006C92A43E301663DF76D56412292BACA7B9956E2BAF995
                                                SHA-512:2DD0AE8DF40A810F0109F6AE69C3B71B311189A15823AD0184F64252472546BF0BD6DBFF2BEBD1144273FFE5C88E8D67BEC638190BC1289A1B4BBEDC680E790D
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=0&byteend=823
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd.....r_.r_...D....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd.....r_.r_............................................................@..............Tmdia... mdhd.....r_.r_...D....U......-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a.........................D.....)esds...........@..............+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 235

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                Category:downloaded
                                                Size (bytes):10130
                                                Entropy (8bit):7.898797042918505
                                                Encrypted:false
                                                SSDEEP:192:rsDN63tbSJoajv0ilv1q29idFUNL8givbnPsj83M5z61jU9pnbBGU:rsDQ5SJLjv0iDH0rUNApjswMc1jU96U
                                                MD5:265DC767CB589E9E0A021BBF52A2A684
                                                SHA1:AA1CCAA1635030C87A507F5A2DC88F45EB4879CF
                                                SHA-256:9C7CFA840A46143F9E83E40B44CAB9D88051B85145ED32397F6DCF667D13F170
                                                SHA-512:9FF125A00099530EC5232692021BEBA780A5D33B03DE863D7612F0EDEA5B320E59E91153AABD577EC345A03E83AE6F09BF5D611720EDAE42B6DDD6AB5AFCEF44
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/425478622_803107061684058_7756145227518702986_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=FlZpkggWfPIQ7kNvgFXGwMR&_nc_ht=scontent-hou1-1.xx&oh=00_AYD1bicKhj_fDjkC0Jrc9uPzT9mc3-iPaH12TRxTtEkO7g&oe=668B1742
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a70010000de040000400a0000e10a0000a20b0000f51200002e1a0000421b0000201c0000f51c000092270000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n....".................................................................................................................................TQQEE..TQQEE..TQQEE...~\..o....0..8..2....z=.ciz*A"s'?zt5..<.....`...<..n.z.7..9I.I"'7C.G.m..9}.......Fs..1..9.jD....^l..........].dNF..D..C.....\...~..y.}&.+K. .W..:.w.o......n.......m...6-\..I..g..1..vy...9<...;\G3^...K.S..3.{..b.|.??..0S^1.[NB........m.:.<...#...........72...2v.!..b.G=...M.sK....s5..n.<....l~..I.N.IpG.db.#..$.....[Z.....{O..'.vuE.....|j....t.....x..5..8Yd.y.Y.5.%.i.....sY....5R..v.c...z:.././S>..w........JiI.M...uh..w+..6..VB...7...9.MKh..e*.yiv.mg.....=.f-..{.l:[..r..Ob..Zb.w0d....y....M[.D..9.......

                                                Chrome Cache Entry: 236

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):824
                                                Entropy (8bit):3.463762848528104
                                                Encrypted:false
                                                SSDEEP:12:ASNXSkouwKJRLrtX9OZkF/C/INA/m+ZWFyKaQi5I10Lrw8NPtR/B:AS4nKJxtC/m+Z2i5I1aHZ
                                                MD5:52006BFA036FB66D4B1ABA4E92B8F6CB
                                                SHA1:7CE7793647295B32EDB9E8FCAEC124C99EC15E3D
                                                SHA-256:E12CB70EA6B7061BACFBE6957370A65803B4CD62FDCBCBBFD8AA2EE805C82ED0
                                                SHA-512:30AB05E5A5F022ECCFB0A5C8E474EF2492A8B66422FCF10D94FCAC65F8FFF189F45A9C1CC88B8E7CAC6C60086029B21AA41C9D54C557A2106E0915B56095A950
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449705054_491731483514107_4213972426740765497_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=sfLLDPkRnaYQ7kNvgEmsM24&_nc_ht=video-hou1-1.xx&oh=00_AYDKK53K9bXolIEERe7J3ZqtehB6VIGEfx1JVnAXC5q7jw&oe=668B388A&bytestart=0&byteend=823
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd.............D....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd......................................................................@..............Tmdia... mdhd.............D...........-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a.........................D.....)esds...........@..............+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd.......... trex........................

                                                Chrome Cache Entry: 237

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                Category:dropped
                                                Size (bytes):1809
                                                Entropy (8bit):7.2111542821783745
                                                Encrypted:false
                                                SSDEEP:24:gq++GPc1sp/fv7JbiRdGPWAUxeuEQ0psyomP+UBVxW7hq7L3V30O37WcWCSjyYaA:gcGPiW/xHKITomGUDxK8/Jf37WyS5lFT
                                                MD5:92496D90FD3C0D736C65A63294C20B74
                                                SHA1:FA48B92A9B4938C899B4ECE4F404836DF113508D
                                                SHA-256:72506E3DD105CFBA8C736CDE337BD9721710563DABAE5D5EC36868AC84DA494B
                                                SHA-512:2DE985B33DF1D50F83510A04A69951CDC71F4A377DF034221F838FD1A2184C7B8902EAB22EBFBE8540A37142803BD86318FCF50CB13F2E622D9A81ED96A0A9EB
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6d010000e60100008d020000e00200004803000014040000dd0400001a0500006d050000c705000011070000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2..".............................................................................~...).a.q..T.K.`..E.#..\=.._SC..w:@f..(e.w.I....v.e..$[..._!..........#.............................1"#3..............u.v ..[.V......~$.Y!>5.y@Dglglg!z+C.........n...mm..Y.Y@d...........q..V..F.Mg....}....VH.E.d.u*,y.u.w....qQ.j...............................!..."........?...R..l....L..t../.|$......#.k.C3.....!..........................!.#1Q........?...N...[...4..?d....5,.9).o.(..U--....f@.G.............................!1A."2.#BQa.3Rq.............?...y.....>...J..Y.4a)CIQ...9......m5.{.3.u.....Mk).].Dlg+W..g@..v......Jwm.-...MX...&..~E..B...t.7Z.@.>.3....PS..LIhR.6..3..a-..bv,.R....c...+

                                                Chrome Cache Entry: 238

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):826
                                                Entropy (8bit):3.5372576493487236
                                                Encrypted:false
                                                SSDEEP:12:LuA47S5XSkouwKJRLrv9i1ckaPZOcRS+xtEK295I10HZ/UDM:LuAUScnKJLTPZVRS+CI1
                                                MD5:1BDB37C6FA0AA9E7446E809D8454C8FD
                                                SHA1:D3B514AA1A7D65B066FC2F7159A4E61AB68BA854
                                                SHA-256:87838240CAF884754AA8CE4AEAC57DA3CAC35CA66892CE31339FF762A27A750E
                                                SHA-512:2B1AB1A6D181165829585BF48E01D0F9EF6DDC4FC313B6E1C19D141AC3E66CD23C838B078176F4E111EE64BC1A0CE5187A319D54000BA2C7AEFE8710EEB9D5E0
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=0&byteend=825
                                                Preview:...(ftypmp41....iso8isommp41dashav01cmfc....moov...lmvhd..........<.....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd....................................................................@..............vmdia... mdhd..........<.....U......-hdlr........vide............VideoHandler....!minf...$dinf....dref............url ........stbl....stsd............av01.............................H...H.........AOM Coding.............................av1C.........$.7._....H....colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd......&.... trex........................

                                                Chrome Cache Entry: 239

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x370, components 3
                                                Category:dropped
                                                Size (bytes):23847
                                                Entropy (8bit):7.970889531509346
                                                Encrypted:false
                                                SSDEEP:384:pk9/vBvUN/9rc6fcpCykInDc0htZnTI+VPfm1Xh/bIASAx8yQq+hX:pmXF8/Vc6fcpPDJ1Uh/LnVq
                                                MD5:B162533E54EE1892B79DAA91BB03F0DF
                                                SHA1:BEBB5C3BBF9D13803CB8C5389200C9A3ED6F3D65
                                                SHA-256:5B70B76182A5CDAAE09643BDA38EAD63D257D6868F3E9239B3FDCC59E0C276AC
                                                SHA-512:B9AE31F7EFDE6FC470B5D77563D086F1555E8CC47B86EC7802D466C46826FA481009284BDC8594DF34FECA7C023F3DD926A506648E0B66D50F61C22A1DCBD720
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a70010000d008000001140000dd1600000919000031230000a6350000373700002d3a0000903c0000275d0000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......r.(.."...................................................................................4.4.4.D.chy..G........8....=.?.Y..N.|.'@.@1.. X..H.H.....#$...i ..g.......w.h.I.j@.LG.r...;%"...)."R$.DM+..(.4Yz.g..r%"Hd.,....q....?.d...N......w...._L..|.h..6....$. Q$y:..;.P...3Fl8.....63C.@..l..k..$..!zG..}.6.&..b..(.d. ..D....w.jqoX|cLwRq........I....J....Y:.bN..L$.#...n.}&o9=_+.3y.....#.[..G./>....)..A#.D..Z...LB.01..r..t..f......\.I!3.$.K*..Bn2M.)...m....UgL\...E.WGj....q.^.).........-.n.Y........,;<..,.@..P|.L...<.jn.:...h.1..A kZn..J...I..;9....|.......+t\.AfM......(..<.a....TvWz.<...X...W.A0I..DV.......@k....<.q.C,...6.....[..j.'.w3/.a.....5(.l..[f.....3....X...d.....]

                                                Chrome Cache Entry: 240

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):121862
                                                Entropy (8bit):7.990860964114745
                                                Encrypted:true
                                                SSDEEP:3072:7qYbwMGTR558yiaV+ZQvabYG0WQk216TeP7:7DbwMMPyyuZQvad056ST
                                                MD5:C0174143445BCF9C5DEFAE814CF8E99E
                                                SHA1:574EF2B272029DE8029CA6EDA9FFACEE75C06B1E
                                                SHA-256:29932478D93668E8E5F8878C3426E7337164F6E086955BCF5EE5E3C5A191FD5B
                                                SHA-512:B32AD8768F78EEE8375760EC45717149DE6CB1142413CA8D714EE32E8710861DB52781BD62EF05EFA9E3F2D67D20A9B190FEDD8F0A3405C890342B339F5E7E65
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=882&byteend=122743
                                                Preview:....moof....mfhd............traf....tfhd...*....................tfdt...........ptrun..................C...(\...............................O...............j..............*........................q.......6...............D..............+........v...............q.......Y.......k.......5.......P......#).......d.......................9...............,..............$9...............-...............................................g...............!...............x.......w.......O.......l...............^.......................T......._.......................|.......r...............g.......u.......X.......+.......F.......+.......D...............>.......-.......,...............-...............K...........Jmdat.....,.?.....$2.......X.../... .X.0...Q...3^u>..b2t.'O..LEFS.u..f+..t....o/...4.N.....m.U.Z.NE.....>24.{...#o..19..3..EA.<<..C...^.x......JA.....C...C...D*...l..q....U....lk..T.)..h.k....&.".I.)ey.).........R.6..R.............&)....'.Y..z..6..k.9/A."[.< ..s.!...Q.;p$+..L.

                                                Chrome Cache Entry: 241

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:dropped
                                                Size (bytes):33544
                                                Entropy (8bit):7.933515346032863
                                                Encrypted:false
                                                SSDEEP:768:NURJ6XTdnzSbxpHSfS23+yYMgu5zGfAjnofMNHqTJbtsNz1:N+J6DdnzSbxpH9Y+9MNCAD/sTJ6h
                                                MD5:39E7CA102A71D8DE8CBBC909A46EC44B
                                                SHA1:BE337412D3917A3532FB0C628801993DEF0491D2
                                                SHA-256:B35AD5E63D46863F3015DABB80F2D2145918659976C29D285926993ACF0B03EA
                                                SHA-512:BE8AE898B6A2EF07B1E480FA56449986EC5F4DDFE5B4FD508A0B2A5BB4C3D2EA6F28A09210FCFF562BC4947A3DC32D584E882A3319CB1010964FA27ED782F0E8
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f0100000a1700000a2c0000df2d00005a2f0000a03b00008f510000c3570000af5a00006a5d000008830000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."............................................................................................................................................................................................................................................................................................................................................................................................................................./.>............OD.....^.......n/h<g...y..9..x..5............_.4<.:G;...G..w.<......=).S.....i...y.CY..mz..}+.[>/_c&....[.....!._...}.....)...=.u....M.:..........Z..d>...xx.OG|..Y.N..c..@.........]..Dx.a.<.}X.o..[.8]=....O........5....M..8]..lp....W..<...q....r.".7ty

                                                Chrome Cache Entry: 242

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                Category:downloaded
                                                Size (bytes):1809
                                                Entropy (8bit):7.2111542821783745
                                                Encrypted:false
                                                SSDEEP:24:gq++GPc1sp/fv7JbiRdGPWAUxeuEQ0psyomP+UBVxW7hq7L3V30O37WcWCSjyYaA:gcGPiW/xHKITomGUDxK8/Jf37WyS5lFT
                                                MD5:92496D90FD3C0D736C65A63294C20B74
                                                SHA1:FA48B92A9B4938C899B4ECE4F404836DF113508D
                                                SHA-256:72506E3DD105CFBA8C736CDE337BD9721710563DABAE5D5EC36868AC84DA494B
                                                SHA-512:2DE985B33DF1D50F83510A04A69951CDC71F4A377DF034221F838FD1A2184C7B8902EAB22EBFBE8540A37142803BD86318FCF50CB13F2E622D9A81ED96A0A9EB
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t39.30808-1/289004470_580488300108017_2940314955690280756_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=FAMyFz7apqoQ7kNvgFhFiWn&_nc_ht=scontent-hou1-1.xx&oh=00_AYDHLxN6yljKnFv_vu2kY2lnm3xovL4hgUVuejOCJYaU0A&oe=668B2C89
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6d010000e60100008d020000e00200004803000014040000dd0400001a0500006d050000c705000011070000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2..".............................................................................~...).a.q..T.K.`..E.#..\=.._SC..w:@f..(e.w.I....v.e..$[..._!..........#.............................1"#3..............u.v ..[.V......~$.Y!>5.y@Dglglg!z+C.........n...mm..Y.Y@d...........q..V..F.Mg....}....VH.E.d.u*,y.u.w....qQ.j...............................!..."........?...R..l....L..t../.|$......#.k.C3.....!..........................!.#1Q........?...N...[...4..?d....5,.9).o.(..U--....f@.G.............................!1A."2.#BQa.3Rq.............?...y.....>...J..Y.4a)CIQ...9......m5.{.3.u.....Mk).].Dlg+W..g@..v......Jwm.-...MX...&..~E..B...t.7Z.@.>.3....PS..LIhR.6..3..a-..bv,.R....c...+

                                                Chrome Cache Entry: 243

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                Category:dropped
                                                Size (bytes):1839
                                                Entropy (8bit):7.170380668946469
                                                Encrypted:false
                                                SSDEEP:48:gsiWwlzaFyNt+oYqDB6tfM6rvBPuIs1t0If3:bst+oYqDB6tTrvsr1KO3
                                                MD5:2E075E2261E2EEA112B5086BFB5A71F9
                                                SHA1:982776D69594043BCB6B28FC92810BEB5921E513
                                                SHA-256:C8F9C904269A8C10537A147F25326507A836C2EA68BCE17CA7C82FABF951D1CB
                                                SHA-512:3F98E254D0C8334B0EB9C97B08ADFA50303622FBC298DDF532F99B146FB92CB502EAF050EE339D7F132372E5F66174B6B96B752B4DC4F1ACB8E2FFFC2A2203DA
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e010000e00100008e020000c80200001003000006040000f30400002905000067050000ae0500002f070000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2..".............................................................................;5.J.Y.x.+y.o(...lJ.wIV.+..|..&...E...G....!.........{.....]..."............................"!23..........m.JV.9........-..+..[.. .Z .dCY.o$...j......3.......[|.....m...l..U...j;...[c!gL.&..n.?.....K.%........!.G.H(.i?f...#F"l0............................. A........?..@..3|..amhiD..?............................1A!........?.r.......dc..m.f.H}.....'.......................!1AQ..."q.2B.a........?..o.K\49.{.....>I......5...b..cc.4..m.[bMFEVU.l.....m.~..Bj`J.b2!.W...J..=..m/"....nq.#o..K....Bf..G.....i.DRX.......E.......A..OO..&6m.:.$.Ady+#..hT.DMz.W...r.S3Y....iEhc).vZ.` ....>cWh. qs..S...!.

                                                Chrome Cache Entry: 244

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                Category:downloaded
                                                Size (bytes):1674
                                                Entropy (8bit):7.072573723766955
                                                Encrypted:false
                                                SSDEEP:24:gqLivCc1spON7OrW3PNRaNNpD2y+iiTwDf3STr3SPRqsjkzkLNVPg0BqXj1AMtS5:gmjiWYFR82i2wDfYr3OquLRByj+MADKU
                                                MD5:99B276D01D84A3DE37B518FA520195C0
                                                SHA1:8B28FDF9B9CAEC0364DEB1B646C2FD743B70C996
                                                SHA-256:925F98D748A546A72BCEF2C42A99C6333366186F71255DE927909FD114DB225C
                                                SHA-512:DA8A4D343054EDFB7BC6F4C67B4B3F5641D1E72EAFE8992A173500707315D023358A7A4277BA6C02DF755A31784DB6FCFDAE54B0FDE9EEF4C1EEC0D592DF1228
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t39.30808-1/448001140_758484949781403_5707096694857716649_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=0Zt0Nck3CcoQ7kNvgFdqAzb&_nc_ht=scontent-hou1-1.xx&oh=00_AYCLXqyxsipKvT3Xhku9bViUG-gAfXoGcoNY5BLzS1sHOw&oe=668B2981
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6d010000dd01000083020000ba02000000030000d30300008f040000c6040000050500004a0500008a060000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."...........................................................................D....c...I.0.``.a.......N.{*..........N..Z...*..x1.i...p.....#... ...........................12A..........ao...G.II.H.q.9O..1"0...p.ShH.....%....U..L...UR..N.f...*T/..+..f..% .....1..}..Ds+....j....u.leVi(..~>..5....'.|/.....?........................... !1Aq........?.TI..H.Y................................1..!AQ........?.{.VX.0i]..-Mxs*?...*.......................!". 12AQa..#3Bq..........?...).c.6:f9..m.._"6..s.q.|....C).8...ly...M.\i.b.#..Z..}'..`..%jH..q..i.....O........<..Z.D...q......+Rr..53EBXqa..;.......'...>]Q.\A.z..l3.x.]U...}4.l...g...$....................!1AQa.q...............?!j..l..o....

                                                Chrome Cache Entry: 245

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):826
                                                Entropy (8bit):3.502424085444056
                                                Encrypted:false
                                                SSDEEP:12:LuA47SRXSkouwKJRLrv9eckp2ROcRS+xtEqy95I10HZ/c:LuAUSUnKJLdRVRS+OI1
                                                MD5:FA536F383C65C192463E988524DFFC55
                                                SHA1:044CE1120A4A2210A1243B4778D05BF712CAD50D
                                                SHA-256:6C229C1BCA271C9E1D92237EAFA7EA9CB3A67810E9E9A526398ED00AC4B78EF3
                                                SHA-512:FB901BB3BDE44E3B85BE90B4A841F2847195FD4A1688D6BF5EE9BD3C19C83448D3E5E8C6A71E354DB6FFF8662ED33F0B9E827BEFC607B09BF3D1CD964D952FAF
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=0&byteend=825
                                                Preview:...(ftypmp41....iso8isommp41dashav01cmfc....moov...lmvhd......K..K..<.....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd......K..K............................................................@..............vmdia... mdhd......K..K..<.....U......-hdlr........vide............VideoHandler....!minf...$dinf....dref............url ........stbl....stsd............av01.............................H...H.........AOM Coding.............................av1C.........,.?./....$....colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd......8.... trex........................

                                                Chrome Cache Entry: 246

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):824
                                                Entropy (8bit):3.4401221017922103
                                                Encrypted:false
                                                SSDEEP:12:AS0wXXSkouwKJRLrtX99EZkF/hwVA/m+ZWFyKaQf65I10Lrw8NPtR/U:AS0BnKJxRhU+Z2C5I1aHZ
                                                MD5:451DC5C4148AB3A8EAC8A907C9A69D6D
                                                SHA1:987C5186E42D2D4E1E653572329C87EB2A276385
                                                SHA-256:960E7BB41BBEC376A006C92A43E301663DF76D56412292BACA7B9956E2BAF995
                                                SHA-512:2DD0AE8DF40A810F0109F6AE69C3B71B311189A15823AD0184F64252472546BF0BD6DBFF2BEBD1144273FFE5C88E8D67BEC638190BC1289A1B4BBEDC680E790D
                                                Malicious:false
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd.....r_.r_...D....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd.....r_.r_............................................................@..............Tmdia... mdhd.....r_.r_...D....U......-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a.........................D.....)esds...........@..............+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 247

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (1694)
                                                Category:downloaded
                                                Size (bytes):30637
                                                Entropy (8bit):5.379716376439597
                                                Encrypted:false
                                                SSDEEP:768:ciVQqn5YPB1v2C82vd9BvjT4spXo6PVS+B3BWvJB6VSiV:cYYn2CzBvjT4GHPD00V
                                                MD5:1522EC1FD2855DE971E2341EA0A137BB
                                                SHA1:2E7564BBD084594968A105D2EBA5053A69F51F48
                                                SHA-256:B942FFA89D4E8337AE16D76A6D571DC0652D28D179D5B1BE9456D6967431FAEA
                                                SHA-512:5D35B151BE7A2D0D46E326A058622DF12FAE12687F0BC78C3E89CC1F65BC9043FEBE513FFAEF812BCEAB340F27EB16642545AE7AED4FAB1C820F9A76E2CC8619
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.ZU1EFvXsC20.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAgJYBMgM/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEfiLuEnjxYrdf-rk4qPrRacOxopQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{.var Bqa=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.An("//www.google.com/images/cleardot.gif");_.Ln(c)}this.ja=c};_.h=Bqa.prototype;_.h.Jc=null;_.h.UU=1E4;_.h.Nx=!1;_.h.fM=0;_.h.pG=null;_.h.QQ=null;_.h.setTimeout=function(a){this.UU=a};_.h.start=function(){if(this.Nx)throw Error("lb");this.Nx=!0;this.fM=0;Cqa(this)};_.h.stop=function(){Dqa(this);this.Nx=!1};.var Cqa=function(a){a.fM++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.Ik((0,_.vf)(a.dE,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.vf)(a.tda,a),a.aa.onerror=(0,_.vf)(a.sda,a),a.aa.onabort=(0,_.vf)(a.rda,a),a.pG=_.Ik(a.uda,a.UU,a),a.aa.src=String(a.ja))};_.h=Bqa.prototype;_.h.tda=function(){this.dE(!0)};_.h.sda=function(){this.dE(!1)};_.h.rda=function(){this.dE(!1)};_.h.uda=function(){this.dE(!1)};._.h.dE=function(a){Dqa(this);a?(this.Nx=!1,this.da.call(this.ea,!0)):this.fM<=0?Cqa(this):(this.Nx=!1,

                                                Chrome Cache Entry: 248

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):17876
                                                Entropy (8bit):7.83372613335877
                                                Encrypted:false
                                                SSDEEP:384:RBE0km54eEi/G473NWLga+Cs13aPxzm21wkN6n08tbiiI:QI5LGeZ3a5zm21w46n0l
                                                MD5:C548B3D094F5B471E831DEA7B82E103C
                                                SHA1:5C6B6ADE69B8474429EAAEB128C0F185351249AF
                                                SHA-256:7D82D819993027C2BE13CF8EA9BF7E9FC2B3339E59344658DE8D3F1B7D9DB6C2
                                                SHA-512:8485DB91E7E94395D0CA12DE7B985406CAB4685969EE15C5F00FB106C86F1C05111B44F32B36B179F3DB8C9D9C98EE92D55EFB2E062E6DCB5AE64044F145F347
                                                Malicious:false
                                                Preview:...Dmoof....mfhd...........,traf....tfhd...*....................tfdt............trun.......2...L...U...U.......................t...V...@...Z.......2...-...2.......U...?..."...T...I...,...8...>...H...?...H...=.......j...y...\...]...T...(.../...........V...K...5.......6...)...........'...(...(........sbgp....roll.......2......D.mdat!.E..P.F.M..<.@.............................................................................................................................................................................................................................................................................................)iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiix!+O........jL'.H....)@.........T..7h.T...........o................................................................................................................................................................................................................................................................................!KKK

                                                Chrome Cache Entry: 249

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                Category:dropped
                                                Size (bytes):5430
                                                Entropy (8bit):2.6465732373896285
                                                Encrypted:false
                                                SSDEEP:24:Es5ed8vZa+/kffJTyN5J5iXSvjDxatgFFjiZq1MJUikeVgl2fwFfBaTzh4mpCbak:2fq3OqXAzh4jaJV9HxG8Q
                                                MD5:3E764F0F737767B30A692FAB1DE3CE49
                                                SHA1:58FA0755A8EE455819769EE0E77C23829BF488DD
                                                SHA-256:88AE5454A7C32C630703440849D35C58F570D8EECC23C071DBE68D63CE6A40D7
                                                SHA-512:2831536A2CA9A2562B7BE1053DF21C2ED51807C9D332878CF349DC0B718D09EEB587423B488C415672C89E42D98D9A9218FACE1FCF8E773492535CB5BD67E278
                                                Malicious:false
                                                Preview:............ .h...&... .... .........(....... ..... ..........................................h. .f...............f...g...d.@.........................`...e...f...f...............f...f...f...e...p...............`...f...f...f...f...............f...f...f...f...f...p...........e...f...f...f...f...............f...f...f...f...f...e.......d.@.f...f...f...f...f...............f...f...f...f...f...f...h. .e...f...f...f....U..........................y'..f...f...f...g...f...f...f...f...............................U..f...f...f...f...f...f...f...f..................................f...f...f...f...f...f...f...f...f...f...............f...f...f...f...f...f...f...f...f...f...f...f...f...............p...f...f...f...f...f...f...f...f...f...f...f...f...................d...U..f...f...f...e...h. .f...f...f...f...f....d......................f...f...f...h.@.....f...f...f...f...f...f....t.................f...f...f...........p...f...f...f...f...f...f...f...f...f...f...f...f...`...............p...f...f...f...f

                                                Chrome Cache Entry: 250

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):92
                                                Entropy (8bit):2.598712188490132
                                                Encrypted:false
                                                SSDEEP:3:vBltcXSgck5bfXFllo/llE+P/llGfH:ZlOtp
                                                MD5:124800A586FDFF3413F84E5049C8CFEA
                                                SHA1:61F602AACCE7889AE580DA9947F04F0D5F74F935
                                                SHA-256:E8E0F514FE814FBEF4FB4766397C64341858B250500E0E164DDF48AF6E020E11
                                                SHA-512:147FF0DFDF66852EC2578E70B5932CA7829068F3B65FB22DC59873FEB34806D5A0E27DDD2FC254693C7DC84A05F26F1CB87896F12030ED3BE4ABCC719B87CFC3
                                                Malicious:false
                                                Preview:...\sidx...........D..............E...\>......@K..X.......?...X.......?...X.......5R..#.....

                                                Chrome Cache Entry: 251

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):826
                                                Entropy (8bit):3.5057593003377163
                                                Encrypted:false
                                                SSDEEP:12:LuA47SFXSkouwKJRLrv9W1ckp2VOcRS+xtEqy95I10HZ/i:LuAUSwnKJLBVVRS+OI1
                                                MD5:FC1E726542FFC4C1919F9AD38CF6EF7A
                                                SHA1:B1E52AF6D074EC43B153ADE3AD83DD51DF155F74
                                                SHA-256:27AF84BF7D4C3223768B979FFCD3347D73BB667B55B233213AAD939EBB524CDF
                                                SHA-512:9A7D0E79F3F62E8DB67311192E0F90B92178A05E2DA4391F272EFD83ED42540ED1186C1E4A6FAB58B7CE7535009661987A198E01EC2CC9D06012DA8AF6C14E5D
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=0&byteend=825
                                                Preview:...(ftypmp41....iso8isommp41dashav01cmfc....moov...lmvhd.....~b.~b..<.....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd.....~b.~b............................................................@..............vmdia... mdhd.....~b.~b..<.....U......-hdlr........vide............VideoHandler....!minf...$dinf....dref............url ........stbl....stsd............av01.............................H...H.........AOM Coding.............................av1C.........,.?./....$....colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd......F.... trex........................

                                                Chrome Cache Entry: 252

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):17936
                                                Entropy (8bit):7.829903465908229
                                                Encrypted:false
                                                SSDEEP:384:iOkIZ2ET+xrj7vkS4o3Rq5AAN/lqYPWyWHlgmFq2lUkEGnMo6:77QQIjbkS46Rqn5+yWKd2lUUG
                                                MD5:D70F94689D8A16C52AA1253E1FC79E68
                                                SHA1:60E3D77CC1715C86A98928F703BAEE4C3238931C
                                                SHA-256:A0CA819821CC4A636A6D7E99E82C8EFF2A07EAF214306997F617DAA53BCCDB76
                                                SHA-512:C7FF6D1EBCFC19D183F83C947056A7DEA95AB1CEA7D7CBF334993177918CAD35EBA08A18C2F928A78E0233D4BFCD8B69F24111427256E178782BDF1DD751C97C
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449705054_491731483514107_4213972426740765497_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=sfLLDPkRnaYQ7kNvgEmsM24&_nc_ht=video-hou1-1.xx&oh=00_AYDKK53K9bXolIEERe7J3ZqtehB6VIGEfx1JVnAXC5q7jw&oe=668B388A&bytestart=928&byteend=18863
                                                Preview:...4moof....mfhd............traf....tfhd...*....................tfdt............trun...........<...s...t...................i..._.......................f...n.......R...^...Y...C...N...V...W...q.......................{.......e...O...M...a..._...d...k...z...c...........q...x...l...c....sbgp....roll..............D.mdat!.E..P.F.=..<.@............................................................................................................................................................................................................................................................................................D)iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiix!+O........jI'....R.......$.0 ..JJ..n..@.............ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

                                                Chrome Cache Entry: 253

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                Category:dropped
                                                Size (bytes):13193
                                                Entropy (8bit):7.937059839980475
                                                Encrypted:false
                                                SSDEEP:192:vOz7S95aQvDj26B/HIx1bJ0+bFc78GUWymohjX95DBRBrqsATHDvVAN+JfXEYMKY:vO3NGjZRHIQwGh4hTosArDvLrM2Cln
                                                MD5:8BD4799426CCA5BEFA39EB04F75A99C8
                                                SHA1:42A50556D8FEEA8110F13D9BBE1A386AB2A178FE
                                                SHA-256:0E24F090E541F49474B9353348FE5ED649034EF626D68ADA7D2188B5ACFC09AD
                                                SHA-512:67245DE1DD87711C8C4F5988259B230DF13C4C834DE96FFA167C1630F014415B66D8B7B79D42790CF72DF746A833647BEECF9D7A3720FF91E7751C4FB247EAC5
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f010000fb040000730a00000d0b0000c30b000083140000cf1e0000e81f0000e3200000ed21000089330000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n...."..............................................................................X....2.".4......`J...0p.............vd0...............dBs2..bnRa.t.\...$.#(....r.9.....*.:$9.f.=/_.....r|..}C..r/.;....D.|rr./.rpW.y.<..z=?*....Si....9.?.uy41..9..+\Ko.........;....|...>]/}.>I.........N......X...P6f...."N"K...J.(.Z..{n.|....#I.....VQ.Q'$[..}..3.g..3._.........M...0..@1......l.d!....11...e...*l....b..$.C.0. 0....1.c.1A...1...........*l..!...&2.U.b..W.."`.aX.b. .&.Cj.<....h...x......p:......C.4.l.Lj..-..rz.\.....<:3.....'w.C..!..H.5.|"....!|I.~....o.y^.+8.7...l.Y.....WT!..O*g..\.)..%..s...<^MZ........D....oP8.w#g...g...V.5,.r.*.....K...}.8.t....MD.....I.Ii..b.;.+=..<.R....

                                                Chrome Cache Entry: 254

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
                                                Category:downloaded
                                                Size (bytes):52280
                                                Entropy (8bit):7.995413196679271
                                                Encrypted:true
                                                SSDEEP:1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
                                                MD5:F61F0D4D0F968D5BBA39A84C76277E1A
                                                SHA1:AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
                                                SHA-256:57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
                                                SHA-512:6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
                                                Malicious:false
                                                URL:https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
                                                Preview:wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.*',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.|*(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.5*1w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e*......71.?.7.ORv.?...l...G|.P...|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....|..D.d..

                                                Chrome Cache Entry: 255

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (2362)
                                                Category:downloaded
                                                Size (bytes):233234
                                                Entropy (8bit):5.461099651008011
                                                Encrypted:false
                                                SSDEEP:3072:WSX0CBd2Buj8T4HvzoHfKxTadov0roCsu29d4XB:WA0CBd2BhT4EHS8rYEXB
                                                MD5:E7BF0144402B0EEFC94CCABCC21AA844
                                                SHA1:A2F60F7DBEC6AD86213569F6378416F9D30BFDD2
                                                SHA-256:0E5B31C3E9572181BA1E2636C6F00D35C8B4CD175926AD98290A3C7DD326CD9B
                                                SHA-512:1BA90D5B5CB8573FA7A9FC77C1FBC3E48F7D20F47C5839226E2432B1B054A25C00F5549245DFC5C5666EA0456E5DFE25D0D5829D9B84B61E0FD1164DFC60A026
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.ZU1EFvXsC20.es5.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAgJYBMgM/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlH54BG8v8nODFaRpPlVprlo7CMoqA/m=_b,_tp"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x818601e, 0x51ce74, 0x739cf10, 0xa500f8, 0x321, 0x0, 0x19680000, 0xcc80, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT.*/.var baa,eaa,haa,laa,Va,Xa,Ya,maa,naa,Za,oaa,paa,qaa,db,vaa,yaa,vb,wb,zb,Iaa,Kaa,Oaa,Wb,Xb,Qaa,Raa,Waa,dba,eba,iba,lba,fba,kba,jba,hba,gba,mba,pc,rba,sba,pba,tba,xba,yba,zba,Dba,Eba,Fba,Gba,Hba,Kba,Xc,Nba,Mba,Pba,ad,Zc,Rba,Qba,Uba,Tba,dd,Xba,Yba,aca,bca,nd,dca,eca,Ed,md,rd,rca,oca,sca,tca,wca,yca,zca,mca,Lca,he,Nca,ie,Oca,Qca,Sca,Wca,Xca,Yca,Zca,bda,dda,kda,lda,mda,qda,zda,vda,Cda,$e,Fda,Gda,Hda,Kda,Mda,Pda,Qda,Rda,Sda,Tda,Wda,Xda,Yda,dea,fea,gea,hea

                                                Chrome Cache Entry: 256

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:HTML document, ASCII text, with very long lines (687)
                                                Category:downloaded
                                                Size (bytes):4140
                                                Entropy (8bit):5.371702264924607
                                                Encrypted:false
                                                SSDEEP:96:GPWUbFMvF/ygbQgs8qUoaCyPj8LvUe8tOFw:SWIF1R8qUVCywzzgt
                                                MD5:7DD911B1022E2F37811F8AAEEB74862E
                                                SHA1:36F79706B7E839CFF0DE16EE9CC7B026EE5019A2
                                                SHA-256:DD48C9475C9D2B02ED29382E9DD32791D671004BB217DB0B0F6750DA3011CD66
                                                SHA-512:03996AD04C65D47A9C364C63AEBCB3F58F41CCCE4DAD70840316853BEF2967A38797744FE62BFFF418B799EC71476DC6B49CFE3053F2B9BEBE62CF5A30EA7847
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.ZU1EFvXsC20.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAgJYBMgM/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EN3i8d,F6sNGb,Fndnac,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,VwDzFe,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,lRrMHd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,r1n9ec,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEfiLuEnjxYrdf-rk4qPrRacOxopQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
                                                Preview:"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.xf(_.Joa);._.k("sOXFj");.var Wq=function(a){_.J.call(this,a.Fa)};_.B(Wq,_.J);Wq.Na=_.J.Na;Wq.Ba=_.J.Ba;Wq.prototype.aa=function(a){return a()};_.Pq(_.Ioa,Wq);._.l();._.k("oGtAuc");._.Dua=new _.Ce(_.Joa);._.l();._.k("q0xTif");.var Bva=function(a){var b=function(d){_.Wl(d)&&(_.Wl(d).Cc=null,_.ir(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},ur=function(a){_.up.call(this,a.Fa);this.Pa=this.dom=null;if(this.Ei()){var b=_.qk(this.Of(),[_.Ok,_.Nk]);b=_.vh([b[_.Ok],b[_.Nk]]).then(function(c){this.Pa=c[0];this.dom=c[1]},null,this);_.Jq(this,b)}this.Oa=a.Ih.Y8};_.B(ur,_.up);ur.Ba=function(){return{Ih:{Y8:function(){return _.nf(this)}}}};ur.prototype.getContext=function(a){return this.Oa.getContext(a)};.ur.prototype.getData=function(a){return this.Oa.getData(a)};ur.protot

                                                Chrome Cache Entry: 257

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:dropped
                                                Size (bytes):85137
                                                Entropy (8bit):7.986488728379044
                                                Encrypted:false
                                                SSDEEP:1536:I/zcB7y9MUHdqhmXv27IWYykApHRtlY+ubEQfZwJULjZjaU0s0HfZbYMo/SU:2gBAfHdqUf2syRztapEQfdBaZbHh83/9
                                                MD5:F0F4CD406BFCC70C2290E22914E312BA
                                                SHA1:BC2A0F973188ADE5E0DE624F3D065976B48EB06C
                                                SHA-256:7E33CA21ED8160050AF76BB08B3B1731E341A91F6D7780B286CDD0064C56F59A
                                                SHA-512:D315E86496E394D88C207CD2977A404375195AC0D8634ACD0AADD484669728689F9460AB165B838374CDCA403DF7636A600FD45AF251959BC1C7548C317651BF
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a710100005722000048570000e75d000031670000a38e000033cd000070d3000045dc00005de60000914c0100....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".................................................................................wRk.+.,2..T,.a.v..nYQ_W..E..N...hS.3h.......?...jr8T(.P.;..c.....g ..Q:..>k.7V^~...'.R\.....K ........;<.[.".....N..p@nzh7...{.,S.... N.V.]Ys_....a...X:*..1...AY...O.Zr)m.v?.5..N.P.T.(.I.E@Dw......O..g{..?...t.....,.,+...F...Z..I..Hd.\...H....y...st.E...bi..kd.....9..Al.wR....[.........xs.Z..pf...S.........]7....cyT...&R"...X.h...0.,.g*.j.8......"3=....!..$r.J$r.Z..'..k.9..>.5j.V.oI...|...F.cgH..<.),Ww4w.H..H.E..I..9.G ".3.xi.Pb.$..a....$N..G$4...H......l...+M....H.trGI...D.87)..Fr.....M..N...z.8...A....F..H ......h.a.K...W..NkNTo..c2.D.d.idu.....,..n..J....&.O+#GsL.YC.EY

                                                Chrome Cache Entry: 258

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):826
                                                Entropy (8bit):3.575104636447861
                                                Encrypted:false
                                                SSDEEP:12:LuA47SHJXSkouwKJRLrv9iXckaPKbcRS+xtEKW95I10HZ/yc:LuAUSsnKJL3PHRS+iI1N
                                                MD5:04EA4A0CFE34DF4030E83B150EB9C1D5
                                                SHA1:B5477B732C4C3C9A259F22246461BBFEC4DE5022
                                                SHA-256:919AB28F0F430671063F1EE27E5C334934AF9BAD544097E6FA1E1B3C1A388C0B
                                                SHA-512:91FA162A232B41DC10068EA64E92BA41B623D897090380758E115250056856E189356BBC86BDB91F759279B4854812A73AEEA62CA0EB3AE068FC7FACBFC11FCA
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449398058_1195349098256604_9067563155065100939_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=RPfSCQmAkSEQ7kNvgHESxzA&_nc_ht=video-hou1-1.xx&oh=00_AYAak_kjDxITytKA-YmtmzcobE-dl2vtODfyGcf9jMUsaA&oe=668B1B33&bytestart=0&byteend=825
                                                Preview:...(ftypmp41....iso8isommp41dashav01cmfc....moov...lmvhd............u/....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd......................................................................@..............vmdia... mdhd............u/....U......-hdlr........vide............VideoHandler....!minf...$dinf....dref............url ........stbl....stsd............av01.............................H...H.........AOM Coding.............................av1C.........$.7._....H....colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 259

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):68
                                                Entropy (8bit):2.4280634374780274
                                                Encrypted:false
                                                SSDEEP:3:HBltIl0Im+9Uorl:hl20J5ox
                                                MD5:5142458CD74AFC410F1EABC9CA42BD4E
                                                SHA1:355CB06A563BBF0A7AEE744762551B99DF3545E5
                                                SHA-256:5906CAA1B3AA4DCD879971D426BBBFAACD0E4CB07D12B174D887C26652262A37
                                                SHA-512:2CD7875ACD5662DB955BB1CD2A3504FC33900AC3B76CF08B89603217281D5E8384097F169928652D6AC93485E96EA50D28E363471C5C71188E6054A23B02CFAE
                                                Malicious:false
                                                Preview:...Dsidx..........<...................,.......>...,.......7~........

                                                Chrome Cache Entry: 260

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):80
                                                Entropy (8bit):2.5984822215897525
                                                Encrypted:false
                                                SSDEEP:3:rBltIl3A19c52l1+NWCdgnzl/:Vl2A+52l1+NWlx
                                                MD5:FB6977B3AF34CDE98103125C26C95CBA
                                                SHA1:9E077564E06C7E23A074013831A2371DB47BFD61
                                                SHA-256:6381FFA1526250A7E3F72F9D06D9EB3E8C93301C90018E90886096F31340A729
                                                SHA-512:42C8EB59E54764ED8A6ECA68BF469DDBC86234341E6E85548A3C7849DD353A065233F910A1ACCBFAA779D403647C8A6A7F2151D536DB6032887BF7EFAE27FF13
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=826&byteend=905
                                                Preview:...Psidx..........<...................,...........,..........,...........T.....

                                                Chrome Cache Entry: 261

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):84509
                                                Entropy (8bit):7.977531627673982
                                                Encrypted:false
                                                SSDEEP:1536:k/F0PagL58JL2w3fishRCz//TDBC5QwjzE0/18TeUu3CuJXIph:k2agLsCyqYRGC5QwjzROTeUkYph
                                                MD5:0D531A1AACEEAFF6E8C152F8FA77C332
                                                SHA1:7419F57DFEE5419B8C0391D528FE77B7BDD623C0
                                                SHA-256:73BEBDAF98038A2AABAF7AAD95ED0B8B809CC0FCA89C77C2A61BA367C5417DC7
                                                SHA-512:8CA9073A6DCC6B8B7920F033CCA8AF49CB36EE3A401A4617F87562A7D3A5E37E2FE4421A0886827258DCE533215A568571BA3BDBF766591E1F2D12CB88153DC4
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449749398_919410706654359_5930299620981928735_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E2MCIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=rOrpAmpg2qEQ7kNvgHrh-6Y&_nc_ht=video-hou1-1.xx&oh=00_AYCTXVxhfNzeBOavxbvCAUwoD6y6ShLZHvezDgM-zVRHrg&oe=668B327F&bytestart=906&byteend=85414
                                                Preview:....moof....mfhd............traf....tfhd...*....................tfdt...........ptrun..................)....................................................................................*.......................................`...............O.......j.......V.......".......................Z...............Q......./...............^.......a.......................................)...............>...............T.......*...............................L.......F...............................................................F...............?..............M........7...............4...............0...............'...............&.......{.......9...............)...............>...............;.......<..Gamdat.....$...._2...H2.R........ ...'... ...M.P.~..K.h.F0+....[A/.5u..3.B.[w."~=.=..s>..ZD.VX7.....<,..&B.{....I...?&..KrI.....2.vA.g...Pc....Sn_..H..[..+.o.T.P..s..$Tn.U+.H.....~...y.q4...z[..M..._4..;..S...x...@...%...-e.eCt.8.}HZ.k......&0le.-...t..SA..[.....f..o.0/ .h7.h.1OF..?z.

                                                Chrome Cache Entry: 262

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):68
                                                Entropy (8bit):2.4280634374780274
                                                Encrypted:false
                                                SSDEEP:3:HBltIl0Im+9Uorl:hl20J5ox
                                                MD5:5142458CD74AFC410F1EABC9CA42BD4E
                                                SHA1:355CB06A563BBF0A7AEE744762551B99DF3545E5
                                                SHA-256:5906CAA1B3AA4DCD879971D426BBBFAACD0E4CB07D12B174D887C26652262A37
                                                SHA-512:2CD7875ACD5662DB955BB1CD2A3504FC33900AC3B76CF08B89603217281D5E8384097F169928652D6AC93485E96EA50D28E363471C5C71188E6054A23B02CFAE
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=826&byteend=893
                                                Preview:...Dsidx..........<...................,.......>...,.......7~........

                                                Chrome Cache Entry: 263

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):365828
                                                Entropy (8bit):7.998193233283559
                                                Encrypted:true
                                                SSDEEP:6144:NI+DUU6KcRhlWH8leSSLshB2Ot3ilv6vV3+H0/SSm9gukgevTbce1ix:g7RnWH8ozsf2Oolv64H0uKfgne1ix
                                                MD5:30FC3465655DD0F4137647687EAA3969
                                                SHA1:A40E7C11386BCED6003040000E0E0D2EB9FC048E
                                                SHA-256:C3B408A94BAFCC7E6271A08DEE306BE07D8C8BE8DD1513BF5F66D64616CF05EA
                                                SHA-512:71510846A31BA4BB0729C8937F4CB4176C1575737795AA1FC31CDC8317C147B08807BB2AF5E79FC059534A3A86EA821412BD8C1FE1212EE8D9FD854852E63B8F
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=894&byteend=366721
                                                Preview:....moof....mfhd............traf....tfhd...*....................tfdt...........ptrun...................H../x...............)...............C.......-.......s..............J...............................................................K<...............N.......e.......1...............%..............W........?...............*...............................?......O........2.......1...............w.......................I......L........................s.......Z..............................D........................^......$........................$......P............................... ...............................Na.............................."........v.......).......J......'................^...Hmdat.....$.7._2...H2...........0...'... ....Kr..e.x......^u.YL9.....;d..>r...F.w<....1...@......Y....f..o.<N&.$.H...).-.../.>....ls./..5.`.H..$.B.u.J...g../.yhN...........s.&>.......,c....R..<r[...........}.-...?m.. .....w.....{.....:Z....;=..6;+.Z.....XO....6..=..<....R....%.*.Y2.

                                                Chrome Cache Entry: 264

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (10908)
                                                Category:downloaded
                                                Size (bytes):61963
                                                Entropy (8bit):5.693029963979855
                                                Encrypted:false
                                                SSDEEP:768:f536tv3uKgHom3WEDwxLm17Fljq/ZUBs86b63joPoq/LxRRb1ScWmx:f5MuKgHJmEcaehgsFb8joPrxRRbElu
                                                MD5:2F63E69E3474F63DF528AC53EB51BA2E
                                                SHA1:4AFFAABB7DC56CD227FF8B2ED28FEE9815D72F30
                                                SHA-256:0ECD8220939E90800658543FE1644A41F8080ACA6A11364E484520A358B3AB78
                                                SHA-512:BB17A5800F18CA56F174FC03F40C042E53EAF19C1B1D50BBFFEF7557C5960DBAE143ADD800D86C48F19D8BDA9515A208DC4E3F23C3157F413DAC70CD53158CA2
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3iWd-4/yP/l/en_GB/M-AHdbpN8xr.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/..__d("ActivityLogMenuOption",["$InternalEnum"],(function(a,b,c,d,e,f){a=b("$InternalEnum")({ARCHIVE:"archive",AUTO_ACTIVITY_TIME_WINDOW:"auto_activity_time_window",AUTO_ACTIVITY_OPT_IN:"auto_activity_opt_in",AUTO_ACTIVITY_OPT_OUT:"auto_activity_opt_out",BAN_USER_FROM_PAGE:"ban_user_from_page",BLOCK_APP:"block_app",DELETE:"delete",DELETE_GROUP_CONTENT:"delete_group_content",DELETE_NEIGHBORHOOD_CONTENT:"delete_neighborhood_content",DELETE_HISTORICAL_RELATIONSHIP:"delete_historical_relationship",DELETE_POA_SURVEY:"delete_poa_survey",DELETE_PREVIOUS_CONTACTPOINT:"delete_previous_contactpoint",DELETE_SAVE:"delete_save",DELETE_USER_EVENT_CONNECTION:"delete_user_event_connection",CLEAR_SEARCH_HISTORY:"clear_search_history",EDIT_EDUCATION_WORK:"edit_education_work",EDIT_RATING_AND_REVIEW:"edit_rating_and_review",EDIT_PRIVACY:"edit_privacy",FEEDBACK_ASSISTANT_HISTORY:"feedback_assistant_history",FORGET_RECOGNIZED_DEVICE:"forget_regognized_device",HIDE_FROM_TIMELINE:"hide_from_

                                                Chrome Cache Entry: 265

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):121862
                                                Entropy (8bit):7.990860964114745
                                                Encrypted:true
                                                SSDEEP:3072:7qYbwMGTR558yiaV+ZQvabYG0WQk216TeP7:7DbwMMPyyuZQvad056ST
                                                MD5:C0174143445BCF9C5DEFAE814CF8E99E
                                                SHA1:574EF2B272029DE8029CA6EDA9FFACEE75C06B1E
                                                SHA-256:29932478D93668E8E5F8878C3426E7337164F6E086955BCF5EE5E3C5A191FD5B
                                                SHA-512:B32AD8768F78EEE8375760EC45717149DE6CB1142413CA8D714EE32E8710861DB52781BD62EF05EFA9E3F2D67D20A9B190FEDD8F0A3405C890342B339F5E7E65
                                                Malicious:false
                                                Preview:....moof....mfhd............traf....tfhd...*....................tfdt...........ptrun..................C...(\...............................O...............j..............*........................q.......6...............D..............+........v...............q.......Y.......k.......5.......P......#).......d.......................9...............,..............$9...............-...............................................g...............!...............x.......w.......O.......l...............^.......................T......._.......................|.......r...............g.......u.......X.......+.......F.......+.......D...............>.......-.......,...............-...............K...........Jmdat.....,.?.....$2.......X.../... .X.0...Q...3^u>..b2t.'O..LEFS.u..f+..t....o/...4.N.....m.U.Z.NE.....>24.{...#o..19..3..EA.<<..C...^.x......JA.....C...C...D*...l..q....U....lk..T.)..h.k....&.".I.)ey.).........R.6..R.............&)....'.Y..z..6..k.9/A."[.< ..s.!...Q.;p$+..L.

                                                Chrome Cache Entry: 266

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                Category:dropped
                                                Size (bytes):5430
                                                Entropy (8bit):3.6534652184263736
                                                Encrypted:false
                                                SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                                                MD5:F3418A443E7D841097C714D69EC4BCB8
                                                SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                                                SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                                                SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                                                Malicious:false
                                                Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                                                Chrome Cache Entry: 267

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (6544)
                                                Category:downloaded
                                                Size (bytes):27465
                                                Entropy (8bit):5.555995836687634
                                                Encrypted:false
                                                SSDEEP:384:kbVYHgormkrZBK582htJu355zXv2Vpfd2A2YjMQlye0:VHgoSKPL2htJC55zf2l2YC/
                                                MD5:340047A06589CA5037F81E4DD744CC73
                                                SHA1:C01836D5A1E5421C11BBA2B9787D9CBDE5A1AA76
                                                SHA-256:285AFAA325D073927B2ECCBBB4B51A03B19F5797A1736261DEE5623A06DD1512
                                                SHA-512:52C358103BC4530F860BF1BFAD6A1FD1B13092F2E646167B1F30346EB2D61C8D9F17FE0F73C793CFD8730E8DEA226A66545A55C79F09296ED92C45147B93CC83
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3i0Wo4/y4/l/en_GB/p2aYR2TDczj.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/..__d("BaseDataEntryKeyBuilder",[],(function(a,b,c,d,e,f){"use strict";function a(a){a=a.key;return a.trimLeft().toLowerCase()}f["default"]=a}),66);.__d("searchBaseTypeaheadTakeNEntriesFromSectionedEntries",[],(function(a,b,c,d,e,f){"use strict";function a(a,b){if(b===0)return[];b=g(a,b);var c=b.entryIndex;b=b.entryUnionIndex;if(b===void 0)return a;a=a.slice(0,b+1);if(c!==void 0&&b!==void 0){b=a[b];b.type==="section"&&(b.entries=b.entries.slice(0,c+1))}return a}function g(a,b){b=b;for(var c=0;c<a.length;c++){var d=a[c];if(d.type!=="section"){b--;if(b===0)return{entryUnionIndex:c}}else if(b<=d.entries.length)return{entryIndex:b-1,entryUnionIndex:c};else b-=d.entries.length}return{}}f["default"]=a}),66);.__d("BaseTypeaheadPayloadDecoratorAddLimit",["searchBaseTypeaheadTakeNEntriesFromSectionedEntries"],(function(a,b,c,d,e,f,g){"use strict";function a(a){return function(b){var d=b.entries;return babelHelpers["extends"]({},b,{entries:c("searchBaseTypeaheadTakeNEntriesFromS

                                                Chrome Cache Entry: 268

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):824
                                                Entropy (8bit):3.45814995487565
                                                Encrypted:false
                                                SSDEEP:12:AShXSkouwKJRLrtX9JkZkF/EA/m+ZWFyKaQi5I10Lrw8NPtR/JG:ASEnKJxJ7a+Z2i5I1aHZ
                                                MD5:342A232004182339BE9BB973569AF78E
                                                SHA1:0D63AF4B99D241885970413F94C177FE5F545ED7
                                                SHA-256:1BEA1922769A7430053138AB8539BDC152F9F0165355D06F946D26F560A37333
                                                SHA-512:0BA38CD51FB3E5DB9B8C50B6E52E426AA604D4CC54C6400B2C02EC8DBC75EF3F6A9C79C16EF45998221ED20FB9A09D4E55E35203790CF90DA23F5312ACF0D7C6
                                                Malicious:false
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd...........D....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd....................................................................@..............Tmdia... mdhd...........D....U......-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a.........................D.....)esds...........@.......t...t..+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd......#.... trex........................

                                                Chrome Cache Entry: 269

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):92
                                                Entropy (8bit):2.547028628684007
                                                Encrypted:false
                                                SSDEEP:3:vBltNXl4gjQbv/llN11klXrqXl3lv9l:ZlTXHQbfx9l
                                                MD5:F3EBF406A882F862BD59DAE6A0CE7D92
                                                SHA1:98FE89C7BC10D2BE9BBFA5A40541BF8E7CAE4787
                                                SHA-256:19B6324C3C21AD3AC45BDC85128758049953B71930BCDE1F4F56166F81F079D6
                                                SHA-512:9DD998C06DA7F80292ADA49FF7C6B9B90408E7E664E4F5380F097DD659D9A32482B2DB3D57B7E87A3187D9D7E8DF0044B017EA9A6731BA1C7048B8A6F8881618
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=824&byteend=915
                                                Preview:...\sidx..........................E...|>......?...x.......?s..x.......?...p................

                                                Chrome Cache Entry: 270

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:dropped
                                                Size (bytes):58084
                                                Entropy (8bit):7.958762706763839
                                                Encrypted:false
                                                SSDEEP:1536:uBzAnl5PxRwWkvwibxf22bSzEJ8IzD31E:ueZRw3oSvO
                                                MD5:3836C6C2699B2F128B1B3F7A5C20F00E
                                                SHA1:0CBA916083F4905F7F016C09C01953DC57F98633
                                                SHA-256:3A38A2B8DC19079981B888F811C5D9C20B7AE7D1796E014B95DB7B49C4C5E32E
                                                SHA-512:45828D77F0C7DD20E9FB6618EB1DA8C365B9577AFD8ED1566162A51A45A7454C850CA9C26635DD1FF6CC63836446CB81D26F6BF4DFD936FD50A3A20C2EAEDB4F
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f010000e91a0000b43d00004f4000002b430000386100006d8c0000a192000042970000ca9b0000e4e20000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."..............................................................................@........................................................................................................................................................................................................................./..Y0v....S3..H\HU.8.`..'Bs.....K.Q..[.,..)R....C9..+HJV.:....d-..3."Bb.:u.P..,.sGXT.......s...=......!.sp..{....c..f7..y..<.f...m..L.;|...N.d...T.8...a..v.9{.5c..`.UoJ.r6.5..F.M~.@.p....].b..yw..S7.V9.>.s.......P9.]E......h.{C.....W.G..{..p>.....w.......^}M..Sx.q....j.f(m.*.K...d...*..*.....Hk.!.d.....Hk.A......9.N..a...@O;..J<.#.S.b=y.@..+.R.......y.Y....;..2.1.3UQa\.......-.

                                                Chrome Cache Entry: 271

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):140
                                                Entropy (8bit):2.53830466738071
                                                Encrypted:false
                                                SSDEEP:3:fBnltcXT01NWllhCtll2tllPllnCl/llzkP/ll4FNM9ln:pnl+0tTF2
                                                MD5:0AECE8EB39C2B638384D07A701E7681F
                                                SHA1:369614C234766EFB07A7F78F6CF8E289B8325C3B
                                                SHA-256:D6B80D6D994DD103FD3DC9F69F1DB936CCB1F22A6850B6382079AD52DF136C26
                                                SHA-512:3B619E8951A4823C4DB3198690C4178FFD63E7BDBDCC5757213D4369C175EAB2B03826D488ADDD3A32EDC012A6CEA45BF0CC994C36B83B1B9D538A24709AC6B1
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=824&byteend=963
                                                Preview:....sidx...........D..............E...\>......?#..X.......?...X.......?...X.......?...X.......?...X.......?O..X.......@...`...........@.....

                                                Chrome Cache Entry: 272

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 189 x 225, 8-bit colormap, non-interlaced
                                                Category:downloaded
                                                Size (bytes):8450
                                                Entropy (8bit):7.895050815212879
                                                Encrypted:false
                                                SSDEEP:96:AitzuyVV24e+bAuln1N+xI/xtZfo9H3FBPuKJ+Bv4xMZ5X+sWrVfWXfmaalzXRut:LpVXVp1N+Ivdo4KoCi+sWrsUJh5y
                                                MD5:A800DC8DBB6A59E1A3E00E840BE91F4A
                                                SHA1:08BD90B1CEACE67B7BBB9D1DC42F5DD7D923408C
                                                SHA-256:92399D4E87E05C80A1D90E859AF0D871A7171D4558557EFFF39E50DD69F178C9
                                                SHA-512:1FAD6E8F0860E8AEA00D44D35B225CED34BFE4D2554B22D556D7315938A74E32212DE1E1741E331D4C627B1DF8A127E80E0617024DFEF21F38385DA4F920D25C
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3/yp/r/xHalzKQEhj_.png
                                                Preview:.PNG........IHDR..............ED.....PLTE.....................GpL..........................................................................................................................................................................................................................................................................................5Ec....................................................................................................!!!................v..|..x......................w..w................................................x..w...........................w..w.......>>>............555...............zzzSSS........................................w.........................mmm.w...x........w..w..v..w...........w.@@@.......v..w..y..v...........w.VVVTTT..........w..........S......tRNSf....>..........7...Z.....P.......H:.*p.!0.$.Mw.....d\..E.T..~W.3...'.,irB...i..^f.@za....r....l..,.~..2........-k_...a..6..R..m...Jh..@.K....x....f.@......].Fv.!.J.

                                                Chrome Cache Entry: 273

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (2362)
                                                Category:downloaded
                                                Size (bytes):233234
                                                Entropy (8bit):5.461086028423482
                                                Encrypted:false
                                                SSDEEP:3072:+SX0CBd2Buj8T4HvzoHfKxTadov0roCsu29d4XB:+A0CBd2BhT4EHS8rYEXB
                                                MD5:8A84079C4875A9631C0AEC226FCA2AD5
                                                SHA1:77F6B15F4B711E20056BAB1AF90853197062A172
                                                SHA-256:3A74CE3ED631FE125ECF558D7B94DE15A9FE513A53D7BB4AB76BA7A6104CDA29
                                                SHA-512:83820BE90AFFDFA7F311E65C11A1A44F7AB9A91B09F8265C5F9E2DA367BE1B126F62A81B47D2DC5EC6A4F3D176FB3A3D8241C0F7508B486D01A547E214929011
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.tJAV7vL1l6c.es5.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAAJYBMgM/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlH9DCKDG9MYU76fhfMKH1UVpbJtYA/m=_b,_tp"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x818601e, 0x51ce74, 0x739cf10, 0xa500f8, 0x321, 0x0, 0x19600000, 0xcc80, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT.*/.var baa,eaa,haa,laa,Va,Xa,Ya,maa,naa,Za,oaa,paa,qaa,db,vaa,yaa,vb,wb,zb,Iaa,Kaa,Oaa,Wb,Xb,Qaa,Raa,Waa,dba,eba,iba,lba,fba,kba,jba,hba,gba,mba,pc,rba,sba,pba,tba,xba,yba,zba,Dba,Eba,Fba,Gba,Hba,Kba,Xc,Nba,Mba,Pba,ad,Zc,Rba,Qba,Uba,Tba,dd,Xba,Yba,aca,bca,nd,dca,eca,Ed,md,rd,rca,oca,sca,tca,wca,yca,zca,mca,Lca,he,Nca,ie,Oca,Qca,Sca,Wca,Xca,Yca,Zca,bda,dda,kda,lda,mda,qda,zda,vda,Cda,$e,Fda,Gda,Hda,Kda,Mda,Pda,Qda,Rda,Sda,Tda,Wda,Xda,Yda,dea,fea,gea,hea

                                                Chrome Cache Entry: 274

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):17937
                                                Entropy (8bit):7.794777690480409
                                                Encrypted:false
                                                SSDEEP:384:g3OkgPaHxCaz0ijL7RAk+GkPxhgTbKj/KhWzdH6vMkg:EKaHxCazVH+wkp2TCKhOdH6vpg
                                                MD5:D117165E4D738057F1BFA9AB02DA635A
                                                SHA1:76D4841622DE4646B522A709048A918120E7E939
                                                SHA-256:8ED222F5F52D436BA552A3EB35644E31308F1E7DDDECFE935BED764FF1452401
                                                SHA-512:8EA625CB5B7F2CBFD1D7777D5E86746959B054C52E87B439D30891DFB0B6CB87168A7A3BF365568CC393608EBE971AF6CA11F830FBA3D5C9B967267BCE5A80E5
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=952&byteend=18888
                                                Preview:...4moof....mfhd............traf....tfhd...*....................tfdt............trun...........<...s...t...s...P.......................S...................l...B...@...U...i...........B...M...U...Q...l.......[...z...]...|...b...u.......v...p...u...j...n...t...p...s...b...u.......f....sbgp....roll..............D.mdat!.E..P.F.=..<.@............................................................................................................................................................................................................................................................................................D)iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiix!.E..P.F...............................................................................................................................................................................................................................................................................................)iiiiiiiiiiiiiiiii

                                                Chrome Cache Entry: 275

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (11069)
                                                Category:downloaded
                                                Size (bytes):42417
                                                Entropy (8bit):5.453160011942057
                                                Encrypted:false
                                                SSDEEP:768:49vTi9vT/9NXioDqGqu3M86qCSMp0XrLM/:4QqQJCSVXr4/
                                                MD5:E6E619A06B33DD2C9EBD89EB0BA84261
                                                SHA1:64CA9A6F5C8B741024960425D76753CDC620BAE0
                                                SHA-256:4F9BCAB7DD4556EB3A5E61F02C742F1E893EADA2D97CB5C5881C2C1B8C1B2892
                                                SHA-512:ADA7A7E2A0C1581CEF6E3A188985D7AA4999926B5DB227AB9EFE80128055B791D677072AE0A43F003EC2333EE8EE660ED6D61B233166B64B66C42097A8BDB39C
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3/yN/r/7mFwSll_FX0.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/..__d("CometHomeProductBadgedNavigationLogger",["QPLUtils","QuickPerformanceLogger","qpl"],(function(a,b,c,d,e,f,g){"use strict";var h,i=c("qpl")._(30632331,"5336"),j=new Map();function a(a){l(a);m({string:{product_app_id:a}},a);return}function k(a){if(a==null)return!1;if(j.has(a)){var b;b=(b=j.get(a))!=null?b:0;b=b+1;j.set(a,b);m({"int":{attempt_count:b}},a);return!0}else{j.set(a,1);m({"int":{attempt_count:1}},a);return!1}}function l(a){var b=k(a);if(b)return;b=d("QPLUtils").deriveInstanceKey(a);return(h||(h=c("QuickPerformanceLogger"))).markerStart(i,b,h.currentTimestamp(),{cancelOnUnload:!0})}function b(a,b){a!=null&&j["delete"](a);a=d("QPLUtils").deriveInstanceKey(a);return(h||(h=c("QuickPerformanceLogger"))).markerEnd(i,b,a)}function m(a,b){b=d("QPLUtils").deriveInstanceKey(b);return(h||(h=c("QuickPerformanceLogger"))).markerAnnotate(i,a,{instanceKey:b})}g.markerStartAndAnnotateWithProductID=a;g.markerStart=l;g.markerEnd=b;g.markerAnnotate=m}),98);.__d("CometHomep

                                                Chrome Cache Entry: 276

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):826
                                                Entropy (8bit):3.4788411476568806
                                                Encrypted:false
                                                SSDEEP:12:LuA47S0HqXSkouwKJRLrv9ickYhHnOcRS+xtEil8a495I10HZ/m:LuAUS0lnKJLFhHVRS+bgI1
                                                MD5:028478B27F2CF81A961E47B7AC200616
                                                SHA1:8DA76EF8BDB485C0B8311EF7C84DB2A5FBE7F1DE
                                                SHA-256:CC1B7E2E9BC1F742617E2A0EA0D88F36D58725A6A3A51E0EDD166290669E0A08
                                                SHA-512:2E13C69F67DA79BCACF72CB37FB0AE785FE774B0C7A114863449C53132DD8DAA4E382043375401B925C8243B2706ED2CE25D2056D6A7A7EB82CEAEBE77BBB81F
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449694296_1560210191559240_4020235943818543510_n.mp4?_nc_cat=108&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=G_r6oeHwmwAQ7kNvgG6sqtC&_nc_ht=video-hou1-1.xx&oh=00_AYDS2eQw4y1eaYumABsQPAZWQpmI7avDCc5ri5ShKEtmDA&oe=668B3299&bytestart=0&byteend=825
                                                Preview:...(ftypmp41....iso8isommp41dashav01cmfc....moov...lmvhd.....p..p...<.....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd.....p..p.............................................................@.... .........vmdia... mdhd.....p..p...<.....U......-hdlr........vide............VideoHandler....!minf...$dinf....dref............url ........stbl....stsd............av01......................... ...H...H.........AOM Coding.............................av1C..........D...|.... ....colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd......V.... trex........................

                                                Chrome Cache Entry: 277

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):17610
                                                Entropy (8bit):7.889127962263205
                                                Encrypted:false
                                                SSDEEP:384:xMOYQPTfDj06UyoScepRdq6qQ9MYGg2OSwK7Wmkz:xnYQPTtX9ZdqNQ9MYGg2p7Wmkz
                                                MD5:4ED59023D64D2E353C6E5C7F5C5A5D67
                                                SHA1:981933D2CB7045875DA442D742809EB27979298C
                                                SHA-256:74AFA12AA1641C6A2FE127C50FAFE2A9EC55403A5685A7CB03DA3C5A859D607A
                                                SHA-512:619243B906B62F0B53C6B76353659156F9F039C8B20370D9404FFC6A97570541940535590745622E35DF6D65DC570A019C0A7950B45FAB18865F656E0506DD48
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=1012&byteend=18621
                                                Preview:...Dmoof....mfhd...........,traf....tfhd...*....................tfdt............trun.......2...L...U...U.......................|...g...d...[...T...O...L...a...[...Z...A...I...F...D...F...F...@...@...]...J...T...P...P...E...?...D...K...T...F...A...W.......P...Z...K...N...H...H...D...E...M...K...H....sbgp....roll.......2......C.mdat!.E..P.F.M..<.@.............................................................................................................................................................................................................................................................................................)iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiix!+O........jL$......)(.......3.....JJ'kv..@..............ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ]..

                                                Chrome Cache Entry: 278

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                Category:downloaded
                                                Size (bytes):13193
                                                Entropy (8bit):7.937059839980475
                                                Encrypted:false
                                                SSDEEP:192:vOz7S95aQvDj26B/HIx1bJ0+bFc78GUWymohjX95DBRBrqsATHDvVAN+JfXEYMKY:vO3NGjZRHIQwGh4hTosArDvLrM2Cln
                                                MD5:8BD4799426CCA5BEFA39EB04F75A99C8
                                                SHA1:42A50556D8FEEA8110F13D9BBE1A386AB2A178FE
                                                SHA-256:0E24F090E541F49474B9353348FE5ED649034EF626D68ADA7D2188B5ACFC09AD
                                                SHA-512:67245DE1DD87711C8C4F5988259B230DF13C4C834DE96FFA167C1630F014415B66D8B7B79D42790CF72DF746A833647BEECF9D7A3720FF91E7751C4FB247EAC5
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/441997224_449546051214555_5260019720502139937_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=hZGlU0omaAAQ7kNvgHfdoW5&_nc_ht=scontent-hou1-1.xx&oh=00_AYBKeUbr4JQNlIF3qIQBWI-0ajfoCIj1KBg8bAz59ZEoew&oe=668B32F0
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f010000fb040000730a00000d0b0000c30b000083140000cf1e0000e81f0000e3200000ed21000089330000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n...."..............................................................................X....2.".4......`J...0p.............vd0...............dBs2..bnRa.t.\...$.#(....r.9.....*.:$9.f.=/_.....r|..}C..r/.;....D.|rr./.rpW.y.<..z=?*....Si....9.?.uy41..9..+\Ko.........;....|...>]/}.>I.........N......X...P6f...."N"K...J.(.Z..{n.|....#I.....VQ.Q'$[..}..3.g..3._.........M...0..@1......l.d!....11...e...*l....b..$.C.0. 0....1.c.1A...1...........*l..!...&2.U.b..W.."`.aX.b. .&.Cj.<....h...x......p:......C.4.l.Lj..-..rz.\.....<:3.....'w.C..!..H.5.|"....!|I.~....o.y^.+8.7...l.Y.....WT!..O*g..\.)..%..s...<^MZ........D....oP8.w#g...g...V.5,.r.*.....K...}.8.t....MD.....I.Ii..b.;.+=..<.R....

                                                Chrome Cache Entry: 279

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (777)
                                                Category:downloaded
                                                Size (bytes):7624
                                                Entropy (8bit):5.356859202879639
                                                Encrypted:false
                                                SSDEEP:192:mnwTgK8AwrKbbW8UFBlkU+/IrlQFsq1o98fYlp2PDYGym4nV9U:9ZwrKbaV/38xW8jn
                                                MD5:23ED78C00699D0EF97404A3901525DD3
                                                SHA1:09125039F07B8B3DE33761BFEBB4E0754AEA6738
                                                SHA-256:B21A2E0BD7B733D42DB2FBC676E0710D00CF95491967ED46C8A204605DBFDA29
                                                SHA-512:22AE4F4142F19399EE8C5ACF4EED70F9D91C41E3BB138522F340684CBA2C4E1FFF5233950DC9328861F79970ACABE2F5A28B396392AA72AD1A92429D61425D67
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.ZU1EFvXsC20.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAgJYBMgM/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EN3i8d,F6sNGb,Fndnac,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,VwDzFe,YHI3We,YTxL4,YgOFye,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,lRrMHd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,r1n9ec,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEfiLuEnjxYrdf-rk4qPrRacOxopQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.ENa=_.y("wg1P6b",[_.Nx,_.Hl,_.Ol]);._.k("wg1P6b");.var K2a=function(a,b){b=b||_.Ha;for(var c=0,d=a.length,e;c<d;){var f=c+(d-c>>>1);var g=b(0,a[f]);g>0?c=f+1:(d=f,e=!g)}return e?c:-c-1},L2a=function(a,b){for(;b=b.previousSibling;)if(b==a)return-1;return 1},M2a=function(a,b){var c=a.parentNode;if(c==b)return-1;for(;b.parentNode!=c;)b=b.parentNode;return L2a(b,a)},N2a=function(a,b){if(a==b)return 0;if(a.compareDocumentPosition)return a.compareDocumentPosition(b)&2?1:-1;if("sourceIndex"in a||a.parentNode&&"sourceIndex"in a.parentNode){var c=a.nodeType==.1,d=b.nodeType==1;if(c&&d)return a.sourceIndex-b.sourceIndex;var e=a.parentNode,f=b.parentNode;return e==f?L2a(a,b):!c&&_.lh(e,b)?-1*M2a(a,b):!d&&_.lh(f,a)?M2a(b,a):(c?a.sourceIndex:e.sourceIndex)-(d?b.sourceIndex:f.sourceIndex)}d=_.ah(a);c=d.createRange();c.selectNode(a);c.collapse(!0);a=d.createRange();a.selectNode(b);a.colla

                                                Chrome Cache Entry: 280

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (10325)
                                                Category:downloaded
                                                Size (bytes):21776
                                                Entropy (8bit):5.3302919394876564
                                                Encrypted:false
                                                SSDEEP:384:YKBs4kS8XEJ6if8wkvvbrLDsYpo36tlMNXvz/ur1s0X:Yh4kS8UJ6i6rLjpo36tlMxz/m1s0X
                                                MD5:A29BE4FFD07B6D4026E5782455411D81
                                                SHA1:D6ADB74A0972373176B9CC1E0746943D3A3F08A0
                                                SHA-256:8C111BC221700B9226CC50B60783792BCF14E1862CB6B4D33C7E71429A5B0D30
                                                SHA-512:FF7E1D609C68317D4DEA14FFE0B615F8E864E0182CDF98483AA30E41F9D939BF4F3C605411933A2CF52B1B9F52939B5EA0AE1D442ABC414DB3C88C90B9F6F4B0
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/bwjcpfdLfwR.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/..__d("FDSUnitHeader.react",["BaseView.react","CometColumn.react","CometColumnItem.react","CometFocusTableContext","CometPressable.react","FDSIcon.react","FDSTextPairing.react","IconSource","SVGIcon","TetraText.react","react","react-strict-dom"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||(h=d("react"));b=h;var j=b.useContext,k=b.useState,l=8,m={action:{backgroundColor:"x1k74hu9",borderTopStyle:"x1ejq31n",borderEndStyle:"xd10rxx",borderBottomStyle:"x1sy0etr",borderStartStyle:"x17r0tee",display:"x1rg5ohu",marginTop:"xdj266r",marginEnd:"x11i5rnm",marginBottom:"xat24cr",marginStart:"x1mh8g0r",paddingTop:"xexx8yu",paddingEnd:"x4uap5",paddingBottom:"x18d9i69",paddingStart:"xkhd6sd",position:"x1n2onr6",verticalAlign:"x3ajldb",$$css:!0},actionButton:{color:"x1fey0fg",cursor:"x1ypdohk",$$css:!0},actionHidden:{opacity:"xg01cxk",$$css:!0},hairline:{backgroundColor:"x14nfmen",height:"xjm9jq1",marginBottom:"x1jyxor1",$$css:!0},root:{paddingBottom:"xjkvuk6",$$css:!0},showActio

                                                Chrome Cache Entry: 281

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:BS image, Version 30820, Quantization 26995, (Decompresses to 0 words)
                                                Category:downloaded
                                                Size (bytes):56
                                                Entropy (8bit):2.0899239753965375
                                                Encrypted:false
                                                SSDEEP:3:jBltIlnBfJNfTkNn:9l2ZEN
                                                MD5:5AAE6230695E75B985D37A2DF43B23C6
                                                SHA1:48788E99F4A7CB8CAF3757FDE7E2A1357E111EF7
                                                SHA-256:1EA9C83F28226919A3D2899AD64633119350E3E7EC731E36475769CD85644628
                                                SHA-512:6E807ADAB647039CB27759114CFD4AC1D08251ADA8A3484ED6D31E8CED87B435C6AA2B089AAA58BDA4CF2EDA42D63BF69ABC6D556836F832F5DF9817CC03A950
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=826&byteend=881
                                                Preview:...8sidx..........<...................,........d........

                                                Chrome Cache Entry: 282

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):824
                                                Entropy (8bit):3.4517761410722954
                                                Encrypted:false
                                                SSDEEP:12:AS82XSkouwKJRLrtX9iZkF/paA/m+ZWFyKaQj65I10Lrw8NPtR/YO:AS8pnKJx5p8+Z2+5I1aHZI
                                                MD5:1D6074D94B02BD0C56C3061661D2AD9F
                                                SHA1:3095A9B5105D45EEB64BB5943426CC3E024E63BA
                                                SHA-256:50ABCAB5FBBAC20DE582F2E27420092B2FC2E79FF3C4D06A8EB0434A7A7BB8DA
                                                SHA-512:24A17A0990CF82D4F8438770CD2130AA409353D737F67BF1EE9F1B55DD2DC7A50CC6B19A7B65E38027B44333A736D837295E1A0754B148E8848A80638B4D8087
                                                Malicious:false
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd.....)8.)8...D....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd.....)8.)8............................................................@..............Tmdia... mdhd.....)8.)8...D....U......-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a.........................D.....)esds...........@..............+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd......W.... trex........................

                                                Chrome Cache Entry: 283

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (11465)
                                                Category:downloaded
                                                Size (bytes):1085377
                                                Entropy (8bit):5.507167791005517
                                                Encrypted:false
                                                SSDEEP:6144:yhQZTDkAstbw+MwPbbCf5VHxeEkttGPK/lp8rHU/5hn5QNg/+WLrkg1iEEFYJM1P:vxDsmoXCfjRledurIn5QiX3kgEYM1P
                                                MD5:B7748DADB2B805C29ADFEDAA493FEBF3
                                                SHA1:13F639BA1EA74C9E593EE5EB978C89A2CCBFB9D9
                                                SHA-256:9C9F7A59CCD6CDA1B2B16F2FC36CC5D1FCE55797A12753438E0B7805C0721BFF
                                                SHA-512:46F43AAFD21A5FBE5A39BD1A4593B1D66FE3C99FA7E42FE2C677DAAE260B290F053A79075C9022F00A798E6D117E9729E4A036FF88DE99D8E55829FF5365A42C
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3iwLy4/yE/l/en_GB/ZpztLkU6jDd.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/..__d("ARIA_LABEL_PLACEHOLDER_FIXME",[],(function(a,b,c,d,e,f){"use strict";a=null;f["default"]=a}),66);.__d("ActiveFocusRegionUtilsContext",["react"],(function(a,b,c,d,e,f,g){"use strict";var h;a=h||d("react");b=a.createContext(null);c=b;g["default"]=c}),98);.__d("HeroTracingCoreConfig",["cr:8907"],(function(a,b,c,d,e,f,g){"use strict";g["default"]=b("cr:8907")}),98);.__d("HeroTracingCoreDependencies",["cr:8908"],(function(a,b,c,d,e,f,g){"use strict";g["default"]=b("cr:8908")}),98);.__d("HeroInteractionContext",["react"],(function(a,b,c,d,e,f,g){"use strict";var h;a=h||d("react");b=function(){};c={consumeBootload:b,hold:function(){return""},logHeroRender:b,logMetadata:b,logPageletVC:b,logReactCommit:b,logReactPostCommit:b,logReactRender:b,pageletStack:[],registerPlaceholder:b,removePlaceholder:b,suspenseCallback:b,unhold:b};e=a.createContext(c);g.DEFAULT_CONTEXT_VALUE=c;g.Context=e}),98);.__d("HeroInteractionIDContext",["react"],(function(a,b,c,d,e,f,g){"use strict";v

                                                Chrome Cache Entry: 284

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                Category:downloaded
                                                Size (bytes):1757
                                                Entropy (8bit):7.15507358509442
                                                Encrypted:false
                                                SSDEEP:24:gqd9Ls7c1sppvw/IG2xhgnNXRFiCp1eO0ibCO9U/mQ6qagATkyi94/vEVhxk4+tq:g1iWxw/IvxkPZLbC7ggATkyPih7t
                                                MD5:62805DF35C64AA776CF1B75413C1F44D
                                                SHA1:06E9B93E9AA882196B26546062924EA405CDBC4A
                                                SHA-256:7DF172AF15B748E67513520C34508B0D28088CC0F2D3A028A52782126058DAA3
                                                SHA-512:9C246945A04A52DE537F07AE7C5EA677AE24B20FA9E00D5426B4A06B70C670181CC700EB7D178D3F09B9D9A0A8885C2502AAE4C08198A32AC1D20B3DF2168290
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t39.30808-1/244246203_368581291613392_1417098440599807693_n.jpg?stp=c5.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=C0KcJBzniAAQ7kNvgH8NYBv&_nc_ht=scontent-hou1-1.xx&oh=00_AYBOIaa_lTmoE5spXLrfBA0gucmO5IeYRK-zCRENrcYdcQ&oe=668B3AE6
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e010000e80100008e020000e90200003a03000001040000c0040000000500005a050000a4050000dd060000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."............................................................................. uF..R.....9.8$....T.....,.L.....(\....T..S....].f.....l:.i..4.+...#.............................!.#2............U..2<........n..<.P[..H.8......g.AM.Z.{..G.n.....Z.....X..l...Vr.b/.S.....|.Flomk.:...(..7=...G.6...............$..........................2!"#13Qb........?.........@}-4..7E..[.._#>.J....#..]..(...l.R.So|?..........................!..1"2........?..~#...).;e^...bQ..{)Ggg.1....+........................!1QA.#23q.. "Bab.........?..SV..?x..f.Q.op`p}T.l.a....'..;Qc.8..,.F.....Po..G.w.TC.>.co.4..Gf....S....a.Q.m..........k.|.h..8....+.;=_..Z.:.*.E7'..z;q>...ReE........X.....$.........

                                                Chrome Cache Entry: 285

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (9954)
                                                Category:downloaded
                                                Size (bytes):71541
                                                Entropy (8bit):5.408336206888488
                                                Encrypted:false
                                                SSDEEP:1536:cwTtZ8d+aOMj9/alHwSo3XItkuSOFKS3e:5DMj9/ie
                                                MD5:609CF424D5538AB08ACE63878738BA68
                                                SHA1:2074D65E9165EBFFAF94A1E03FB0B6647C43C055
                                                SHA-256:1345E6D247D608F3F9F85D1A28736D9DF3F0050875D6F289FFF1D0165E60ED3C
                                                SHA-512:6C2532B208013C744448A2F9FD3A4D94FABD1A53791170EF4496B2D7D39168DF5CA52570A48D322EA2FDA7BE869522DFDCB53FE79EA8D792B51D17FF67FC7EFB
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3iXK94/yt/l/en_GB/gfOaPYbADeK.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/..__d("BadgeCheckmarkFilled12.svg.react",["react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||d("react");function a(a){return i.jsxs("svg",babelHelpers["extends"]({viewBox:"0 0 12 13",width:"1em",height:"1em",fill:"currentColor"},a,{children:[a.title!=null&&i.jsx("title",{children:a.title}),a.children!=null&&i.jsx("defs",{children:a.children}),i.jsx("g",{fillRule:"evenodd",transform:"translate(-98 -917)",children:i.jsx("path",{d:"m106.853 922.354-3.5 3.5a.499.499 0 0 1-.706 0l-1.5-1.5a.5.5 0 1 1 .706-.708l1.147 1.147 3.147-3.147a.5.5 0 1 1 .706.708m3.078 2.295-.589-1.149.588-1.15a.633.633 0 0 0-.219-.82l-1.085-.7-.065-1.287a.627.627 0 0 0-.6-.603l-1.29-.066-.703-1.087a.636.636 0 0 0-.82-.217l-1.148.588-1.15-.588a.631.631 0 0 0-.82.22l-.701 1.085-1.289.065a.626.626 0 0 0-.6.6l-.066 1.29-1.088.702a.634.634 0 0 0-.216.82l.588 1.149-.588 1.15a.632.632 0 0 0 .219.819l1.085.701.065 1.286c.014.33.274.59.6.604l1.29.065.703 1.088c.177.27.53.362.82.216l1.148-.588 1.15.589a

                                                Chrome Cache Entry: 286

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (4478)
                                                Category:downloaded
                                                Size (bytes):19418
                                                Entropy (8bit):5.379195390856238
                                                Encrypted:false
                                                SSDEEP:384:gJEePjmMfOH3Qm45RAGSeIMPW2NYZvnXYv3HAEfqwuhU3p9uj9QtJg:oROXQm456AYZvoPhfVIUSj9QtJg
                                                MD5:9CE9445F24BFC74018956880D606553C
                                                SHA1:ECF89E11E2091ACB1AF6735C9AF94AB19984F602
                                                SHA-256:797EF136123058C1D54A0AE365896D4E56FB3D84E83D60EF840D16BBAD8AC6BB
                                                SHA-512:7B25B6EB9B03A2118AE112AE00E774CBD9928DF69F49DA762D88255F30533CD3E6F576C82F0220FC393FA5E08544188ED210135CE17FB03B76505BF03F48A9BE
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.tJAV7vL1l6c.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAAJYBMgM/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EN3i8d,F6sNGb,Fndnac,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,lRrMHd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,r1n9ec,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHSmMVe3EF2eQKql4kfMC1M0jwtog/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{.var HDa=_.ca.URL,IDa,JDa,LDa,KDa;try{new HDa("http://example.com"),IDa=!0}catch(a){IDa=!1}JDa=IDa;.LDa=function(a){var b=_.hh("A");try{_.Jb(b,new _.xb(a));var c=b.protocol}catch(e){throw Error("qc`"+a);}if(c===""||c===":"||c[c.length-1]!=":")throw Error("qc`"+a);if(!KDa.has(c))throw Error("qc`"+a);if(!b.hostname)throw Error("qc`"+a);var d=b.href;a={href:d,protocol:b.protocol,username:"",password:"",hostname:b.hostname,pathname:"/"+b.pathname,search:b.search,hash:b.hash,toString:function(){return d}};KDa.get(b.protocol)===b.port?(a.host=a.hostname,a.port="",a.origin=a.protocol+"//"+a.hostname):.(a.host=b.host,a.port=b.port,a.origin=a.protocol+"//"+a.hostname+":"+a.port);return a};._.MDa=function(a){if(JDa){try{var b=new HDa(a)}catch(d){throw Error("qc`"+a);}var c=KDa.get(b.protocol);if(!c)throw Error("qc`"+a);if(!b.hostname)throw Error("qc`"+a);b.origin=="null"&&(a={href:b.hre

                                                Chrome Cache Entry: 287

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:downloaded
                                                Size (bytes):96
                                                Entropy (8bit):4.362961159354576
                                                Encrypted:false
                                                SSDEEP:3:bh6G3XWZNDrMyMcbtugSUhdei3XWZNDrMyMcI:bnXS5JtpnS5O
                                                MD5:F71C4EFD36879E28A721AAF93B559B3F
                                                SHA1:2AA52C4FD618680148F935B280F96496EFD7E153
                                                SHA-256:F39FC3D962FAE023EBB725DFDBA524226C593C6EB2BC2C1F23C454D63CC10EC2
                                                SHA-512:8EB53CB46F668813C99768F701C00D1E2FF18FFE86F50C0C0A17DFAC06B339DCB513F58972CDEDB5A372035596806F69F50E5F6228B5F0AFE5992E13AADE080F
                                                Malicious:false
                                                URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwkbMnFS9SzlUhIFDYOoWz0SBQ3Fk8QkEhcJsA2cf48--pcSBQ14bxIZEgUNxZPEJA==?alt=proto
                                                Preview:CiIKEw2DqFs9GgQICRgBGgQIVhgCIAEKCw3Fk8QkGgQISxgCCiIKEw14bxIZGgQICRgBGgQIVhgCIAEKCw3Fk8QkGgQISxgC

                                                Chrome Cache Entry: 288

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):589000
                                                Entropy (8bit):7.999147947077226
                                                Encrypted:true
                                                SSDEEP:12288:Qb+4dNgfQobhSrlC22FNZa55/5nZchCr+PDAnHc5/c7:QbDsoobhFzZav1ZkR8T
                                                MD5:D9532BBDE135A9AADBF87B1BC7E8F053
                                                SHA1:5F39A7140D3B23FEEBC67E240728ED08BDF595D3
                                                SHA-256:C56133E95AF4B75B37A748E5FE8AEFC94F7259330FE9E48ABF5A42B7E93859E0
                                                SHA-512:571A61D8B2412900F0242A57E890975FB7B593856008B8FFB435CD1EE6F3A1865D44DBD59860D80AE9D0441292253DB0D4AE697EAEE6A4147E2B70522528EC46
                                                Malicious:false
                                                Preview:....moof....mfhd............traf....tfhd...*....................tfdt...........ptrun...................V...................................................O.......$.......M.......I.......}.............../...............n.......................'.......................................S...............................................#.......................................X.......i.......................................................4...............=.......................................b...............d...............................d..............................................................................o................}....................................................................mdat.....,.?.....$2.....i... A.......<....' ..'.....3..'\.s.1.a0p..]%..,._..^....9.,.|.ZP(..W...e.4...sg.x..8Z.S.Y^%'..#...@.5%.D....H>^.{!S.9...9.n....i.Vb...K.N.J}.]R..?.A.!(.B..5<..2.\.2@..BE*c.p.v.....R..U=..B.BM......s~...I...^...3..N......'..S...B.@...j .a.0.xQ.W..m.

                                                Chrome Cache Entry: 289

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (5135)
                                                Category:downloaded
                                                Size (bytes):36902
                                                Entropy (8bit):5.447103317652978
                                                Encrypted:false
                                                SSDEEP:384:G85qKWA8xJMemE8r8to8Jvw4TWLe8KU8k7ytA1n+6ZTdX3k0aUj/Ijt1B/B1kHTp:0KWAlgw4qn7aAp+ch3kBCIjt1B/H+cg
                                                MD5:EF938D9203343EE0201394B37EB6E389
                                                SHA1:3174B274A9E6BEC104B9C64B8AD54DA553A9BFBA
                                                SHA-256:0F6634258CDF7E2585E4D8A192C619CE97AFEDD2B0880C2668B4A621FF737CAA
                                                SHA-512:8C034CABA5100DA823EE8247A5853D06DDE9B6A36D325FCEEB7148A646A0D17A38F290A69D67892B276454EF04C4C432BC4FD1E7EFA43B854B770ACD358886B9
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/0RsSa8KyPzr.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/..__d("BaseBadgeAligner.react",["BaseView.react","react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||d("react"),j={center:{alignItems:"x6s0dn4",end:"xoo4vsp",left:null,right:null,start:"x1mb8mph",justifyContent:"x13a6bvl",$$css:!0},left:{alignItems:"x1cy8zhl",end:"xoo4vsp",left:null,right:null,start:"x17qophe",justifyContent:"x13a6bvl",$$css:!0},right:{alignItems:"xuk3077",end:"xds687c",left:null,right:null,start:"x1mb8mph",justifyContent:"x13a6bvl",$$css:!0},root:{bottom:"x1ey2m1c",display:"x78zum5",flexDirection:"xdt5ytf",pointerEvents:"x47corl",position:"x10l6tqk",top:"x13vifvy",$$css:!0},topRight:{alignItems:"xuk3077",end:"xds687c",left:null,right:null,start:"x1mb8mph",justifyContent:"x1nhvcw1",$$css:!0}};function a(a){var b=a.badgeAlign;b=b===void 0?"right":b;a=a.children;return i.jsx(c("BaseView.react"),{xstyle:[j.root,(b=j[b])!=null?b:null],children:a})}a.displayName=a.name+" [from "+f.id+"]";g["default"]=a}),98);.__d("BaseStyledBadgeContainer.react",["Bas

                                                Chrome Cache Entry: 290

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                Category:dropped
                                                Size (bytes):1674
                                                Entropy (8bit):7.072573723766955
                                                Encrypted:false
                                                SSDEEP:24:gqLivCc1spON7OrW3PNRaNNpD2y+iiTwDf3STr3SPRqsjkzkLNVPg0BqXj1AMtS5:gmjiWYFR82i2wDfYr3OquLRByj+MADKU
                                                MD5:99B276D01D84A3DE37B518FA520195C0
                                                SHA1:8B28FDF9B9CAEC0364DEB1B646C2FD743B70C996
                                                SHA-256:925F98D748A546A72BCEF2C42A99C6333366186F71255DE927909FD114DB225C
                                                SHA-512:DA8A4D343054EDFB7BC6F4C67B4B3F5641D1E72EAFE8992A173500707315D023358A7A4277BA6C02DF755A31784DB6FCFDAE54B0FDE9EEF4C1EEC0D592DF1228
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6d010000dd01000083020000ba02000000030000d30300008f040000c6040000050500004a0500008a060000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."...........................................................................D....c...I.0.``.a.......N.{*..........N..Z...*..x1.i...p.....#... ...........................12A..........ao...G.II.H.q.9O..1"0...p.ShH.....%....U..L...UR..N.f...*T/..+..f..% .....1..}..Ds+....j....u.leVi(..~>..5....'.|/.....?........................... !1Aq........?.TI..H.Y................................1..!AQ........?.{.VX.0i]..-Mxs*?...*.......................!". 12AQa..#3Bq..........?...).c.6:f9..m.._"6..s.q.|....C).8...ly...M.\i.b.#..Z..}'..`..%jH..q..i.....O........<..Z.D...q......+Rr..53EBXqa..;.......'...>]Q.\A.z..l3.x.]U...}4.l...g...$....................!1AQa.q...............?!j..l..o....

                                                Chrome Cache Entry: 291

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                Category:downloaded
                                                Size (bytes):17032
                                                Entropy (8bit):7.9608211296829205
                                                Encrypted:false
                                                SSDEEP:384:PXbzNDx6GvnHH7/UrOb7aS3kDEWjCV++1rvRMDKyuRL0YodXWOUKYaN:dsun7c0FkDVamhhXWlra
                                                MD5:CE1C62031C104D664DC896663BF09BAF
                                                SHA1:CAC5F706D6AA539B937B9CC92926F1F24880EFDC
                                                SHA-256:1E4D5F16F2F8930798F9D252B297001E41A92F8C73F9E4DC1F6B92A1DC10B349
                                                SHA-512:32D876545E9985BC502E8DDF7D24B47B1089505302442D498E3B3096237E67736BF9B19B05780D53681618710CBBFB7DC097BF9C540AF03A2D5BF9D2BAFF514C
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/446068353_999612811433881_8854588659946229745_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=RpsbA1wn8ZwQ7kNvgGha4UO&_nc_ht=scontent-hou1-1.xx&oh=00_AYBZ922IFWTLq33N1-vRQM-jp4KhmslU9OrrRaAV8D7U4g&oe=668B1FE7
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a70010000b5060000060f0000f9100000041300001e1c00007928000093290000a92b0000a12d000088420000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n...."...............................................................................V.w..-N.....:N...t.d..H.1.a........O.N..T..3?=FN.......N..$..I.9....o...H....nU.(...$..;t..;8'H.H.H8.i..+u...I6vp.n...t.N....t..@. I J..G+...].+j.M?!...,53.y...V....5.q0.ws.bp2(.}?-.r.6......\N.I....lCF........s.Gv@.P.|.8s..i.......E.'..Y.7...&....}U.B2.QZ.u.#H..^vt...px..?2!c.u.....]...M!KX.Y}}x...4=2A.+.`.e....d.s.;:i$...L.}..m..Mn.).J..F|.5k<.+5.....#...~.Z....`.e..I4..g.8-.:zZ?;...._...c...?...>I...eW...../...s.Ky6.83..vp....'.....\d.4F........Z.D.U......:.....}'.Y....~zi$..1..Z..`.D.....Y.uz..0.kY#}.UGKb..*.cuy.......6{A.u.n....A.d.fCAK'(...P..puY..O./'.$.;u+;.j......v.W

                                                Chrome Cache Entry: 292

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 192 x 192, 8-bit colormap, non-interlaced
                                                Category:downloaded
                                                Size (bytes):2106
                                                Entropy (8bit):7.554456957317547
                                                Encrypted:false
                                                SSDEEP:48:EWP8JUaPVKWwCtcHB3sXXRBJ3v8qkZ/aWr/3KZerMLvSOxJ3Df8sfqV1:lkJVKWw03XXZ4Meo931fq
                                                MD5:6452ED75C53E1A8E90A664DF18959A90
                                                SHA1:AC01FC2F40F0E4808E22A9C569F3775F0F15A5E2
                                                SHA-256:C7BAC3E7016DFC7EB5787579BAC6B975B433FC1A9C279DAFC35649D4782F2061
                                                SHA-512:4B23F7FB31826943CBA6496BD74DC620C8EC3B8F0525497E825F1F1F87486335D4374F85417458C3C3E018C2215B9B419D7DE77CB67AAE9EA619038432E1EB10
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/eFZD1KABzRA.png
                                                Preview:.PNG........IHDR.............e..5...YPLTEGpL.e..e..e..p..e..f..f..h..f..f..`..`.....g..f..f..g..g..f..f..f..g..f..h..e..f..d..g..e..e..c..f..f..e..f..g..g..e..f..f........i..h..e..f..f.....e........e..g..f..f..f..f..f..f..g........f..e..e.......F........................f....F.....d........'y.....p....E.....U..7..t.................6..t...........U.................................p......uy...LtRNS.0`..... ......p..._....@..@..oPP...O.^..__....0.o.o.oO..p.P.P_n. ..@0..P........DIDATx..YS.G..G.]..N...t.6&.$..8v|.>{.."....m.3...../...X...*./.....z..Z...^-."|GT(T.K..Z..n..z.3..BT..Z....\.)..Y.....)..\XZs%..e../...........:....Z.R...,X...B....VCL......".~)P...@..P..8......YG..<...=..BLs..CX........0..J...I....Z..,....0g...i...B..}6.Eh.$.g.D1.k......... ..WYD....O..b~.~......U..s4..?...d0........x.g7.zF...........9..G*.A...~...=#.w0.1Z......K..BV..>....x.p...<LS...ft..(|...2XDE.Q...yc..$Mu.@.L...R=.X,.H....!.X).j../.-q2.....09.........\...&.bYk........j.o......../.u}..(5!.

                                                Chrome Cache Entry: 293

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 25 x 64, 8-bit colormap, non-interlaced
                                                Category:dropped
                                                Size (bytes):804
                                                Entropy (8bit):5.9272601627884605
                                                Encrypted:false
                                                SSDEEP:12:6v/7ykl/f/je0aVMrCwGPlc+Zen0JTSdoc9EdyBw3w6xuS8SNGqsaNg:onBaVHwGPlxen0NSucwXoSJN+8g
                                                MD5:C156C107AE735C5F3813220235E0D11E
                                                SHA1:F655A14E144551432AAE9BA0A7FE0E237A65AE51
                                                SHA-256:D75C74B337113A0C65EBFF05ED63A487A0E158BC7246B987A28943667DF46C5B
                                                SHA-512:A2729CA423327C0855BDC68374AE0EA6B211043EBD39A63B7248BF4E288B9641BF3F827EA01C4FB0444BCFBC68B6E06B51EEDE746668F14D4F7225B9B941CC81
                                                Malicious:false
                                                Preview:.PNG........IHDR.......@......,n....PLTEGpL....................................................................................................................................................................................................................................................^.g...QtRNS..d....(..........B...:.>...0..XVLJ|<.t....Rv....6D4n.......@x.8...h..\... .NJ.!V....IDATx^...@...4Q@.yf.:1l.9.../3.M...l..U.#........$?...........kI]|.$GI&#.{.R..../d7$..x!.c..X..\B>...x./..X..[....SQ!@c\%..RNr"rrv.!.b.%.......j...n,...u..*).y.]."..r.b..P...B.FU....`.........s...,..y..(.3...!$.. ....F.(.a...g.?R.F.B:....$C...t...........\..N....c..2..`..VH.1..mF>.....t.L.MxDY....Y..U.6.$...O.(.....U.)/.e.mk..$.^.N....-........:.U.d.7...yp_i...Y.z....t..=...f#Q....IEND.B`.

                                                Chrome Cache Entry: 294

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                Category:downloaded
                                                Size (bytes):14934
                                                Entropy (8bit):7.948072232488911
                                                Encrypted:false
                                                SSDEEP:192:IXBLGlunL0A1xn/DY7I5EiZBLMwXI5P0LvylP80P1wFH9cec8QTuGrTCtZ0PcnQP:IJ3nLnxEM5ZBJXvbyCc8CrTCIC56
                                                MD5:41C7698A26E69006E002969325317820
                                                SHA1:CFE6E9A0A2F1B3160D5ED32BB1AE1CF34F3302A8
                                                SHA-256:1871BCA757CB22C692B545A165B16889FBB3E13E5A3B71EC126760C739D63089
                                                SHA-512:772059637D6559B42DF41AB3FF250AB065933DE74E9E83808591958CDBADAD06E55A0C0104AD0FE71D0FE999043D475FA99EB2E6C8EE63DD0DFB34FE3EDE0F61
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/441934308_773094221360767_7100231602105543691_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=U8gXjd1OGkIQ7kNvgEAX5RG&_nc_ht=scontent-hou1-1.xx&oh=00_AYC0Xmzs7bnhR3838ubHXK0x1IC-aQE4wMezNbiKTTs_MQ&oe=668B36FC
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f01000054060000d90d0000dd0e00001f1000009e170000042300001b2400007b25000016270000563a0000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n...."..............................................................................$.$.$.$....Q..X2.F.+.`I I I I I I I D.@..d.............E$........'@......D2&t8"..7I..gy...y...v....N...2t..iMI.K..]........o.K.l.....Vuh.5..tW-..cL.....MP.ml..p.l.A.....Z.`^......5Q...&...[..B=.if........U....Q.rb4..jI.Q...Z....jpvLWK..D.)\......!..-.2..z<>......S...../.D3P.3'S+_#L.S"..|:.w:.z[.Z....S..|.>._R..6..R....Z.E".0\.........I..kahg..|.#..Z<5`._.T,K5..r....S.O..KI..=#.x(..kR.,}L....S..B..<.6.b.-CK.].-rp..l_...*...Z*..G..ZYn..6.."..k....1.[..p..=.^[..'.w.F.r'.*Cp)3g...dp.......Q.G8....'..TW$>..Z...w....S.t.]N4..1..cBd*\..nV|v....s.A....Y....W.5..\.2.n.......

                                                Chrome Cache Entry: 295

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (58810)
                                                Category:downloaded
                                                Size (bytes):612576
                                                Entropy (8bit):5.28784652602475
                                                Encrypted:false
                                                SSDEEP:6144:EU/kaXRWhG+OZz9M16MWNJP580VXlKKT6pFD:EU/kc8yZzmxuZXltTED
                                                MD5:016E006E31B154AAB24835287F4EAD3D
                                                SHA1:6B3D3CE5896FBFAFF844F43085742AF859AA1F80
                                                SHA-256:111437224E3D0AC3EBB442747C94F67CD25B87CFC68A87554E372F9C1AC90BDA
                                                SHA-512:6D5CAAAD8360EB47C9371A7F72607C5B249E5894C9DE6E569DBCD4879D264FFAD7D6E5A21C519B13DCA56CE00951E82DC1309189011190FFEDBF1F14BFA2F8A7
                                                Malicious:false
                                                URL:"https://static.xx.fbcdn.net/rsrc.php/v3/yu/l/0,cross/WHol-iR7sqMVWgg-YkpZuD.css?_nc_x=Ij3Wp8lg5Kz"
                                                Preview:@keyframes xct2g7x-B{0%{transform:scale(1)}25%{transform:scale(1.2)}50%{transform:scale(.95)}100%{transform:scale(1)}}.x168l2et{scroll-snap-type:y mandatory}.x1a2a7pz{outline:none}.x1hl2dhg{text-decoration:none}.xe8uvvx{list-style:none}.xhfbhpw{scroll-snap-type:x mandatory}.xmqliwb{text-decoration:line-through}.x107yiy2{border-top-left-radius:20px}.x10l6tqk{position:absolute}.x117nqv4{font-weight:bold}.x11i5rnm{margin-right:0}.x11njtxf{vertical-align:baseline}.x13fuv20{border-top-style:solid}.x13tp074{border-top-right-radius:100%}.x14yjl9h{border-top-left-radius:50%}.x15bjb6t{line-height:inherit}.x16tdsg8{text-align:inherit}.x178xt8z{border-top-width:1px}.x17r0tee{border-left-style:none}.x18nykt9{border-bottom-right-radius:50%}.x19um543{padding-right:1px}.x1ahuga{animation-name:xct2g7x-B}.x1bhewko{scroll-snap-align:start}.x1ejq31n{border-top-style:none}.x1g65q5x{font-size:2vw}.x1g9anri{color:rgb(var(--ig-text-on-media))}.x1gu1v0x{background-image:linear-gradient(to bottom left,#bf00ff,

                                                Chrome Cache Entry: 296

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):119193
                                                Entropy (8bit):7.994141171638286
                                                Encrypted:true
                                                SSDEEP:3072:RzoF9ZGSL5bz7IsZavfDUs1/GniQnu8h0iOiz:F69ZGSLzavAsBcu8h7z
                                                MD5:0393EF7A8900396546CE8153F27A8D59
                                                SHA1:122F7F68C5346E79B6949F160E73C531D648C33B
                                                SHA-256:6BC078E9EB64F6B60326683AF93B37F6019E5F4F2593518BE3A93783C4799049
                                                SHA-512:36CA331EA3E96B8C3660B4B9E1CC86D178CB4E1446BCA9AA53885CE8DF6C8B26E3F078370BFBED8AAB40A2144EA52323AA7CC95A8C2393207977D33DD7C14510
                                                Malicious:false
                                                Preview:...Xmoof....mfhd...........@traf....tfhd...*....................tfdt............trun.......}...`..........KS.......Y.......................t.......A.......9..............&...............................................................'........................$...............................@......((.......Y.......m.......K.......P.......x.......[......._...... ?.......................X.......W.......<...............Y..............._....... .......A...............b.......q.......Y...............T...............=.......W...............g.......................!.......e...............G.......#.......Amdat......M..Z.d....2.7...)..(.G....>s. ...3C.m].S.z.n.B...b..J.PV..,..{%X.o.Tn.p..3.-.z..1{...e.T.".u..D.[.....0....)P.....n.. P....G..Y2.A.f...Uh.}B....X.$.S(......v....6%`..xQ...%DV..W..._|8W.}..X..`+U...[.+..X..R..P..GN...i.o.O.P.iK.D...N.+......)....yE....7od.s-...{..o.~.....k.A.\.N...z..z....d......r...*.$...M..9....4....9eh..*.J..N.|...}.'.O..B...g.r-"..2\z......*...

                                                Chrome Cache Entry: 297

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):188
                                                Entropy (8bit):2.6230437113472553
                                                Encrypted:false
                                                SSDEEP:3:PBnltNXlCkZRl/llclXGGXmetlnXbil1lXIXwdNysmGXklfkevtl8n1t:5nlTX8kZRyYjbXd01sznH
                                                MD5:4C05112901854DD6341FD9B359313CA0
                                                SHA1:B5BF3154DB1C5AFD4B865B9DD54F76007E870250
                                                SHA-256:66CB9FD9CB4F6F9BE39C8335D705E29650623CEC8AB1DDD5E67AC209C436DA3C
                                                SHA-512:76C01AA3A79D8817E0D50746EAAC2737F9BA2C5F6FF51CD0B4B3D42D4A8074D696E6CF346913FC89E123B21F5A65839F5FAFD0133A64D1C809B03D8A4B3DAFDC
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=824&byteend=1011
                                                Preview:....sidx..........................D...|>......@*..x.......?...x.......>...p.......?...x.......?5..x.......@...x.......@v..x.......?...x.......?...x.......?...x.......>...p........<..7....

                                                Chrome Cache Entry: 298

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 49 x 74, 8-bit colormap, non-interlaced
                                                Category:downloaded
                                                Size (bytes):1633
                                                Entropy (8bit):7.352151724937379
                                                Encrypted:false
                                                SSDEEP:48:Qy3Hwa/3ffWoAf6t+snxsGhlYUcGwMMQ1:xQaXfKG+IJcJM51
                                                MD5:72EE577BCC1A6A29D0422C3EB1248861
                                                SHA1:800818D8D4A3E67D49ED2A3A935B355F8452DDDD
                                                SHA-256:97FADFDD7D274DAABD9F7D79C817F4A9FACC08EBA67E38284698525E8A1FFFD0
                                                SHA-512:A373DB5E786A91D299394B45D707A067CEC708966B8757BF84F5BEF0F167E7EE4388C4356468526A6A8B4AD3521773FE78FDE18422B16F730D9116245544171B
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3/yb/r/7NqDjYL3eb9.png
                                                Preview:.PNG........IHDR...1...J.....%.L,....PLTE.....................GpL...........................FFF......ooo...BBB.......................................NNN...uuu...............................................................999..................,,,.........AAA...............444......................................................777...WWW......:::.....................333........CCC........................zzzhhh....."""{{{...jjj.............%%%...555............................................bbbccc.........rrr......sssrrrsss.................................to.K....tRNSfJ....\.Td..hLfl.xP6.\x.....jf..|..N|`........N..R`..n..^.tVp..V.v...z...t.|.."^v.hfBlZX.j...tb..p~b....:4r..x...h......n.......n.t.....`.`.....b....b.................TIDATx^..es#G.....dY`.33...!3C.0.c.....~.|.D+E.f....}.T......j...3..3...)C."...'..........GK._..........J.....%..vw:....D&+5.fl... ..@..Q.4.$.h.&Zb..N.....b-.h.".....R'.b.n...!.T#..N.G.a..UEg.DZ.3.....OtC{......+.7.......E.$...

                                                Chrome Cache Entry: 299

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (467)
                                                Category:downloaded
                                                Size (bytes):1884
                                                Entropy (8bit):5.280363294341128
                                                Encrypted:false
                                                SSDEEP:48:o74b7AJ0qbL3AUFQp9/j7kOXTf43Z/rm7ZbZrw:oKFSLrFw/3FXjaeZbVw
                                                MD5:6759666E5C2624986C2FBE9208D39C80
                                                SHA1:4732C0CE332CEED1414CD2A6D4BEBEFD06A59115
                                                SHA-256:C0F98E792B9160E018D61998788E81396C68FB14E058C168E538A9AD6167533F
                                                SHA-512:BCF00B74425A487A6F378FDEBAE1591E1FF6EF50B065850182ADDF239FFDBBA1882E96EF54775AB490CC4F4342337AA9E01286F85424856836082B33866FA26D
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.ZU1EFvXsC20.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAgJYBMgM/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EN3i8d,F6sNGb,Fndnac,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,VwDzFe,YHI3We,YTxL4,YgOFye,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,lRrMHd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,r1n9ec,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEfiLuEnjxYrdf-rk4qPrRacOxopQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("iAskyc");._.DY=function(a){_.J.call(this,a.Fa);this.window=a.Da.window.get();this.Dc=a.Da.Dc};_.B(_.DY,_.J);_.DY.Na=_.J.Na;_.DY.Ba=function(){return{Da:{window:_.Tq,Dc:_.mC}}};_.DY.prototype.wo=function(){};_.DY.prototype.addEncryptionRecoveryMethod=function(){};_.EY=function(a){return(a==null?void 0:a.Bq)||function(){}};_.FY=function(a){return(a==null?void 0:a.vda)||function(){}};_.GY=function(a){return(a==null?void 0:a.oo)||function(){}};._.IDb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.JDb=function(a){setTimeout(function(){throw a;},0)};_.DY.prototype.lK=function(){return!0};_.Pq(_.Fl,_.DY);._.l();._.k("ziXSP");.var eZ=function(a){_.DY.call(this,a.Fa)};_.B(eZ,_.DY);eZ.Na=_.DY.Na;eZ.Ba=_.DY.Ba;eZ.prototype.wo=function(a,b,c){var d;

                                                Chrome Cache Entry: 300

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):404
                                                Entropy (8bit):2.5839699293572496
                                                Encrypted:false
                                                SSDEEP:3:QBcXjGzKtllbtllLmv/llT9Fllsll31l/llalM9Xq09/llptllgmHllU9lHll5/9:QGXGJe1c6DamM9D9LH9V6N97ffK
                                                MD5:8BB9BAF00429C74ABCAFAAB09F4BC7B5
                                                SHA1:0F7434E3860533706523BAFB2E89F9C7B0A6F4D1
                                                SHA-256:981FDB267E0612314EF1846D6108F93D764D8CBE2442A4DBAA89E60F6CBFB776
                                                SHA-512:98B1DB47827649FECE7B488227638EF08963109928CC1ED5FAF705AC5DCF1F5722AA6178EE66566F2FFECDDF3701975C0D7B0272A1EFDE01CC6F84AC2CF3606D
                                                Malicious:false
                                                Preview:....sidx...........D..............4W..\>......0...X.......0'..X......./...X......./...X.......0R..X......./...X.......1f..`......./...X.......0-..X......./...X.......0...X.......0...X......./...X.......0...X.......0...X......./...X.......0...X.......0&..X.......01..X......./...X......./...X.......0!..X.......1...`.......0...X......./...X......./...X.......0)..X.......0...X......./...X.................

                                                Chrome Cache Entry: 301

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                Category:dropped
                                                Size (bytes):14934
                                                Entropy (8bit):7.948072232488911
                                                Encrypted:false
                                                SSDEEP:192:IXBLGlunL0A1xn/DY7I5EiZBLMwXI5P0LvylP80P1wFH9cec8QTuGrTCtZ0PcnQP:IJ3nLnxEM5ZBJXvbyCc8CrTCIC56
                                                MD5:41C7698A26E69006E002969325317820
                                                SHA1:CFE6E9A0A2F1B3160D5ED32BB1AE1CF34F3302A8
                                                SHA-256:1871BCA757CB22C692B545A165B16889FBB3E13E5A3B71EC126760C739D63089
                                                SHA-512:772059637D6559B42DF41AB3FF250AB065933DE74E9E83808591958CDBADAD06E55A0C0104AD0FE71D0FE999043D475FA99EB2E6C8EE63DD0DFB34FE3EDE0F61
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f01000054060000d90d0000dd0e00001f1000009e170000042300001b2400007b25000016270000563a0000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n...."..............................................................................$.$.$.$....Q..X2.F.+.`I I I I I I I D.@..d.............E$........'@......D2&t8"..7I..gy...y...v....N...2t..iMI.K..]........o.K.l.....Vuh.5..tW-..cL.....MP.ml..p.l.A.....Z.`^......5Q...&...[..B=.if........U....Q.rb4..jI.Q...Z....jpvLWK..D.)\......!..-.2..z<>......S...../.D3P.3'S+_#L.S"..|:.w:.z[.Z....S..|.>._R..6..R....Z.E".0\.........I..kahg..|.#..Z<5`._.T,K5..r....S.O..KI..=#.x(..kR.,}L....S..B..<.6.b.-CK.].-rp..l_...*...Z*..G..ZYn..6.."..k....1.[..p..=.^[..'.w.F.r'.*Cp)3g...dp.......Q.G8....'..TW$>..Z...w....S.t.]N4..1..cBd*\..nV|v....s.A....Y....W.5..\.2.n.......

                                                Chrome Cache Entry: 302

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (693)
                                                Category:downloaded
                                                Size (bytes):3143
                                                Entropy (8bit):5.37079395351489
                                                Encrypted:false
                                                SSDEEP:48:o7gbuQLkZHPLbrzOw3KP757NQ8jsKyYqb6f4np/EkGuf/x06IZ2rw:orQGXJaT57OMNwp/kufJRgqw
                                                MD5:DB38B407EAF251C03254DA070DF97E29
                                                SHA1:440A9FE061A55A3C2E20FC8D5421CB89B691C4D5
                                                SHA-256:7071B6E12C5D15142A9D5EF16103678A3038B6D8FFDCDCE248C9E26B9D4D0E81
                                                SHA-512:B99B5DDA32BACF2C79CB23FFD9EC624AD678243C6DBEC19409C298C09486E8F38F31AD658A23BC9D5E249E7D906BA66C303EA3B84F63FD6B053CF588B718F377
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.tJAV7vL1l6c.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAAJYBMgM/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EN3i8d,F6sNGb,Fndnac,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,lRrMHd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,r1n9ec,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHSmMVe3EF2eQKql4kfMC1M0jwtog/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ZwDk9d");.var gw=function(a){_.J.call(this,a.Fa)};_.B(gw,_.J);gw.Na=_.J.Na;gw.Ba=_.J.Ba;gw.prototype.aO=function(a){return _.qe(this,{ab:{hP:_.zj}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.sh(function(e){window._wjdc=function(f){d(f);e(EFa(f,b,a))}}):EFa(c,b,a)})};var EFa=function(a,b,c){return(a=a&&a[c])?a:b.ab.hP.aO(c)};.gw.prototype.aa=function(a,b){var c=_.Vta(b).Fi;if(c.startsWith("$")){var d=_.Zl.get(a);_.$p[b]&&(d||(d={},_.Zl.set(a,d)),d[c]=_.$p[b],delete _.$p[b],_.aq--);if(d)if(a=d[c])b=_.pe(a);else throw Error("Xb`"+b);else b=null}else b=null;return b};_.Pq(_.mea,gw);._.l();._.k("SNUn3");._.DFa=new _.Ce(_.yf);._.l();._.k("RMhBfe");.var FFa=function(a,b){a=_.msa(a,b);return a.length==0?null:a[0].ctor},GFa=function(){return Object.values(_.Yo).reduce(function(a,b){return a+Object.keys(b).length},0)},HFa=function(){return Object.entries

                                                Chrome Cache Entry: 303

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 25 x 64, 8-bit colormap, non-interlaced
                                                Category:downloaded
                                                Size (bytes):804
                                                Entropy (8bit):5.9272601627884605
                                                Encrypted:false
                                                SSDEEP:12:6v/7ykl/f/je0aVMrCwGPlc+Zen0JTSdoc9EdyBw3w6xuS8SNGqsaNg:onBaVHwGPlxen0NSucwXoSJN+8g
                                                MD5:C156C107AE735C5F3813220235E0D11E
                                                SHA1:F655A14E144551432AAE9BA0A7FE0E237A65AE51
                                                SHA-256:D75C74B337113A0C65EBFF05ED63A487A0E158BC7246B987A28943667DF46C5B
                                                SHA-512:A2729CA423327C0855BDC68374AE0EA6B211043EBD39A63B7248BF4E288B9641BF3F827EA01C4FB0444BCFBC68B6E06B51EEDE746668F14D4F7225B9B941CC81
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/q8Uic1K195T.png
                                                Preview:.PNG........IHDR.......@......,n....PLTEGpL....................................................................................................................................................................................................................................................^.g...QtRNS..d....(..........B...:.>...0..XVLJ|<.t....Rv....6D4n.......@x.8...h..\... .NJ.!V....IDATx^...@...4Q@.yf.:1l.9.../3.M...l..U.#........$?...........kI]|.$GI&#.{.R..../d7$..x!.c..X..\B>...x./..X..[....SQ!@c\%..RNr"rrv.!.b.%.......j...n,...u..*).y.]."..r.b..P...B.FU....`.........s...,..y..(.3...!$.. ....F.(.a...g.?R.F.B:....$C...t...........\..N....c..2..`..VH.1..mF>.....t.L.MxDY....Y..U.6.$...O.(.....U.)/.e.mk..$.^.N....-........:.U.d.7...yp_i...Y.z....t..=...f#Q....IEND.B`.

                                                Chrome Cache Entry: 304

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 192 x 192, 8-bit colormap, non-interlaced
                                                Category:dropped
                                                Size (bytes):2106
                                                Entropy (8bit):7.554456957317547
                                                Encrypted:false
                                                SSDEEP:48:EWP8JUaPVKWwCtcHB3sXXRBJ3v8qkZ/aWr/3KZerMLvSOxJ3Df8sfqV1:lkJVKWw03XXZ4Meo931fq
                                                MD5:6452ED75C53E1A8E90A664DF18959A90
                                                SHA1:AC01FC2F40F0E4808E22A9C569F3775F0F15A5E2
                                                SHA-256:C7BAC3E7016DFC7EB5787579BAC6B975B433FC1A9C279DAFC35649D4782F2061
                                                SHA-512:4B23F7FB31826943CBA6496BD74DC620C8EC3B8F0525497E825F1F1F87486335D4374F85417458C3C3E018C2215B9B419D7DE77CB67AAE9EA619038432E1EB10
                                                Malicious:false
                                                Preview:.PNG........IHDR.............e..5...YPLTEGpL.e..e..e..p..e..f..f..h..f..f..`..`.....g..f..f..g..g..f..f..f..g..f..h..e..f..d..g..e..e..c..f..f..e..f..g..g..e..f..f........i..h..e..f..f.....e........e..g..f..f..f..f..f..f..g........f..e..e.......F........................f....F.....d........'y.....p....E.....U..7..t.................6..t...........U.................................p......uy...LtRNS.0`..... ......p..._....@..@..oPP...O.^..__....0.o.o.oO..p.P.P_n. ..@0..P........DIDATx..YS.G..G.]..N...t.6&.$..8v|.>{.."....m.3...../...X...*./.....z..Z...^-."|GT(T.K..Z..n..z.3..BT..Z....\.)..Y.....)..\XZs%..e../...........:....Z.R...,X...B....VCL......".~)P...@..P..8......YG..<...=..BLs..CX........0..J...I....Z..,....0g...i...B..}6.Eh.$.g.D1.k......... ..WYD....O..b~.~......U..s4..?...d0........x.g7.zF...........9..G*.A...~...=#.w0.1Z......K..BV..>....x.p...<LS...ft..(|...2XDE.Q...yc..$Mu.@.L...R=.X,.H....!.X).j../.-q2.....09.........\...&.bYk........j.o......../.u}..(5!.

                                                Chrome Cache Entry: 305

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (6078)
                                                Category:downloaded
                                                Size (bytes):36762
                                                Entropy (8bit):5.630480461369846
                                                Encrypted:false
                                                SSDEEP:384:iUg6tcuZS/1VdiY2SMa3jJGhjWnEJE1kQssfzqm2iCmtADKr0QmlVr+rlHoXfJ:Bg6tcK8VdRMa3lN71kQfODiCgUc8
                                                MD5:AA1AECA9F9ED7B15E813C8626509CF7B
                                                SHA1:B6B69D2B3729BABE0B60EA91CF782EFABF55132A
                                                SHA-256:AA15AE221D511FE38F3E25F2872AF1C8B4EC9039C35FF5039BD29B59B24D4227
                                                SHA-512:AD3E2D45CD2862E8B12FFEDEF8EF24004896947BCAA878CF49C173AFF1B7E0D55941C6B899ED40DAC31010757A152BD4EEDE9A331EF2B7EAD3180C7FCC1EA70C
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/VVfVcgNse_k7OBycsxKTmL-41uF-jEkcBzg4GbaorIyr8O0FwF42MYvlh6jit1ncqcXDV2hji4yzQ.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/..__d("CometHovercardQueryRendererQuery$Parameters",[],(function(a,b,c,d,e,f){"use strict";a={kind:"PreloadableConcreteRequest",params:{id:"7257793420991802",metadata:{},name:"CometHovercardQueryRendererQuery",operationKind:"query",text:null}};e.exports=a}),null);.__d("CometHovercardQueryRenderer.entrypoint",["CometHovercardQueryRendererQuery$Parameters","JSResourceForInteraction","WebPixelRatio","gkx"],(function(a,b,c,d,e,f,g){"use strict";a={getPreloadProps:function(a){var e=a.actionBarRenderLocation,f=a.context,g=a.entityID;a=a.groupID;return{queries:{hovercardQueryReference:{parameters:b("CometHovercardQueryRendererQuery$Parameters"),variables:{actionBarRenderLocation:e,context:f,entityID:g,groupID:a,includeTdaInfo:c("gkx")("22813"),scale:d("WebPixelRatio").get()}}}}},root:c("JSResourceForInteraction")("CometHovercardQueryRenderer.react").__setRef("CometHovercardQueryRenderer.entrypoint")};g["default"]=a}),98);.__d("HovercardInteractionPreference",["$InternalEnum"]

                                                Chrome Cache Entry: 306

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:downloaded
                                                Size (bytes):127219
                                                Entropy (8bit):7.9870295399132
                                                Encrypted:false
                                                SSDEEP:3072:oiGt0gVkM6839lgj+25yETT/iJpmMIqk5kQNmYu1b1BQ:oiGuIx39lgq0Uwqk5kQNmYWbfQ
                                                MD5:D1C56E2460AF0B65C349BFFACEE35B96
                                                SHA1:BF666ED0F8E4DAFDDE476C78A294B9B9A7288C1E
                                                SHA-256:0B33C8E140385E1195D9993BD425D52B2CDBAD36E8F9D45300009807F17D5868
                                                SHA-512:D41994FE132D281D107E9EE3EA22EC330CE73D451CAE78D4CE7E72D3550416BC2561F2528EB54927431B83F4880D98C93F8C996F3F542BF879E20D902CC68D63
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/441199429_890954462796791_2599688641654411968_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=Ci_SargI4XEQ7kNvgG7ebvt&_nc_ht=scontent-hou1-1.xx&oh=00_AYCzsrsVdh2wmh8OT3jXnKLtKOFIQPVdK7rNhsBe6xLOqw&oe=668B12FF
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f010000d1210000df61000016650000d46b000068ba0000cf280100fc2e010011350100703d0100f3f00100....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."..............................................................................%.y.^V..a.....T..YE..P....;4...1...u.W+.&R{.k:.p..beU.s....m...U.rzy..9.....G.#..r..ge.t......%....]...G......Xj.1;.q.....D.GST.... .{..a.j.k..iQ.`F|....5.k.g..wvbP.gOf.0,*....U.-...J....3.9Hx..%Z.:_$vfg..b=v....V.V..zjk.-.D....hZ.>..].:.Fx...1.UVT.../EyKu.$...s3/..M..k..........)zN..4$.6z.....$.9..P.].4.[v$._E.r....se... .A.X.(maV.....-#A...`y'}.W.eSaGp..W..K.*.F.......tn.'........w.G....t;.ys..*.\i..^..5:.'J..h.f.Y.f.=...[5QQ. j.W.J.k-L....7!.........q4{i..?@[....R.j.[..%..+[.q.+v(gtS4.P.cv..U;...U<..c.b.&..H_P.......x...y.1j.\F...-d..Wi.U...Y..|..|..z...j...Z...Z..5...`.m.

                                                Chrome Cache Entry: 307

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):42123
                                                Entropy (8bit):7.9288425791561785
                                                Encrypted:false
                                                SSDEEP:768:09G00+kjYjLkM+gKzyXZxBuM3T3NCGVExdSdUzoDLBoK5ck0Hl1BsI:09G0VtKmJBpCGVMSP1FSt
                                                MD5:29B5A7CE3297C5E7CF8AD4E6D190992D
                                                SHA1:1D52274723D6D2862C0081489F70C721BB0F0608
                                                SHA-256:08210EAB72F087CB8D6B8343C4193D35A0DD50319487141E39AB98E12693B7E5
                                                SHA-512:8E703D820D59D14FC1D94FA309B45BB9481192F6F71AD556DC212C427ADD7EB030C6232620678CF9A53CD7F146C3449D3FA12F1F97AFC34C4F9B335B8375B49B
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=882&byteend=43004
                                                Preview:....moof....mfhd............traf....tfhd...*....................tfdt...........ptrun..................Br...c...............;...............................>...............................:...............w...............2...............I...............5...............................C...............................|.......%.......................I...............................K...............................@....................... .......U.......................+.......k.......*...............-...............-...............&......._......."...............(.......n.......(...............(.......s.......4...............,...............'...............).......a.......!.......d.......$.......J....mdat.....,.?.....$2.........L.B....q. ......].&.)-.,B.^.tv-.g2.|{.R...aD.=..\....%...O...(....I..,\4..e..-l.1.#"y..nI.&..\H.....K.T1..a...2..W.. .OO.6..$(c....o...I....[&y..x@\..z.@..;...1... .Efa&o..)...aLs...NO..1./..qCk.h.@.;.M...yB.A.M....M....]'zd;./..9.@...+.n+....._.(3...3.y..

                                                Chrome Cache Entry: 308

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:BS image, Version 30820, Quantization 26995, (Decompresses to 0 words)
                                                Category:downloaded
                                                Size (bytes):56
                                                Entropy (8bit):2.2408024126583173
                                                Encrypted:false
                                                SSDEEP:3:jBltIlm5jjrH:9l2m5HrH
                                                MD5:BA8425D1A8F72E12D541D7239CD7865D
                                                SHA1:C0685B67728A7746EE80AC1E4840E31089650071
                                                SHA-256:76A513A028E09C39CF56A9688BC1BC64108B14BCFD2EA2DB370F29DBE0219988
                                                SHA-512:12FD95FA3DE19985DE5DC5015178C7300A167A420D3A6F1F24CCAF5BFD6B946E23CD16DE3E94545B0854F02B61AEA3359BF0155DFD8E7A0D02D6EFA07DFFA6AE
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=826&byteend=881
                                                Preview:...8sidx..........<...................,.......N.........

                                                Chrome Cache Entry: 309

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (6474)
                                                Category:downloaded
                                                Size (bytes):397976
                                                Entropy (8bit):5.425354771069281
                                                Encrypted:false
                                                SSDEEP:3072:TcqoD7K1CxpXOI3YzPzeHVsiKGzpQGEu7ovw3ed2tBlNV3s/k6z1tQE:TcFD757/pQGh2aeeLNV3s/8E
                                                MD5:6615358ED4355BA50E5074FC4AC2B977
                                                SHA1:0781C3CE4CF1328F81EB4CAD0827246CE94FC4A5
                                                SHA-256:2CEFE832348EB0BE690A46C5785CA9175D0F2F6DEE983404DAEB0BD7F681981C
                                                SHA-512:E019D2CF2EFF56EB3E8E67EA44A6194E6AF0CABE8571D5A184B63C76F7B69E45C8AF4734A1A120D3B8D0D20CA4468771031AFA45BF7BA393F414C2FC9CAB9FB2
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3iPlJ4/yd/l/en_GB/hZ5gcIcWbl3.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/..__d("$InternalEnumUtils",[],(function(a,b,c,d,e,f){"use strict";var g=Object.prototype.hasOwnProperty;function a(a){return function(b){return b==null||!g.call(a,b)?null:a[b]}}var h=typeof WeakMap==="function"?new WeakMap():new Map();function b(a){return function(b){if(b==null)return null;var c=h.get(a);c==null&&(c=new Map(Object.getOwnPropertyNames(a).map(function(b){return[a[b],b]})),h.set(a,c));return(c=c.get(b))!=null?c:null}}f.createToJSEnum=a;f.createFromJSEnum=b}),66);.__d("BaseAspectRatioContainer.react",["react","react-strict-dom","unrecoverableViolation"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||d("react");function a(a){var b=a.aspectRatio,e=a.children,f=a.contentStyle,g=a.testid;g=a.xstyle;if(b<=0)throw c("unrecoverableViolation")("Aspect ratio must be a non-zero, positive number: "+b,"comet_ui");return i.jsx(d("react-strict-dom").html.div,{"data-testid":void 0,style:[j.container,g,j.dynamicTop(b)],children:e!=null&&i.jsx(d("react-strict-dom").html.

                                                Chrome Cache Entry: 310

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):80
                                                Entropy (8bit):2.3644383268210745
                                                Encrypted:false
                                                SSDEEP:3:rBltIlJkiOle5ul11e0tvtn:Vl2qiL5OU0tvt
                                                MD5:95C4594597D734AF228B4BA49D1586BC
                                                SHA1:38E7337BE4F1E6499A001D44AED6C5AE0072B4CF
                                                SHA-256:B40D728577BD05F7A50F170939AF85361934DBDFD4509AEA98C7DCDBE81FE2A9
                                                SHA-512:867FBF23EB49518FBE598F1DEF61885803731063A7C171D1CCCC28589A0AF3CD5A5F059BD3E233A195BAD6745C89C8759D08064E724A895574127E56D43EFC46
                                                Malicious:false
                                                Preview:...Psidx..........<...............J...,......."...,...........,.......{q........

                                                Chrome Cache Entry: 311

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):824
                                                Entropy (8bit):3.4517761410722954
                                                Encrypted:false
                                                SSDEEP:12:AS82XSkouwKJRLrtX9iZkF/paA/m+ZWFyKaQj65I10Lrw8NPtR/YO:AS8pnKJx5p8+Z2+5I1aHZI
                                                MD5:1D6074D94B02BD0C56C3061661D2AD9F
                                                SHA1:3095A9B5105D45EEB64BB5943426CC3E024E63BA
                                                SHA-256:50ABCAB5FBBAC20DE582F2E27420092B2FC2E79FF3C4D06A8EB0434A7A7BB8DA
                                                SHA-512:24A17A0990CF82D4F8438770CD2130AA409353D737F67BF1EE9F1B55DD2DC7A50CC6B19A7B65E38027B44333A736D837295E1A0754B148E8848A80638B4D8087
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=0&byteend=823
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd.....)8.)8...D....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd.....)8.)8............................................................@..............Tmdia... mdhd.....)8.)8...D....U......-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a.........................D.....)esds...........@..............+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd......W.... trex........................

                                                Chrome Cache Entry: 312

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 25 x 523, 8-bit colormap, non-interlaced
                                                Category:downloaded
                                                Size (bytes):3471
                                                Entropy (8bit):7.355139633660245
                                                Encrypted:false
                                                SSDEEP:96:U6xkFjp9qd3J3T7vtjMayOJkppIwD3tSi:UblqdtT7FcOCpP
                                                MD5:FD9E384EFF31A8A747FD6511657CCE5B
                                                SHA1:C445137F8BBA478C8363A086156E5EA559D8BFAF
                                                SHA-256:7DD239ACD6DB6D4474ABFEF0637CD7ACD2B2EAE000A05F22A2F6A8D658A8D9F3
                                                SHA-512:F53E6B5CFF98105C8115CF6C1A677895930D864F890E46CA30B2ADEAAF95A48B976C8FD944A81412BB3F9C837CC02438BAF97D0F31A2A2EFEB22A8027D3B2E98
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3/yo/r/R39EhsDDUBY.png
                                                Preview:.PNG........IHDR.............*.......PLTEGpL...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................tRNS.Z.>.......$."...Nt.d...J......@....\..8.......(...&|.D.*lXP....,....f..V..j...<..`.2...BZ.FT..4.vH.R..n.p.^.~.r. 0L.....b...8..6.",....hD..x|x...:..$....:. ....v..\.z.p...jn...h.H..Y...XIDATx^...w.F...K...v.b.E.K...+Q....X.-7.....8.o.f.l.....w...0.f....$'.9...p...$M...8O.......N..}_.x..^....q...4.-.b..R#..&...M....(M..}.n..by..".......d...`I...2". .bF.&....Ql..1l..U%.

                                                Chrome Cache Entry: 313

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                Category:dropped
                                                Size (bytes):17032
                                                Entropy (8bit):7.9608211296829205
                                                Encrypted:false
                                                SSDEEP:384:PXbzNDx6GvnHH7/UrOb7aS3kDEWjCV++1rvRMDKyuRL0YodXWOUKYaN:dsun7c0FkDVamhhXWlra
                                                MD5:CE1C62031C104D664DC896663BF09BAF
                                                SHA1:CAC5F706D6AA539B937B9CC92926F1F24880EFDC
                                                SHA-256:1E4D5F16F2F8930798F9D252B297001E41A92F8C73F9E4DC1F6B92A1DC10B349
                                                SHA-512:32D876545E9985BC502E8DDF7D24B47B1089505302442D498E3B3096237E67736BF9B19B05780D53681618710CBBFB7DC097BF9C540AF03A2D5BF9D2BAFF514C
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a70010000b5060000060f0000f9100000041300001e1c00007928000093290000a92b0000a12d000088420000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n...."...............................................................................V.w..-N.....:N...t.d..H.1.a........O.N..T..3?=FN.......N..$..I.9....o...H....nU.(...$..;t..;8'H.H.H8.i..+u...I6vp.n...t.N....t..@. I J..G+...].+j.M?!...,53.y...V....5.q0.ws.bp2(.}?-.r.6......\N.I....lCF........s.Gv@.P.|.8s..i.......E.'..Y.7...&....}U.B2.QZ.u.#H..^vt...px..?2!c.u.....]...M!KX.Y}}x...4=2A.+.`.e....d.s.;:i$...L.}..m..Mn.).J..F|.5k<.+5.....#...~.Z....`.e..I4..g.8-.:zZ?;...._...c...?...>I...eW...../...s.Ky6.83..vp....'.....\d.4F........Z.D.U......:.....}'.Y....~zi$..1..Z..`.D.....Y.uz..0.kY#}.UGKb..*.cuy.......6{A.u.n....A.d.fCAK'(...P..puY..O./'.$.;u+;.j......v.W

                                                Chrome Cache Entry: 314

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):104
                                                Entropy (8bit):2.5679932036140025
                                                Encrypted:false
                                                SSDEEP:3:TBltcXM11ulldsllQknllp0l1tll1l:Nlzxcn
                                                MD5:8E2AA44446860BB117F5F2C60EFA2C5B
                                                SHA1:4D7D0DCBA1DCE58B576F01F6D2C47E3218F42369
                                                SHA-256:0BEB0DF97EE52BD814A07D9191297359AD1420864170196ED47C1B15C4CC9EF4
                                                SHA-512:791F0399C599C748F8F44BEA0C7379BD6DBDC9B040BA875101CFFD65F6D72F0BFB38DA23A6E68CB5251C5098AC051D50B82BA969CAECA5C0A241BF59AFC1C845
                                                Malicious:false
                                                Preview:...hsidx...........D..............F...\>......?a..X.......>...X.......?^..X.......?...X........y........

                                                Chrome Cache Entry: 315

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (467)
                                                Category:downloaded
                                                Size (bytes):1884
                                                Entropy (8bit):5.280363294341128
                                                Encrypted:false
                                                SSDEEP:48:o74b7AJ0qbL3AUFQp9/j7kOXTf43Z/rm7ZbZrw:oKFSLrFw/3FXjaeZbVw
                                                MD5:6759666E5C2624986C2FBE9208D39C80
                                                SHA1:4732C0CE332CEED1414CD2A6D4BEBEFD06A59115
                                                SHA-256:C0F98E792B9160E018D61998788E81396C68FB14E058C168E538A9AD6167533F
                                                SHA-512:BCF00B74425A487A6F378FDEBAE1591E1FF6EF50B065850182ADDF239FFDBBA1882E96EF54775AB490CC4F4342337AA9E01286F85424856836082B33866FA26D
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.tJAV7vL1l6c.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAAJYBMgM/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EN3i8d,F6sNGb,Fndnac,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,VwDzFe,YHI3We,YTxL4,YgOFye,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,lRrMHd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,r1n9ec,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHSmMVe3EF2eQKql4kfMC1M0jwtog/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("iAskyc");._.DY=function(a){_.J.call(this,a.Fa);this.window=a.Da.window.get();this.Dc=a.Da.Dc};_.B(_.DY,_.J);_.DY.Na=_.J.Na;_.DY.Ba=function(){return{Da:{window:_.Tq,Dc:_.mC}}};_.DY.prototype.wo=function(){};_.DY.prototype.addEncryptionRecoveryMethod=function(){};_.EY=function(a){return(a==null?void 0:a.Bq)||function(){}};_.FY=function(a){return(a==null?void 0:a.vda)||function(){}};_.GY=function(a){return(a==null?void 0:a.oo)||function(){}};._.IDb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.JDb=function(a){setTimeout(function(){throw a;},0)};_.DY.prototype.lK=function(){return!0};_.Pq(_.Fl,_.DY);._.l();._.k("ziXSP");.var eZ=function(a){_.DY.call(this,a.Fa)};_.B(eZ,_.DY);eZ.Na=_.DY.Na;eZ.Ba=_.DY.Ba;eZ.prototype.wo=function(a,b,c){var d;

                                                Chrome Cache Entry: 316

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):17886
                                                Entropy (8bit):7.88396294124123
                                                Encrypted:false
                                                SSDEEP:384:j3jmVDJaU8hVRSI0AB6IGBPH5HW1AJJGRtbDqc9WDqmYDB/NJ:Hm5JaUkcIpBudH5HWy+Dqcoj2r
                                                MD5:331E5B14AB11FD4F2CEF10D31B3E0D91
                                                SHA1:47BCBA6D3AE24B72763E8B78A2F32C27F4C0E29E
                                                SHA-256:ACDA682E5CD1C04989EDBF77129BBAE156AE69ABDB4EED2E43C03227A24137F2
                                                SHA-512:D0B0060FB99B3732FC129BB32C4F25A1370875FC2E19A4E5A82463211427C5F9AC92A83A73C216F84B454B5B9946087B5CAC0BBD6E95051191392298106B1E14
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=964&byteend=18849
                                                Preview:...4moof....mfhd............traf....tfhd...*....................tfdt............trun...........<...s...................................................t.......m...G.......V...]...k...W...Z...U...Z...p...].......H...;...H...I...R...X...b...q...x...e...v...............L...k...g...s....sbgp....roll..............D.mdat!.E..P.F.=..<.@............................................................................................................................................................................................................................................................................................D)iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiix!.S..A.!... ........./wT e.RQ.d>...LM!re....yI.$.......>....D.".N.z...EF.?'..#...Vz.=.!.....;....*......@.....yG\O........./..-.e....i.Z........`....\.....X#G..I...7.o.V6./.{!......z..F.>.yg......\.Tk#.#..#.......p1....OV...ogH....[zN...E..*...p.+.C....-.&aR....o.....p.... ..Z..B....lU.U.`.jY.....C..`.y

                                                Chrome Cache Entry: 317

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:dropped
                                                Size (bytes):57986
                                                Entropy (8bit):7.962049349706165
                                                Encrypted:false
                                                SSDEEP:1536:iSm9Ysn9yu41QFhOgLYoect22hlYOcBl2wqIn4p:c9YO9dWYYnct26hcBgwqb
                                                MD5:6A5CD8F2512E5E251953C5028A12C42F
                                                SHA1:FC3F89EACC5955ECB6981EE4F48938EC19B97AD7
                                                SHA-256:2B634E2BB3DCBB5A64E7B141B10065ED6C6A47FF09B30DFECD003416D5A543BD
                                                SHA-512:978689AE1C37EB85FF68A901E764EA3450E449F168EEF2BFA28E02CF6FB2AF6EEC56789F0975274105BB66B4ADBFAE93DB158BB109B9B434EFEFB7E7649E3C8F
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a7001000091170000d4380000173b00006c3d000077590000cc880000fb8e00004e920000cc95000082e20000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."...............................................................................H.............................................................................................................................................................................................................................................o.j.1.p......}G......<..`.O.......#...;..s...}.d..='.0..#..2.....>...&F.........~.....o..Y.<..M..+...~....{..C.....:...?m4i..j.Y.O.}l.r}.O.ps.>...3...."z/G.=.>.'.x.{.....T.3...fu~3.....v...|.....hO.s...S...........d..#...Q.?,.@.....NO......T.VOE.>z=...{..g.|....#....=...[..[...;..,.....>..<..q.._>`...L}OW...._-..........}..........g...7...V.}H.e^.....5.&.J.

                                                Chrome Cache Entry: 318

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):17809
                                                Entropy (8bit):7.889876715927552
                                                Encrypted:false
                                                SSDEEP:384:P0wlCG5ahqGMB7wWaJxJBBIzIvIzSKj9jU9ZEmIk1q:cwlCmadMNlauzVt9jUHEmIGq
                                                MD5:4C0B6485E57A9D58E99184DB2BAF95A1
                                                SHA1:24BBD1AAC3B00C95713CF1D3B9DC339A1CD9171E
                                                SHA-256:7C5B0E81B9C4A676FFD8A9A887676D8FDE7E3143CA1CDAB285D47158A81AFBB7
                                                SHA-512:2CB2E1B278E6E9B362F0761FE1DDA042DF5EF2838FEE5AA88B8A11EE9FA0599EBDFA4D31F6208B6A77B613D48D44C180373FE7DC09E3C192E396AFB7CA78C199
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=916&byteend=18724
                                                Preview:...4moof....mfhd............traf....tfhd...*....................tfdt............trun...........<...s...............................n...R...i...................~...|...z...m...\.......w...P...g...`...h...`.......Q...T...h...................N...R...Y...A...V...s...l...Z...g...v...s....sbgp....roll..............D]mdat!!E..P.F.=..<.@............................................................................................................................................................................................................................................................................................D)iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiix!O..........~C.}.S.Q.h>.^i??.....~>..(.=...B...%..D ".9..F....C.>.w.F~G.l..c'.....<...........o.~.~..q......3.....`..}D/...@0...8.."I[..3.a........D.......A.....eU).....e.s=...y0...0].D`.e.D..6.l:v...cvF^..<.~'N.W.q.e......{...Gz.......SwX......Z...+.`s>J.?.......}.\...P.w.?..#.{'...Gox.#.......2.....

                                                Chrome Cache Entry: 319

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):116
                                                Entropy (8bit):2.5549267249335
                                                Encrypted:false
                                                SSDEEP:3:3BltcXKl616Clv/ll4l/llq+nllaEtllf0l1tllklulln:xltClpCBcslu/n
                                                MD5:E5CC819D93CB047090BB1B8C5094E56F
                                                SHA1:B6ED997BD6DF05500033F108F16E93A16EE6FFC7
                                                SHA-256:643C0A2455BAF1F75681197808C6ACDF2014F36BAF1E29B1E4D335720730E9CE
                                                SHA-512:8259852D0928B8C7337633D814E4903D27CFC12324229FD6FF7F74BC02DCC1ACBF9D5E7CED830F4E199625B9FCE7787A7406FF6916F572576B44F6B898AFFD24
                                                Malicious:false
                                                Preview:...tsidx...........D..............EU..\>......?...X.......?...X.......?...X.......?P..X.......?...X................

                                                Chrome Cache Entry: 320

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                Category:downloaded
                                                Size (bytes):1933
                                                Entropy (8bit):7.190556724742186
                                                Encrypted:false
                                                SSDEEP:48:g6r0iWJoPAHMGfPdeJZSC/XKxibwTZzYE1mXtE9:1e9fPUJZSyUTJv1stE9
                                                MD5:4D0F1CEB4D895316AA0A904CD63D7532
                                                SHA1:94C9612D5ED8D1A8186392F3F021FB4594194BE4
                                                SHA-256:0502404C3CD6C2804813308FF4BFA5A96D7C470889E5585E9D196462D760756B
                                                SHA-512:0708DDD28BEA1D4ADBCAA4D17404F276A939D490EF8BDD8B546F475D97F6B8B25F195113D34E543762F19033238D40FDF1EE2152F37CE8BD87F2628BA5C4FE08
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t39.30808-1/433129071_935133255288704_3257703405738048815_n.jpg?stp=c0.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=otqXuLx_E1EQ7kNvgFnvvly&_nc_ht=scontent-hou1-1.xx&oh=00_AYA6D03wweMwBvay2J7uea18YYF9XZUEe_UiJceuZEtTMA&oe=668B235D
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e010000e301000087020000cd0200001f030000f8030000020500003c0500008b050000da0500008d070000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."............................................................................a.9..~: ..S.zT1....+........Q.V=$cY../..z.+Y)k.....Y._+....l..L..?..."..........................!#2"34............q.PV.l,.e.E.^....jX..In.:..X..{..|.E....5.A....?.\.....\|..Bh7vn..y.3.Rj.......S..s.mf.%.0.....|....:t;2.......$.... .........................!21R.........?.7....*.Yn...bD..Q...Ob.g.... .........................!1.3q........?...U.+...k.4Q."..*..m..=...;....(......................!1.AQ"Bq.2a.#...........?.%.]........Aqw..?<..........<.?A.M#..x....K.j.V)'...x.2.......S<...6..J.F.Bi..\..H.h...Y..w.....<':O......*..eF...v+L.8....sW.-K.v....#P.Y.gP.p..Y....)..L.....\.|,....#.................

                                                Chrome Cache Entry: 321

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 10 x 10, 8-bit/color RGB, non-interlaced
                                                Category:dropped
                                                Size (bytes):79
                                                Entropy (8bit):4.71696959175789
                                                Encrypted:false
                                                SSDEEP:3:yionv//thPlH1tnt/tAhHGZscm1olkqCwbp:6v/lhP6hHDcZCYp
                                                MD5:8DC258A49B60FAE051E9A7CE11AD05CF
                                                SHA1:DAFEF280663F4205FC7F0E47799E9945E6A68D6D
                                                SHA-256:C8CAED93847AFFC154CB3D424E34FC146E7340BB29ABEBD5EBA7063E3DCA0604
                                                SHA-512:5F11ED60D79A80EF7CCEFFA907CD55F31D8DB19BD2A7F4C2650C62A355C5071C5FB61DA1EB0A2071CE22ECDC35C0D12F51E4D13AAC3B0FDB95ED4629815B5AFB
                                                Malicious:false
                                                Preview:.PNG........IHDR..............PX.....IDAT.Wc...0a.!..)....A,....Zl....IEND.B`.

                                                Chrome Cache Entry: 322

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):128
                                                Entropy (8bit):2.5014824367742965
                                                Encrypted:false
                                                SSDEEP:3:bBnltcXnjcuQknllOCtll5Clv/llHCl/llIWllk+P/llntlH:lnlftCmp92X
                                                MD5:3DC1A2F4D09D3E593FD1024394FE2FCE
                                                SHA1:06448763E538161E02B7BE39AFAD564EF8D94BEE
                                                SHA-256:1E35BC91DDEAFF355F91770D4A786DBA1C4EACD47EB3768913FAB37A4F387F96
                                                SHA-512:42EB3DC288B32A2F205A8D11D4A7A44487B76EA11853858AD19135832CFA01EC47F5B21FADEB97186ACFD61D28CD11CC1E324A6DAA336BF215DC938FA24720FF
                                                Malicious:false
                                                Preview:....sidx...........D..............F...\>......?^..X.......?...X.......?...X.......?...X.......?&..X.......?...X.......0.........

                                                Chrome Cache Entry: 323

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (709)
                                                Category:downloaded
                                                Size (bytes):3865
                                                Entropy (8bit):5.117937775135725
                                                Encrypted:false
                                                SSDEEP:48:K7kdzQxnVkjycAgPYqX9q2lqA+Tp5kLYY8HIXOYl6np:hvbRq9D7Njnp
                                                MD5:4C06785D198163A7B74BCCED21CCF3BC
                                                SHA1:9338F8317047308BD54A9DF3DD435829AF63979D
                                                SHA-256:2D4C613B493D83907C04D36CBB660DE66C14EE7FDE2496F575FE18E82A6D5BE3
                                                SHA-512:4C3F371A8BE97A22A04FF967F117D647845C4E979051D43B8EA862D4869734E257654D59DA703924478180956D8A37CF80AD56AD3CEDBB3858F9BEB2CB4A8542
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3/y_/r/EujyFHnNhhH.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/..__d("CometVideoHomeCatalogRootQuery_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="7827318070696303"}),null);.__d("CometVideoHomeCatalogRootQuery$Parameters",["CometVideoHomeCatalogRootQuery_facebookRelayOperation"],(function(a,b,c,d,e,f){"use strict";a={kind:"PreloadableConcreteRequest",params:{id:b("CometVideoHomeCatalogRootQuery_facebookRelayOperation"),metadata:{},name:"CometVideoHomeCatalogRootQuery",operationKind:"query",text:null}};e.exports=a}),null);.__d("CometVideoHomeCatalogRoot.entrypoint",["CometVideoHomeCatalogRootQuery$Parameters","JSResourceForInteraction","WebPixelRatio","buildCometVideoHomeRoute.entrypoint"],(function(a,b,c,d,e,f,g){"use strict";a=c("buildCometVideoHomeRoute.entrypoint")(c("JSResourceForInteraction")("CometVideoHomeCatalogRoot.react").__setRef("CometVideoHomeCatalogRoot.entrypoint"),function(a){return{queries:{catalogRootQueryReference:{parameters:b("CometVideoHomeCatalogRootQuery$Parameters"),variables:{scale:d("WebPi

                                                Chrome Cache Entry: 324

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):404
                                                Entropy (8bit):2.5839699293572496
                                                Encrypted:false
                                                SSDEEP:3:QBcXjGzKtllbtllLmv/llT9Fllsll31l/llalM9Xq09/llptllgmHllU9lHll5/9:QGXGJe1c6DamM9D9LH9V6N97ffK
                                                MD5:8BB9BAF00429C74ABCAFAAB09F4BC7B5
                                                SHA1:0F7434E3860533706523BAFB2E89F9C7B0A6F4D1
                                                SHA-256:981FDB267E0612314EF1846D6108F93D764D8CBE2442A4DBAA89E60F6CBFB776
                                                SHA-512:98B1DB47827649FECE7B488227638EF08963109928CC1ED5FAF705AC5DCF1F5722AA6178EE66566F2FFECDDF3701975C0D7B0272A1EFDE01CC6F84AC2CF3606D
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/448827281_1000449061755355_8485620690939993684_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=tmxMzlxytgsQ7kNvgGNvup2&_nc_ht=video-hou1-1.xx&oh=00_AYC3vkKp0JXb8qLN0MZER1vtR4PHP7zT3IQbzeobYJCQ2Q&oe=668B2530&bytestart=824&byteend=1227
                                                Preview:....sidx...........D..............4W..\>......0...X.......0'..X......./...X......./...X.......0R..X......./...X.......1f..`......./...X.......0-..X......./...X.......0...X.......0...X......./...X.......0...X.......0...X......./...X.......0...X.......0&..X.......01..X......./...X......./...X.......0!..X.......1...`.......0...X......./...X......./...X.......0)..X.......0...X......./...X.................

                                                Chrome Cache Entry: 325

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (20398)
                                                Category:downloaded
                                                Size (bytes):270048
                                                Entropy (8bit):5.4052045521246646
                                                Encrypted:false
                                                SSDEEP:1536:fPHaQFjc/lJ/yfJyAH9OD47Yzs4HEBuP2a5y+OuUCbPuy6ITe0xquHcyiTiDtKiv:+WxqHP2a5i/wEn0tGROh
                                                MD5:AD4BC82EBEDBBB89FB89F3856A735857
                                                SHA1:E9D8F791CFF027FACC8D90975907D4AC0C0476DB
                                                SHA-256:72E3D022E5D7B1A0681540FB01AB0AA510CA1BD448281800BB495A0CC8E593D5
                                                SHA-512:DA518406CD8C3E03E60D48BAF384678C036AFF45671FA7FD45DB807521722179F58F4FA229C83CD51CADE68EE663AF35B70DC567BF8CDB065D9D2F9061D3EB14
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3/y5/r/16tMAVgIV_z.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/.."use strict";(function(){var a=typeof globalThis!=="undefined"&&globalThis||typeof self!=="undefined"&&self||typeof global!=="undefined"&&global;if(typeof a.AbortController!=="undefined")return;var b=function(){function a(){this.__listeners=new Map()}a.prototype=Object.create(Object.prototype);a.prototype.addEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();d.has(e)||d.set(e,new Map());var f=d.get(e);f.has(b)||f.set(b,c)};a.prototype.removeEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();if(d.has(e)){var f=d.get(e);f.has(b)&&f["delete"](b)}};a.prototype.dispatchEvent=function(a){if

                                                Chrome Cache Entry: 326

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):84509
                                                Entropy (8bit):7.977531627673982
                                                Encrypted:false
                                                SSDEEP:1536:k/F0PagL58JL2w3fishRCz//TDBC5QwjzE0/18TeUu3CuJXIph:k2agLsCyqYRGC5QwjzROTeUkYph
                                                MD5:0D531A1AACEEAFF6E8C152F8FA77C332
                                                SHA1:7419F57DFEE5419B8C0391D528FE77B7BDD623C0
                                                SHA-256:73BEBDAF98038A2AABAF7AAD95ED0B8B809CC0FCA89C77C2A61BA367C5417DC7
                                                SHA-512:8CA9073A6DCC6B8B7920F033CCA8AF49CB36EE3A401A4617F87562A7D3A5E37E2FE4421A0886827258DCE533215A568571BA3BDBF766591E1F2D12CB88153DC4
                                                Malicious:false
                                                Preview:....moof....mfhd............traf....tfhd...*....................tfdt...........ptrun..................)....................................................................................*.......................................`...............O.......j.......V.......".......................Z...............Q......./...............^.......a.......................................)...............>...............T.......*...............................L.......F...............................................................F...............?..............M........7...............4...............0...............'...............&.......{.......9...............)...............>...............;.......<..Gamdat.....$...._2...H2.R........ ...'... ...M.P.~..K.h.F0+....[A/.5u..3.B.[w."~=.=..s>..ZD.VX7.....<,..&B.{....I...?&..KrI.....2.vA.g...Pc....Sn_..H..[..+.o.T.P..s..$Tn.U+.H.....~...y.q4...z[..M..._4..;..S...x...@...%...-e.eCt.8.}HZ.k......&0le.-...t..SA..[.....f..o.0/ .h7.h.1OF..?z.

                                                Chrome Cache Entry: 327

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                Category:dropped
                                                Size (bytes):21875
                                                Entropy (8bit):7.968424155529536
                                                Encrypted:false
                                                SSDEEP:384:FaF6fRGyzYohszb2XiAvrZLc8k3a4aA+RuIMxYwniqW0ztCj4shIJks+:FacpYoY4jZLc8l4HvFkSahskz
                                                MD5:049D60AB478FDB47FB66103EEAE1FDBC
                                                SHA1:4C5FA31A0FE4710DD619584DD44EC5C8E5848BDE
                                                SHA-256:0333E499AD55CCCA1D46D5C823FA0ECF9218D987A8EAB12F9AFDB4D9FABD8AF4
                                                SHA-512:8BC1D145B782625DC7B0210310A7D4D053BB49C8B30A9B722888B0BCB3530063FC25BBC6CB79B96F01B951D6448F04706D10CD8D2CB622767E0D1BA362E74DBC
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f0100004406000013100000d9100000b61100007b1f00001433000024340000943500001e37000073550000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n...."..............................................................................F...l.gYl......hd....P.Y\......%.F..c...AlM.......U.g........di:2sLS....Mq...........f.+T.I.z[W....b.\...0...p.nH(@.?)p.Z...N,#.WD>.....m+..k..E{KdVac(.*o&;...U....HMY.I...+US[...enE.y.*z*..N.(H:.4.`ez.}X.v..paz.O...y..,it...0.k3..4g'a]5y.....ps}.N...Nk.x8......f....([...9ZS..I5.r.v).T.S\Pk4V.1.T.0....o.S..f>Fp...1]..T.oB.w.Rz.:/b..X-&CH.[e..-...?..b9.Q.....=..*...U.FJ.~.[.<e.N.C.......m,(..w..?.@..Dh...H:4...0-T....*..w.N......{6._A.EF.(..>r...........~(.`A.....*.....Z.UV....e.mMC...\:~.......2..0.a.$](..fk...O.fU...uu.>M;d....u.8.=...K...h`X.xU...a....q,)D..?@q..E.J]..(.~VA.rA....$

                                                Chrome Cache Entry: 328

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):42123
                                                Entropy (8bit):7.9288425791561785
                                                Encrypted:false
                                                SSDEEP:768:09G00+kjYjLkM+gKzyXZxBuM3T3NCGVExdSdUzoDLBoK5ck0Hl1BsI:09G0VtKmJBpCGVMSP1FSt
                                                MD5:29B5A7CE3297C5E7CF8AD4E6D190992D
                                                SHA1:1D52274723D6D2862C0081489F70C721BB0F0608
                                                SHA-256:08210EAB72F087CB8D6B8343C4193D35A0DD50319487141E39AB98E12693B7E5
                                                SHA-512:8E703D820D59D14FC1D94FA309B45BB9481192F6F71AD556DC212C427ADD7EB030C6232620678CF9A53CD7F146C3449D3FA12F1F97AFC34C4F9B335B8375B49B
                                                Malicious:false
                                                Preview:....moof....mfhd............traf....tfhd...*....................tfdt...........ptrun..................Br...c...............;...............................>...............................:...............w...............2...............I...............5...............................C...............................|.......%.......................I...............................K...............................@....................... .......U.......................+.......k.......*...............-...............-...............&......._......."...............(.......n.......(...............(.......s.......4...............,...............'...............).......a.......!.......d.......$.......J....mdat.....,.?.....$2.........L.B....q. ......].&.)-.,B.^.tv-.g2.|{.R...aD.=..\....%...O...(....I..,\4..e..-l.1.#"y..nI.&..\H.....K.T1..a...2..W.. .OO.6..$(c....o...I....[&y..x@\..z.@..;...1... .Efa&o..)...aLs...NO..1./..qCk.h.@.;.M...yB.A.M....M....]'zd;./..9.@...+.n+....._.(3...3.y..

                                                Chrome Cache Entry: 329

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):88163
                                                Entropy (8bit):7.980197124237469
                                                Encrypted:false
                                                SSDEEP:1536:VEPQCPVknypCaqezO44mCFIB7Nx1IBVu/XstBA937bclgo5SUOOsPIx+q:VE4CP7piwO9IB7daVu/Xstmpslx8RBq
                                                MD5:E7A14982B5EB398C562C802165E29A88
                                                SHA1:E9124EDBFBF19EAE0286E03027E93DB977490D5D
                                                SHA-256:DAC58C0D8079CAD3A3068131CDB65F1447640F17EB5DCA1C984F5A177A2D5BD3
                                                SHA-512:01F55881CD82E179BAD434297BB1044D2967BDD997B17E78196719F0722AE745FB64E0E26A61F7961546F81C5B40DE2C4C47C9E62D0BF25D8E3788D3B0D73054
                                                Malicious:false
                                                Preview:....moof....mfhd............traf....tfhd...*....................tfdt...........ptrun..................w....0......./.......;.......................-...............A......./.......................#...............................'...............(.......x.......2.......7.......(.......i.......#...............$...............4.......=.......,.......g.......................*...............:.......G.......'.......p....... .......~.......%...............#...............'...............7......>........?...............................................b......+........J...............3....... .......2...............;...............$.......[...............I.......7...............<...............+..........U.mdat.....,.?.....$2......I....0.../... .Pp..+kj;.L@...+x.[..eGlgaeT.8.....Q.9cb.uP..+...^....W|.....w.f.vV..3.J.6.,!&.{F..Cl..R...P....c..k.96..X. ...Z...f.........UW.Kw..... ...<v..4gI.Rc..e..0Gy:.?T.W?.3.s..=.6...p..S.....Z..&.a...)..4w.5......~0...p.4...5..65.....+..A|.

                                                Chrome Cache Entry: 330

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):17876
                                                Entropy (8bit):7.83372613335877
                                                Encrypted:false
                                                SSDEEP:384:RBE0km54eEi/G473NWLga+Cs13aPxzm21wkN6n08tbiiI:QI5LGeZ3a5zm21w46n0l
                                                MD5:C548B3D094F5B471E831DEA7B82E103C
                                                SHA1:5C6B6ADE69B8474429EAAEB128C0F185351249AF
                                                SHA-256:7D82D819993027C2BE13CF8EA9BF7E9FC2B3339E59344658DE8D3F1B7D9DB6C2
                                                SHA-512:8485DB91E7E94395D0CA12DE7B985406CAB4685969EE15C5F00FB106C86F1C05111B44F32B36B179F3DB8C9D9C98EE92D55EFB2E062E6DCB5AE64044F145F347
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=916&byteend=18791
                                                Preview:...Dmoof....mfhd...........,traf....tfhd...*....................tfdt............trun.......2...L...U...U.......................t...V...@...Z.......2...-...2.......U...?..."...T...I...,...8...>...H...?...H...=.......j...y...\...]...T...(.../...........V...K...5.......6...)...........'...(...(........sbgp....roll.......2......D.mdat!.E..P.F.M..<.@.............................................................................................................................................................................................................................................................................................)iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiix!+O........jL'.H....)@.........T..7h.T...........o................................................................................................................................................................................................................................................................................!KKK

                                                Chrome Cache Entry: 331

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):80
                                                Entropy (8bit):2.3644383268210745
                                                Encrypted:false
                                                SSDEEP:3:rBltIlJkiOle5ul11e0tvtn:Vl2qiL5OU0tvt
                                                MD5:95C4594597D734AF228B4BA49D1586BC
                                                SHA1:38E7337BE4F1E6499A001D44AED6C5AE0072B4CF
                                                SHA-256:B40D728577BD05F7A50F170939AF85361934DBDFD4509AEA98C7DCDBE81FE2A9
                                                SHA-512:867FBF23EB49518FBE598F1DEF61885803731063A7C171D1CCCC28589A0AF3CD5A5F059BD3E233A195BAD6745C89C8759D08064E724A895574127E56D43EFC46
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449749398_919410706654359_5930299620981928735_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E2MCIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=rOrpAmpg2qEQ7kNvgHrh-6Y&_nc_ht=video-hou1-1.xx&oh=00_AYCTXVxhfNzeBOavxbvCAUwoD6y6ShLZHvezDgM-zVRHrg&oe=668B327F&bytestart=826&byteend=905
                                                Preview:...Psidx..........<...............J...,......."...,...........,.......{q........

                                                Chrome Cache Entry: 332

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:BS image, Version 30820, Quantization 26995, (Decompresses to 0 words)
                                                Category:dropped
                                                Size (bytes):56
                                                Entropy (8bit):2.0550212339213947
                                                Encrypted:false
                                                SSDEEP:3:jBltIlnc81o4dln:9l2c8i4
                                                MD5:8EB7D176EEE280B236DFF38E3B998728
                                                SHA1:C8AD80093ED78F15E5722F39EBA0C2AF33D21154
                                                SHA-256:CD997494968627CC0AA61AD51F8323502BEF0D52F775EBA88BC19ECA0FA338EB
                                                SHA-512:CA776705A9C0750A7019C920FED4D69EE624BA9B47124C52D123EC1D90171950AB56C1ED2B1B354585E25457B7BFC9F0653B62E5FED3D1CE493ECEA44D1925DE
                                                Malicious:false
                                                Preview:...8sidx..........<...................,.......M...P.....

                                                Chrome Cache Entry: 333

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):826
                                                Entropy (8bit):3.515565432868116
                                                Encrypted:false
                                                SSDEEP:12:LuA47S0yXSkouwKJRLrv9ickp2hPOcRS+xtEqy95I10HZ/UV0:LuAUS0NnKJLhhPVRS+OI1/
                                                MD5:AAC0CEA1859C9A095B5BB558E032B472
                                                SHA1:7A8B6BE397920EDAEAA5FBB67AAA4A6832F6C6A5
                                                SHA-256:33089A0B61E398AAF5D9AD14BF2FE383CF58BEDF5FFDADE267E85F6B9419265B
                                                SHA-512:809EB3A508A19BD96360E83C3EBE0C1197E482E6E5CF2606B7980F49926073D37618772BF6E085D24EA1580729FF38364ACDACC6D795B664EC9FD3BBDBB86BB4
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=0&byteend=825
                                                Preview:...(ftypmp41....iso8isommp41dashav01cmfc....moov...lmvhd......|..|..<.....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd......|..|............................................................@..............vmdia... mdhd......|..|..<.....U......-hdlr........vide............VideoHandler....!minf...$dinf....dref............url ........stbl....stsd............av01.............................H...H.........AOM Coding.............................av1C.........,.?./....$....colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 334

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (405)
                                                Category:downloaded
                                                Size (bytes):1600
                                                Entropy (8bit):5.234706685474562
                                                Encrypted:false
                                                SSDEEP:48:o79bWW+d1xb0KeRV8YtQy0aqdHgxbaQ77DfTBpbrw:oAB6KOVddbqSnLzw
                                                MD5:777F1FD23230384A286E78C5ACD6AC33
                                                SHA1:CC33BAC75FDD7CE9AD535CBCEAD5C91D974DF975
                                                SHA-256:277C957E852CD541B5D6D50B9A1CC3E6E6120DC704B529AADDA0171367557D98
                                                SHA-512:F785634C17C38826894B2D0D4363C26110418A9160AB36ACDFF2E6B76A2E07D32DD1BDA3D2D0F4D9BE3254DB834EB808FEA392A95B224AB5B94B429E69EBD1F0
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.tJAV7vL1l6c.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAAJYBMgM/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EN3i8d,F6sNGb,Fndnac,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,lRrMHd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,r1n9ec,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHSmMVe3EF2eQKql4kfMC1M0jwtog/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,VwDzFe,A7fCU"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("w9hDv");._.xf(_.mja);_.ew=function(a){_.J.call(this,a.Fa);this.aa=a.ab.cache};_.B(_.ew,_.J);_.ew.Na=_.J.Na;_.ew.Ba=function(){return{ab:{cache:_.mp}}};_.ew.prototype.execute=function(a){_.kb(a,function(b){var c;_.oe(b)&&(c=b.eb.Qb(b.jb));c&&this.aa.FD(c)},this);return{}};_.Pq(_.Hja,_.ew);._.l();._.k("VwDzFe");.var IE=function(a){_.J.call(this,a.Fa);this.aa=a.Da.Pj;this.ea=a.Da.metadata;this.da=a.Da.Zq};_.B(IE,_.J);IE.Na=_.J.Na;IE.Ba=function(){return{Da:{Pj:_.iE,metadata:_.FWa,Zq:_.fE}}};IE.prototype.execute=function(a){var b=this;a=this.da.create(a);return _.kb(a,function(c){var d=b.ea.getType(c.Hd())===2?b.aa.Vb(c):b.aa.aa(c);return _.Lj(c,_.jE)?d.then(function(e){return _.gd(e)}):d},this)};_.Pq(_.Mja,IE);._.l();._.k("sP4Vbe");._.EWa=new _.Ce(_.Ija);._.l();._.k("A7fCU");.var nE=function(a){_.J.call(this,a.Fa);this.aa=a.Da.lM};_.B(nE,_.J);nE.Na=_.J.Na;nE.Ba=function(){r

                                                Chrome Cache Entry: 335

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:downloaded
                                                Size (bytes):68399
                                                Entropy (8bit):7.981139890304293
                                                Encrypted:false
                                                SSDEEP:1536:qdjlB605XiuwREy2PNCytwFvfZn6cM4+6NlWnio:oB605yu17Ufxn6cw4lEio
                                                MD5:14480A40B8D0A7AA7F4BDFDBC011390C
                                                SHA1:546155E21D31A287AE8A09E96CEC2FD74571FDD4
                                                SHA-256:AA31A0653CEE606D7A39FD0A58043C941E66E39E57762BBE03E76BC947D576D4
                                                SHA-512:F66ACC59345BDFCF74A1450222B6FF2C8E1A0141FED260CAE4B42F3AB6234206F80635D950D9997C693BA10588FEBFDB6D239E56CEF659B7F885A063634A0B2B
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/442058648_1390260634990350_3671320554231620569_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=YHyfjqs1T0kQ7kNvgGvisSS&_nc_ht=scontent-hou1-1.xx&oh=00_AYBYI33eJMZCXkexmSD0KK_SoAPEM1EGdCY5gNvWJYScLA&oe=668B1CF7
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a71010000f82200005e5200001d590000bd5e00009c7600006da7000099ad00005bb5000032bc00002f0b0100....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".................................................................................sk..Q3..w.+.........-s....#M..j.ZQ^............t.5|:f.^r.t....\:#....5.W..X..1..P..k..RkG..J@Ke.....M ....EF....>.~~..dJ....LG.b/65..q....j.......y.M..u..k*+...L.wGP.'..+......P`:.. ...R!.$.V...zd...#..a.a..p.#k.-..Q..t}5.p.s.t3.`.d...2C.\..Q....gI........q[.bm...s.m....o0.45.@o...}.;Y.e.LG.p.60^u.T.g.k.}.{...V\c..G...|W.tg..Q.U..;..v.llS&Z.5..5...##.....].^...K`*&...[.nk.....p.L..c..I..\-.z..0.y.EX.|..Q.....|Zg]..7.=cq-...l..^........]...f#.*..E.....c.:(.!.......Etw.. X.f..[..L..."s\=...29/$....X..c..c.j.k...$k..9.N......8tF!..!...3.5V....5u...$w R....:..G.(..cw.~zi..-k!...|.0.

                                                Chrome Cache Entry: 336

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):17749
                                                Entropy (8bit):7.886629701954424
                                                Encrypted:false
                                                SSDEEP:384:VFa5qKMhH3gWqw1eEgSfSTp6B8cQw9a5YjUQlK0w:VMqXLeEgYrQUYQl+
                                                MD5:A72C1E681A2F54F73398A00C092E109A
                                                SHA1:2A7C4C55C64489B708C10696825DDDB5A329D329
                                                SHA-256:E55A9D6D37276BE4C23A42FDEB2E85EC003B208FD03B03F7F59F88FD4AABF552
                                                SHA-512:FC3484E72E6E53717EA9194E0041542328BCA71B2364ACEB23C9C4F5B0769929DCC551EC639860ECF406BC5453FC836A8F9287FCB743F1A6D2509932192B62F9
                                                Malicious:false
                                                Preview:...4moof....mfhd............traf....tfhd...*....................tfdt............trun...........<...s...................................u.......|...}...q...^.......g...b...m...g...L...Y...K...a...g...]...d.......d...Y...s...h...[...b...f...Z...n...n...~.......o...k...e...o...y...~....sbgp....roll..............D!mdat!!E..P.F.=..<.@............................................................................................................................................................................................................................................................................................D)iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiix!O.........~mO....^.._.4D}%s..t..R.,......... ..........oq3..@a......?d....?'..:....w.<.X.....f. ..OO.w?W...i..,..5.zZ..N.D.f.......?.j....,..U9.q..D...=.s'..........`.....&....X..X........w.>|..9.x.\m.2.#I.........y.'J!.v..(].2....'E..v..X..+au...%0d.q...n^...S#..9.....}..~q.E.......t.*.O..

                                                Chrome Cache Entry: 337

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                Category:dropped
                                                Size (bytes):10130
                                                Entropy (8bit):7.898797042918505
                                                Encrypted:false
                                                SSDEEP:192:rsDN63tbSJoajv0ilv1q29idFUNL8givbnPsj83M5z61jU9pnbBGU:rsDQ5SJLjv0iDH0rUNApjswMc1jU96U
                                                MD5:265DC767CB589E9E0A021BBF52A2A684
                                                SHA1:AA1CCAA1635030C87A507F5A2DC88F45EB4879CF
                                                SHA-256:9C7CFA840A46143F9E83E40B44CAB9D88051B85145ED32397F6DCF667D13F170
                                                SHA-512:9FF125A00099530EC5232692021BEBA780A5D33B03DE863D7612F0EDEA5B320E59E91153AABD577EC345A03E83AE6F09BF5D611720EDAE42B6DDD6AB5AFCEF44
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a70010000de040000400a0000e10a0000a20b0000f51200002e1a0000421b0000201c0000f51c000092270000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n....".................................................................................................................................TQQEE..TQQEE..TQQEE...~\..o....0..8..2....z=.ciz*A"s'?zt5..<.....`...<..n.z.7..9I.I"'7C.G.m..9}.......Fs..1..9.jD....^l..........].dNF..D..C.....\...~..y.}&.+K. .W..:.w.o......n.......m...6-\..I..g..1..vy...9<...;\G3^...K.S..3.{..b.|.??..0S^1.[NB........m.:.<...#...........72...2v.!..b.G=...M.sK....s5..n.<....l~..I.N.IpG.db.#..$.....[Z.....{O..'.vuE.....|j....t.....x..5..8Yd.y.Y.5.%.i.....sY....5R..v.c...z:.././S>..w........JiI.M...uh..w+..6..VB...7...9.MKh..e*.yiv.mg.....=.f-..{.l:[..r..Ob..Zb.w0d....y....M[.D..9.......

                                                Chrome Cache Entry: 338

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (12588)
                                                Category:downloaded
                                                Size (bytes):107611
                                                Entropy (8bit):5.167846310463291
                                                Encrypted:false
                                                SSDEEP:768:8tyAaj0v7oQbsM8WYdDtvyvV9Ajho84fYaq81YAoV4hhX2ft7rAJ4dYrZ6tcA/cT:3/t+6I4cP3K0Z4YdnZ
                                                MD5:65FF43992B7DFBFFDA886CA35B4664F1
                                                SHA1:FF849A7DBEA0AE5AAF107DEFD4FEC5B7A0C83CB5
                                                SHA-256:B64892626C2A52414C8581F0831DB979B3D533D8C804B7A4FF1C490AABC179C6
                                                SHA-512:B178E27D04CDCA526034EF0F29D64BEB890879B1ADF0D05AF7F235398988B34F18C285D94BF69907A04CD29B976D0849F3285BE62C120B045ECB8D4328442E6E
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3i-dF4/yB/l/en_GB/LQS7_eNXB7L.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/..__d("CometVideoHomeActorSectionPrefix_actor.graphql",[],(function(a,b,c,d,e,f){"use strict";a={argumentDefinitions:[],kind:"Fragment",metadata:null,name:"CometVideoHomeActorSectionPrefix_actor",selections:[{alias:null,args:null,kind:"ScalarField",name:"id",storageKey:null},{kind:"InlineFragment",selections:[{alias:null,args:null,kind:"ScalarField",name:"uri_token",storageKey:null}],type:"Page",abstractKey:null},{alias:null,args:null,concreteType:"Image",kind:"LinkedField",name:"profile_picture",plural:!1,selections:[{alias:null,args:null,kind:"ScalarField",name:"uri",storageKey:null}],storageKey:null}],type:"Actor",abstractKey:"__isActor"};e.exports=a}),null);.__d("XCometVanityLiveVideosControllerRouteBuilder",["jsRouteBuilder"],(function(a,b,c,d,e,f,g){a=c("jsRouteBuilder")("/{vanity}/live_videos/",Object.freeze({should_open_composer:!1}),void 0);b=a;g["default"]=b}),98);.__d("CometVideoHomeActorSectionPrefix.react",["fbt","CometLink.react","CometProfilePhoto.react"

                                                Chrome Cache Entry: 339

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                Category:dropped
                                                Size (bytes):8442
                                                Entropy (8bit):7.8704276048287
                                                Encrypted:false
                                                SSDEEP:192:deYaHD8Vi+ZDDahnHmbgbL/qQ7fDukX8jN9c/O8/o4:dB8eiIbgX/qwfuH2
                                                MD5:9A414DDFF01FA83E99C386F6F43E33D6
                                                SHA1:DAC109062475A09BB4784DD5BD233B022E19BA1B
                                                SHA-256:F9A165ED1782DD6FD2877828D4182C0EEDAC42379AFD8D0530BF8D5F4B53C193
                                                SHA-512:4F1332FD6A54BA0B0A5769AD877849EED72020FCB5AEDCEE5CE206B29B9960BBE5FC26AE954C1AFF67C869117364745CAAB06CBF8042A70854398057249407B0
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e0100005b040000140800006b080000fe080000290f00003515000048160000c61600005b170000fa200000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n....".............................................................................H..............................................u.c.t.....g...s...:..(....q@...Y..}/...ya.m..z[.4v}.............<..C.........f`..........F>...OE..r.1.|.Y..D$Bd........6..!"2H.6'N.R..[tK3.d.2.^fd....\.~...y.....r...'f.,....V..S,r...um.....J.yr.=..D.sD..de1..).e0......ji._.......{.*is.v..M.Wt.,..n.......$L...A.j.o2.#....B..9..?I7)..f$.,s.=.g-)...2Fd.A..FYa.[..n...K...x..wD.g..-..y..g......,"..rlc1g.p=?....'..MN./....T.I..{,..r...}.*Z..4.....M...q.0.W...m.4.Cv...Ouo..Z...]>.....F.cYv.7N.n. .e|.p..k...Cw@..UsI......-.......&.....8..-.O!..].!'[.|.q._3......z..:........O.../~?..

                                                Chrome Cache Entry: 340

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):17749
                                                Entropy (8bit):7.886629701954424
                                                Encrypted:false
                                                SSDEEP:384:VFa5qKMhH3gWqw1eEgSfSTp6B8cQw9a5YjUQlK0w:VMqXLeEgYrQUYQl+
                                                MD5:A72C1E681A2F54F73398A00C092E109A
                                                SHA1:2A7C4C55C64489B708C10696825DDDB5A329D329
                                                SHA-256:E55A9D6D37276BE4C23A42FDEB2E85EC003B208FD03B03F7F59F88FD4AABF552
                                                SHA-512:FC3484E72E6E53717EA9194E0041542328BCA71B2364ACEB23C9C4F5B0769929DCC551EC639860ECF406BC5453FC836A8F9287FCB743F1A6D2509932192B62F9
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=940&byteend=18688
                                                Preview:...4moof....mfhd............traf....tfhd...*....................tfdt............trun...........<...s...................................u.......|...}...q...^.......g...b...m...g...L...Y...K...a...g...]...d.......d...Y...s...h...[...b...f...Z...n...n...~.......o...k...e...o...y...~....sbgp....roll..............D!mdat!!E..P.F.=..<.@............................................................................................................................................................................................................................................................................................D)iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiix!O.........~mO....^.._.4D}%s..t..R.,......... ..........oq3..@a......?d....?'..:....w.<.X.....f. ..OO.w?W...i..,..5.zZ..N.D.f.......?.j....,..U9.q..D...=.s'..........`.....&....X..X........w.>|..9.x.\m.2.#I.........y.'J!.v..(].2....'E..v..X..+au...%0d.q...n^...S#..9.....}..~q.E.......t.*.O..

                                                Chrome Cache Entry: 341

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:downloaded
                                                Size (bytes):42758
                                                Entropy (8bit):7.941701758582908
                                                Encrypted:false
                                                SSDEEP:768:3ZsumsUQOI7K8YOmnP6e+Eqzoj0mVcswv0pEblYtxx/HjIIrEs6L:3ZsumsoI7XV4CrLUSlMEYtxZDFrENL
                                                MD5:221C3B1C4F37E7A4C1646FB78E50EE29
                                                SHA1:7456E3DC57A75F61C04CFBA1BDE2E3CBCCC65808
                                                SHA-256:182247AC44477DBE25AD226ABF6C7CBBC308931E023EC807F26AA5FE068409C6
                                                SHA-512:5FF4496087F9EDCD8BFB6C73FBC6E0110115F30539CB0AE690DCFE0D6D40EA54D4C842C11A4DFC626AF746D4C2B4C0CFD959B87D5A1B01F25505487F6C182FA3
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/438220461_424871197194934_3396704185190857494_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=rYamK1Zi3UYQ7kNvgF_kTN7&_nc_ht=scontent-hou1-1.xx&oh=00_AYBC-JiaCx3bZCMFQ1PaIuHFgTdKR9QvXqhvkBZ_t8j1EA&oe=668B1B74
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f010000691600006b360000b9370000d7380000b9500000966e0000c5740000f27600000579000006a70000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."...........................................................................................................................................................................................................................................................................................................................................................................TQQEE..TP..TQQEE..TQQEE..TQQEE............=..~.9._...................z...4+...u.u.8.^9.^9.^9...u.u.u.9.\9.]...]..:........:..:..:.|.^..$.x..U..<[....g..5},M...Q..O.C...T.d..z..A.:.+..u.^M..M.K.z......<.^....9.6..zA...^........\.cQ..........zs.....#...y..)..3..6...[.d.u....t:...d.q...8.K.q....J........>.....-.

                                                Chrome Cache Entry: 342

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (1694)
                                                Category:downloaded
                                                Size (bytes):30640
                                                Entropy (8bit):5.380113937653178
                                                Encrypted:false
                                                SSDEEP:768:ciVQqn5YPB1v2C82vd9BvjT4spXo6PVS+B3BWvJB6VSia:cYYn2CzBvjT4GHPD00a
                                                MD5:7C51691BCB4A8AF5742471EF967958C7
                                                SHA1:40EAB318E76D35FEC5EB7351ED7E09EE1745B003
                                                SHA-256:C20C91E7F0E55E048273DA9D324BD6AC0ADF8547264357C1A2135CB4C2D94111
                                                SHA-512:E0F94A6D1A69C181D68064E460A9AE90B00D685AA57E2967B7EC4C3594B55AA7F1457C0B12F4125BCFC4ECFB5529093A4BABD0294CAA05ED947EE7C1A150BACC
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.tJAV7vL1l6c.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAAJYBMgM/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHSmMVe3EF2eQKql4kfMC1M0jwtog/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{.var Bqa=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.An("//www.google.com/images/cleardot.gif");_.Ln(c)}this.ja=c};_.h=Bqa.prototype;_.h.Jc=null;_.h.UU=1E4;_.h.Nx=!1;_.h.fM=0;_.h.pG=null;_.h.QQ=null;_.h.setTimeout=function(a){this.UU=a};_.h.start=function(){if(this.Nx)throw Error("lb");this.Nx=!0;this.fM=0;Cqa(this)};_.h.stop=function(){Dqa(this);this.Nx=!1};.var Cqa=function(a){a.fM++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.Ik((0,_.vf)(a.dE,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.vf)(a.tda,a),a.aa.onerror=(0,_.vf)(a.sda,a),a.aa.onabort=(0,_.vf)(a.rda,a),a.pG=_.Ik(a.uda,a.UU,a),a.aa.src=String(a.ja))};_.h=Bqa.prototype;_.h.tda=function(){this.dE(!0)};_.h.sda=function(){this.dE(!1)};_.h.rda=function(){this.dE(!1)};_.h.uda=function(){this.dE(!1)};._.h.dE=function(a){Dqa(this);a?(this.Nx=!1,this.da.call(this.ea,!0)):this.fM<=0?Cqa(this):(this.Nx=!1,

                                                Chrome Cache Entry: 343

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (4478)
                                                Category:downloaded
                                                Size (bytes):19418
                                                Entropy (8bit):5.379195390856238
                                                Encrypted:false
                                                SSDEEP:384:gJEePjmMfOH3Qm45RAGSeIMPW2NYZvnXYv3HAEfqwuhU3p9uj9QtJg:oROXQm456AYZvoPhfVIUSj9QtJg
                                                MD5:9CE9445F24BFC74018956880D606553C
                                                SHA1:ECF89E11E2091ACB1AF6735C9AF94AB19984F602
                                                SHA-256:797EF136123058C1D54A0AE365896D4E56FB3D84E83D60EF840D16BBAD8AC6BB
                                                SHA-512:7B25B6EB9B03A2118AE112AE00E774CBD9928DF69F49DA762D88255F30533CD3E6F576C82F0220FC393FA5E08544188ED210135CE17FB03B76505BF03F48A9BE
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.ZU1EFvXsC20.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAgJYBMgM/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EN3i8d,F6sNGb,Fndnac,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,lRrMHd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,r1n9ec,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEfiLuEnjxYrdf-rk4qPrRacOxopQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{.var HDa=_.ca.URL,IDa,JDa,LDa,KDa;try{new HDa("http://example.com"),IDa=!0}catch(a){IDa=!1}JDa=IDa;.LDa=function(a){var b=_.hh("A");try{_.Jb(b,new _.xb(a));var c=b.protocol}catch(e){throw Error("qc`"+a);}if(c===""||c===":"||c[c.length-1]!=":")throw Error("qc`"+a);if(!KDa.has(c))throw Error("qc`"+a);if(!b.hostname)throw Error("qc`"+a);var d=b.href;a={href:d,protocol:b.protocol,username:"",password:"",hostname:b.hostname,pathname:"/"+b.pathname,search:b.search,hash:b.hash,toString:function(){return d}};KDa.get(b.protocol)===b.port?(a.host=a.hostname,a.port="",a.origin=a.protocol+"//"+a.hostname):.(a.host=b.host,a.port=b.port,a.origin=a.protocol+"//"+a.hostname+":"+a.port);return a};._.MDa=function(a){if(JDa){try{var b=new HDa(a)}catch(d){throw Error("qc`"+a);}var c=KDa.get(b.protocol);if(!c)throw Error("qc`"+a);if(!b.hostname)throw Error("qc`"+a);b.origin=="null"&&(a={href:b.hre

                                                Chrome Cache Entry: 344

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:downloaded
                                                Size (bytes):52708
                                                Entropy (8bit):7.961241012485158
                                                Encrypted:false
                                                SSDEEP:1536:JDzIgMfLeOJonOC48Sq9TM+NFeKUsn9rlLTFPHInr:hqf6Eydrd7jnFFF/Y
                                                MD5:2CA7F06527D9CC1FE14E3719B28E2425
                                                SHA1:5B1C764324A81F0E2252309B478BD7F2E1D3D95D
                                                SHA-256:93A89521E5C4F70F8A26CF2312F9891499EC8465A7F7D1FF01CDE2C19969CE1D
                                                SHA-512:42F29EDDCA3F8B31DAA49E774525FD01FE1860A2DEEC2BDD460C8F8BB42BC12B6D819E5EC6CF36CC429AA312240EBADD15463342611124364E7BCE8023F25B4F
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/449786290_1602805117231876_4060912889184558328_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=34Ah_F40SnsQ7kNvgH6BA0K&_nc_ht=scontent-hou1-1.xx&oh=00_AYBllGOcxhYMF3vf4H94uWio-xw5ujSDUZXsOOWKeJbvww&oe=668B3972
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a700100001e190000842f00006233000060360000064100005e650000b46b00007171000065760000e4cd0000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."....................................................................................a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.`....A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A!.h`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`.gH`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..a!.h`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`.M!..!..!..!..!..!..!..!..!..!..!..!..!..!..!..!..!............................................d..$.$.$.$.$.$.$.$.$.%..HH...HH......h$$I.I.I.I.M.*$$I.I.I.I.I.I.I.I.I.I..*.!..!..!..!..Z=\....Vs.W.;.G\.p.*...8.k....s..y....-.s.N...R8;<yX.t0C.0C.0C.0C.0C.d..!..!..!..!..[.......V.."..f.[9..ty..tc^Lu.yM.[.=....L.t.

                                                Chrome Cache Entry: 345

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):88163
                                                Entropy (8bit):7.980197124237469
                                                Encrypted:false
                                                SSDEEP:1536:VEPQCPVknypCaqezO44mCFIB7Nx1IBVu/XstBA937bclgo5SUOOsPIx+q:VE4CP7piwO9IB7daVu/Xstmpslx8RBq
                                                MD5:E7A14982B5EB398C562C802165E29A88
                                                SHA1:E9124EDBFBF19EAE0286E03027E93DB977490D5D
                                                SHA-256:DAC58C0D8079CAD3A3068131CDB65F1447640F17EB5DCA1C984F5A177A2D5BD3
                                                SHA-512:01F55881CD82E179BAD434297BB1044D2967BDD997B17E78196719F0722AE745FB64E0E26A61F7961546F81C5B40DE2C4C47C9E62D0BF25D8E3788D3B0D73054
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=906&byteend=89068
                                                Preview:....moof....mfhd............traf....tfhd...*....................tfdt...........ptrun..................w....0......./.......;.......................-...............A......./.......................#...............................'...............(.......x.......2.......7.......(.......i.......#...............$...............4.......=.......,.......g.......................*...............:.......G.......'.......p....... .......~.......%...............#...............'...............7......>........?...............................................b......+........J...............3....... .......2...............;...............$.......[...............I.......7...............<...............+..........U.mdat.....,.?.....$2......I....0.../... .Pp..+kj;.L@...+x.[..eGlgaeT.8.....Q.9cb.uP..+...^....W|.....w.f.vV..3.J.6.,!&.{F..Cl..R...P....c..k.96..X. ...Z...f.........UW.Kw..... ...<v..4gI.Rc..e..0Gy:.?T.W?.3.s..=.6...p..S.....Z..&.a...)..4w.5......~0...p.4...5..65.....+..A|.

                                                Chrome Cache Entry: 346

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:downloaded
                                                Size (bytes):85137
                                                Entropy (8bit):7.986488728379044
                                                Encrypted:false
                                                SSDEEP:1536:I/zcB7y9MUHdqhmXv27IWYykApHRtlY+ubEQfZwJULjZjaU0s0HfZbYMo/SU:2gBAfHdqUf2syRztapEQfdBaZbHh83/9
                                                MD5:F0F4CD406BFCC70C2290E22914E312BA
                                                SHA1:BC2A0F973188ADE5E0DE624F3D065976B48EB06C
                                                SHA-256:7E33CA21ED8160050AF76BB08B3B1731E341A91F6D7780B286CDD0064C56F59A
                                                SHA-512:D315E86496E394D88C207CD2977A404375195AC0D8634ACD0AADD484669728689F9460AB165B838374CDCA403DF7636A600FD45AF251959BC1C7548C317651BF
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/449787338_1668205580611896_7394166591359421737_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=BUim_norTLQQ7kNvgEK7JpK&_nc_ht=scontent-hou1-1.xx&oh=00_AYDjf2G2a0j2jV1UdQewqITyeaa1J826aL0FRlEI43_NPw&oe=668B281B
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a710100005722000048570000e75d000031670000a38e000033cd000070d3000045dc00005de60000914c0100....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".................................................................................wRk.+.,2..T,.a.v..nYQ_W..E..N...hS.3h.......?...jr8T(.P.;..c.....g ..Q:..>k.7V^~...'.R\.....K ........;<.[.".....N..p@nzh7...{.,S.... N.V.]Ys_....a...X:*..1...AY...O.Zr)m.v?.5..N.P.T.(.I.E@Dw......O..g{..?...t.....,.,+...F...Z..I..Hd.\...H....y...st.E...bi..kd.....9..Al.wR....[.........xs.Z..pf...S.........]7....cyT...&R"...X.h...0.,.g*.j.8......"3=....!..$r.J$r.Z..'..k.9..>.5j.V.oI...|...F.cgH..<.),Ww4w.H..H.E..I..9.G ".3.xi.Pb.$..a....$N..G$4...H......l...+M....H.trGI...D.87)..Fr.....M..N...z.8...A....F..H ......h.a.K...W..NkNTo..c2.D.d.idu.....,..n..J....&.O+#GsL.YC.EY

                                                Chrome Cache Entry: 347

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (3367)
                                                Category:downloaded
                                                Size (bytes):25503
                                                Entropy (8bit):5.529742126641369
                                                Encrypted:false
                                                SSDEEP:192:B2VvQu1EhRkjiCbgqqcOUXrN6ItvxGxIp9x5maEU/dLCjRCQhxs2k+jZWyEhFy/+:Cvp1EhEbgqqcvbppXjdmjLs2ag/+0A
                                                MD5:674AC931F0F38407A2E7E5D07E03D6B2
                                                SHA1:81A1610232F43D87722406DBA3A396D9BBDB83D4
                                                SHA-256:3CC9E1D656C6563BB76AAA4ABCBDCE7646C2F20912A81BF455A8FEF2510A7A62
                                                SHA-512:BBD0FBAA27459B8386F269280837B0422C4AF939211FB0AF199AFACF3EE23A53D6B2AC34CC6987DD4BC12B70E5E01C9F2AE1316010AF643CC21D95F34CBE3FB9
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3iZ_a4/yg/l/en_GB/Ob6F3Vt7OqX.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/..__d("CometUFIConstants",[],(function(a,b,c,d,e,f){"use strict";a=525;b=750;c={INLINE_COMPOSER:"INLINE_COMPOSER",UFI:"UFI"};f.REACTION_MENU_SHOW_DELAY=a;f.REACTION_MENU_HIDE_DELAY=b;f.RTA_ENTRYPOINT_TAG=c}),66);.__d("useFBReelsViewerClose",["CometRouteRenderType","useCometRouterDispatcher"],(function(a,b,c,d,e,f,g){"use strict";function a(){var a=d("CometRouteRenderType").useIsPushView(),b=c("useCometRouterDispatcher")();return function(){!a&&b&&b.goBack?b.goBack():a&&b&&b.popPushView&&b.popPushView()}}g["default"]=a}),98);.__d("FBReelsCloseButton.react",["fbt","ix","CometPressable.react","IconSource","TetraIcon.react","react","useFBReelsViewerClose"],(function(a,b,c,d,e,f,g,h,i){"use strict";var j,k=j||d("react");function a(a){a=a.dark;a=a===void 0?!1:a;var b=c("useFBReelsViewerClose")(),d=function(a){b()};a=a?new(c("IconSource"))("FB",i("1351092"),24):new(c("IconSource"))("FB",i("1495001"),24);return k.jsx("div",{className:"x78zum5 xds687c xbyyjgo x10l6tqk x13vifvy

                                                Chrome Cache Entry: 348

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                Category:downloaded
                                                Size (bytes):24791
                                                Entropy (8bit):7.969792119384995
                                                Encrypted:false
                                                SSDEEP:384:WWCjOYxB/hnqiBGatsW/Faw04RzvOs1aZlIh67bbq1WpX9jZ2jx9gqsnyr9jWy:pCphnwW9Zv8lIw3q1WpX9jGgqsy4y
                                                MD5:87F864B96D7055DE961E30E5B46BC01D
                                                SHA1:79F55F75BD82B3571E769EF501EC99D90DFA1CE2
                                                SHA-256:C7F6DEA97A4C9BFC5DF4BB3BE81B42CA702765B727FD68786CEF68D5276ADE11
                                                SHA-512:574CE054A2C6973D12E3FEFD8585871BF4F8AEA4870FBFD28844239D95A90B68EF0A321712D1FFB0E930B3A5CDB5587D1FA20EFD9391C39CC7055BE6F16F7A42
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/438062513_882312713691783_6862801772264223093_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=N3lYMSNitWIQ7kNvgFJ4H4B&_nc_ht=scontent-hou1-1.xx&oh=00_AYBi4m8b1qpd5xjF5VU1M1VoiLWeSG3SItPJ3m5NoUmPhg&oe=668B0E37
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e01000043060000b21100008d1200008c13000009260000d03a0000e23b00005e3d0000ef3e0000d7600000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n...."....................................................................................I.Q..E.M.x...g.r#.B.B...51....Ve.U ..5..b..[.)1Z.[...N.J.+k..LMA0....F.j.t.L.b..JT......z."}UU....V.n.*Y...X..T..A$..9<.}EXu.#..f.#..4.)U..1*?V.(...L.J.Q..........=e...j...[..&...tj....`...6.\$..n6.S..).[..^......2.C..I6...r...A.[a..o%......3x...0...[8MsfgM..F.5..5.G~.S.G$.k/.....P...........q.#..6..ek.x.'..84...{.....0..9....YY;(h.{.yK..o..Kt..h..L.RBw8.k..%MO..7Foo...sA....[:...........K.P.FV..rIfN...u...2.n..B.....K..Z..A.5s.G..K...\.f.RW.q.0./...........Q.y.a=Y.Qh.\V.G.z...rY..........}+.......o....c.bD@z....f...<..9..?}..J...N...W[s.{^..w...ka.$D.. }OU.B.....O/

                                                Chrome Cache Entry: 349

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (1192)
                                                Category:downloaded
                                                Size (bytes):96558
                                                Entropy (8bit):5.542959034430961
                                                Encrypted:false
                                                SSDEEP:1536:h5K9QgDoJZFMZZMR3Du4JnSyg/FyO7D4yQFPA0tEFHvnAwDyHK:K9rYFjDu4Jnzg/AO7hWPA0tE9vGHK
                                                MD5:E020446EC64C78D8127C8E4D0C8D08DB
                                                SHA1:6447A74183CD590FAB25C008E60F838D09BF12E1
                                                SHA-256:32779135C0EC086DA69B2DC597A8620CAEE8E104E079B5A02D98A8676712577E
                                                SHA-512:08348FAF64E033574D45446D75B8DFA01EE111C0FEE508ECE2E685C7C4986B833594279BD681E5DA2A02C5FB27DF039DF7E9751BB63A115AF4D3BB0688EA7659
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.ZU1EFvXsC20.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAgJYBMgM/d=1/exm=AvtSve,CMcBD,EFQ78c,EN3i8d,F6sNGb,Fndnac,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,eVCnO,gJzDyc,hc6Ubd,inNHtf,lRrMHd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qmdT9,r1n9ec,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEfiLuEnjxYrdf-rk4qPrRacOxopQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,qPfo0c,yRXbo,bTi8wc,ywOR5c,PHUIyb"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ltDFwf");.var jxb=_.y("ltDFwf");var CU=function(a){_.K.call(this,a.Fa);var b=this.oa();this.xb=this.Sa("P1ekSe");this.mb=this.Sa("cQwEuf");this.da=b.getData("progressvalue").number(0);this.ja=b.getData("buffervalue").number(1);this.Ca=b.Cb("B6Vhqe");this.Oa=b.Cb("juhVM");this.wa=b.Cb("D6TUi");this.aa=b.Cb("qdulke");this.La=this.da!==0;this.Ka=this.ja!==1;this.Ga=[];this.ea=_.is(this).Vb(function(){this.Ga.length&&(this.Ga.forEach(this.g$,this),this.Ga=[]);this.La&&(this.La=!1,this.xb.rb("transform","scaleX("+this.da+")"));this.Ka&&.(this.Ka=!1,this.mb.rb("transform","scaleX("+this.ja+")"));_.er(b,"B6Vhqe",this.Ca);_.er(b,"D6TUi",this.wa);_.er(b,"juhVM",this.Oa);_.er(b,"qdulke",this.aa)}).build();this.ea();_.Fg&&_.is(this).Vb(function(){b.tb("ieri7c")}).Fe().build()();_.bA(this.oa().el(),this.Ta.bind(this))};_.B(CU,_.K);CU.Ba=_.K.Ba;.CU.prototype.Ta=function(a,b){kxb(this

                                                Chrome Cache Entry: 350

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):17886
                                                Entropy (8bit):7.88396294124123
                                                Encrypted:false
                                                SSDEEP:384:j3jmVDJaU8hVRSI0AB6IGBPH5HW1AJJGRtbDqc9WDqmYDB/NJ:Hm5JaUkcIpBudH5HWy+Dqcoj2r
                                                MD5:331E5B14AB11FD4F2CEF10D31B3E0D91
                                                SHA1:47BCBA6D3AE24B72763E8B78A2F32C27F4C0E29E
                                                SHA-256:ACDA682E5CD1C04989EDBF77129BBAE156AE69ABDB4EED2E43C03227A24137F2
                                                SHA-512:D0B0060FB99B3732FC129BB32C4F25A1370875FC2E19A4E5A82463211427C5F9AC92A83A73C216F84B454B5B9946087B5CAC0BBD6E95051191392298106B1E14
                                                Malicious:false
                                                Preview:...4moof....mfhd............traf....tfhd...*....................tfdt............trun...........<...s...................................................t.......m...G.......V...]...k...W...Z...U...Z...p...].......H...;...H...I...R...X...b...q...x...e...v...............L...k...g...s....sbgp....roll..............D.mdat!.E..P.F.=..<.@............................................................................................................................................................................................................................................................................................D)iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiix!.S..A.!... ........./wT e.RQ.d>...LM!re....yI.$.......>....D.".N.z...EF.?'..#...Vz.=.!.....;....*......@.....yG\O........./..-.e....i.Z........`....\.....X#G..I...7.o.V6./.{!......z..F.>.yg......\.Tk#.#..#.......p1....OV...ogH....[zN...E..*...p.+.C....-.&aR....o.....p.... ..Z..B....lU.U.`.jY.....C..`.y

                                                Chrome Cache Entry: 351

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                Category:downloaded
                                                Size (bytes):1335
                                                Entropy (8bit):6.678633862683156
                                                Encrypted:false
                                                SSDEEP:24:4qbLWhc1sps0qhfY19nbE25Ids+rshqWWAKUsFKoCtg8HrMWTLOzYa3:NLCiWNqpTs+1WZ2qNHrM/
                                                MD5:F3233168366BD008CCE28DAADDB1616A
                                                SHA1:BEC979CC7017FE7D0493222DD70DA12240340000
                                                SHA-256:C5D0256AB06F2ED47A7F1D2752C8CDD19E6F06633BBC9015A39DD34AEE26BB60
                                                SHA-512:35DD12E4C75EBDDFCBAD3076FFF1E5C06B6E0F9101DE85F39A89CB63C9BA02A00054617E84BA6E0B214B71835518F4A8E52970C6CB9ACB7DBE8716728E7C4FC3
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t39.30808-1/313399490_461489709413533_2159168188941594444_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=A4zvnoUk0h4Q7kNvgF-Yqyj&_nc_ht=scontent-hou1-1.xx&oh=00_AYDDRJpxF-7oowhjoqkqX9nzURaH4VTVbSSrVWSeUSTTbA&oe=668B1878
                                                Preview:......JFIF..............Photoshop 3.0.8BIM..........g..Sqk45epbGm_N6siNwbYV..(.bFBMD0a000a85010000dd010000440200006f020000b20200004a030000c5030000fa0300002a0400006904000037050000...C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2..".....................................................................................n.=.\...W....k]...l.V.[..@...... ..........................0..1................1._y..>a..B.eh..E....}...&....%F...O&.j.Ad..iS."y.O4..W.#......................... !0........?..(y............................ a........?.....j.........,......................!.."12.#Qar. 03@AR.........?..w.....x,..."...s...Y.. .dy(m.1...+.......9...e....Dxu....i.2...uq.......b.e..."...iwr.....5........$....................!1QqAa.. 0............?!.L#}.W.WOW..^..`.Gz.4Xu..e.oC....0.+7...4...+.....*]}....E..)u.L....9dVW..0KZ..[s.V...o.+.Jg..zy..xx.p...n..?...............,0..<....<.........

                                                Chrome Cache Entry: 352

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):17936
                                                Entropy (8bit):7.829903465908229
                                                Encrypted:false
                                                SSDEEP:384:iOkIZ2ET+xrj7vkS4o3Rq5AAN/lqYPWyWHlgmFq2lUkEGnMo6:77QQIjbkS46Rqn5+yWKd2lUUG
                                                MD5:D70F94689D8A16C52AA1253E1FC79E68
                                                SHA1:60E3D77CC1715C86A98928F703BAEE4C3238931C
                                                SHA-256:A0CA819821CC4A636A6D7E99E82C8EFF2A07EAF214306997F617DAA53BCCDB76
                                                SHA-512:C7FF6D1EBCFC19D183F83C947056A7DEA95AB1CEA7D7CBF334993177918CAD35EBA08A18C2F928A78E0233D4BFCD8B69F24111427256E178782BDF1DD751C97C
                                                Malicious:false
                                                Preview:...4moof....mfhd............traf....tfhd...*....................tfdt............trun...........<...s...t...................i..._.......................f...n.......R...^...Y...C...N...V...W...q.......................{.......e...O...M...a..._...d...k...z...c...........q...x...l...c....sbgp....roll..............D.mdat!.E..P.F.=..<.@............................................................................................................................................................................................................................................................................................D)iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiix!+O........jI'....R.......$.0 ..JJ..n..@.............ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

                                                Chrome Cache Entry: 353

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:downloaded
                                                Size (bytes):58084
                                                Entropy (8bit):7.958762706763839
                                                Encrypted:false
                                                SSDEEP:1536:uBzAnl5PxRwWkvwibxf22bSzEJ8IzD31E:ueZRw3oSvO
                                                MD5:3836C6C2699B2F128B1B3F7A5C20F00E
                                                SHA1:0CBA916083F4905F7F016C09C01953DC57F98633
                                                SHA-256:3A38A2B8DC19079981B888F811C5D9C20B7AE7D1796E014B95DB7B49C4C5E32E
                                                SHA-512:45828D77F0C7DD20E9FB6618EB1DA8C365B9577AFD8ED1566162A51A45A7454C850CA9C26635DD1FF6CC63836446CB81D26F6BF4DFD936FD50A3A20C2EAEDB4F
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/446046520_970955458109515_333034421707538801_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=RS0G25oWr9QQ7kNvgGxHCeo&_nc_ht=scontent-hou1-1.xx&oh=00_AYC-vaZU89WpZdj_BjufXnH3BeZBz93wiAZj1m38xs565g&oe=668B136D
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f010000e91a0000b43d00004f4000002b430000386100006d8c0000a192000042970000ca9b0000e4e20000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."..............................................................................@........................................................................................................................................................................................................................./..Y0v....S3..H\HU.8.`..'Bs.....K.Q..[.,..)R....C9..+HJV.:....d-..3."Bb.:u.P..,.sGXT.......s...=......!.sp..{....c..f7..y..<.f...m..L.;|...N.d...T.8...a..v.9{.5c..`.UoJ.r6.5..F.M~.@.p....].b..yw..S7.V9.>.s.......P9.]E......h.{C.....W.G..{..p>.....w.......^}M..Sx.q....j.f(m.*.K...d...*..*.....Hk.!.d.....Hk.A......9.N..a...@O;..J<.#.S.b=y.@..+.R.......y.Y....;..2.1.3UQa\.......-.

                                                Chrome Cache Entry: 354

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):47580
                                                Entropy (8bit):7.955498481495531
                                                Encrypted:false
                                                SSDEEP:768:J4iz3YMECrtph/wOagw23UxnsSs4bHwCx7uk8MkL45kc1ei/8JA62hubPLR382q7:J499Oag4nsSs4jwCsLcepJlV382S
                                                MD5:F21EF8B712EB0AA2A185F1F0BE88F0DE
                                                SHA1:B81F730A8AEC38CEB48B3686AD7F0DD7E34CC90D
                                                SHA-256:F88A00F3DA1E47EB2C7C97930D6BD96AD504EE4859A2B8CD2BC30B2A9D0D1222
                                                SHA-512:5160321193A3B7A61F564DAED470E9DCF8C576D0C475A5FA09705BA2541A3AEEF1779CEBC471437CAF0CE6BFE95140A2C74023CB41A5A9D075A7DFCC37338111
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=874&byteend=48453
                                                Preview:....moof....mfhd............traf....tfhd...*....................tfdt...........ptrun...................`........... ...#.......-...........................................#...................................$...............P...J...........;...K...M...E.......M...F...B...A...........G...(...............P...C...d....................... ...........V...W...........(...k...............................................#...l.......[...................................h...................L.......O...................................6...................w...................V...........f...b.......v.......o...x...n...!...........a...5...].......?...<...A...A.......K...>...8...*...............w............... mdat.I.B@!.;.D*....................|o..'..?......O....~O..z..>7.....MH....[..\....9k.M....W...;....M.)k...yt...'t._..........^r&.1..Vu....m*....L....Ne.........k...*..JADUAT.p@n.}..XW#..2(........C....&7/=.....v5%..h.Z.J.T.....D...y....uS.U.+bh..@..8.0..7K...'.a..d.dESf ..hC....s...0

                                                Chrome Cache Entry: 355

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                Category:downloaded
                                                Size (bytes):5430
                                                Entropy (8bit):2.6465732373896285
                                                Encrypted:false
                                                SSDEEP:24:Es5ed8vZa+/kffJTyN5J5iXSvjDxatgFFjiZq1MJUikeVgl2fwFfBaTzh4mpCbak:2fq3OqXAzh4jaJV9HxG8Q
                                                MD5:3E764F0F737767B30A692FAB1DE3CE49
                                                SHA1:58FA0755A8EE455819769EE0E77C23829BF488DD
                                                SHA-256:88AE5454A7C32C630703440849D35C58F570D8EECC23C071DBE68D63CE6A40D7
                                                SHA-512:2831536A2CA9A2562B7BE1053DF21C2ED51807C9D332878CF349DC0B718D09EEB587423B488C415672C89E42D98D9A9218FACE1FCF8E773492535CB5BD67E278
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/yT/r/aGT3gskzWBf.ico
                                                Preview:............ .h...&... .... .........(....... ..... ..........................................h. .f...............f...g...d.@.........................`...e...f...f...............f...f...f...e...p...............`...f...f...f...f...............f...f...f...f...f...p...........e...f...f...f...f...............f...f...f...f...f...e.......d.@.f...f...f...f...f...............f...f...f...f...f...f...h. .e...f...f...f....U..........................y'..f...f...f...g...f...f...f...f...............................U..f...f...f...f...f...f...f...f..................................f...f...f...f...f...f...f...f...f...f...............f...f...f...f...f...f...f...f...f...f...f...f...f...............p...f...f...f...f...f...f...f...f...f...f...f...f...................d...U..f...f...f...e...h. .f...f...f...f...f....d......................f...f...f...h.@.....f...f...f...f...f...f....t.................f...f...f...........p...f...f...f...f...f...f...f...f...f...f...f...f...`...............p...f...f...f...f

                                                Chrome Cache Entry: 356

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):140
                                                Entropy (8bit):2.600839578110449
                                                Encrypted:false
                                                SSDEEP:3:fBnltcXlMvXYllBtllGlEtllV9FllN0vtll3llkM/v9l:pnloMpCZLs/vH
                                                MD5:109D4D0C4FA6ACBBD80EB65605F750ED
                                                SHA1:CDFD7F7251B028338603034998B688A425300808
                                                SHA-256:5C45D348DE3CAEB69FBE70AA437DC1C3C862BC776715871395A15B08B4A15810
                                                SHA-512:70C2215C64FC3BCD95E9BCA1BCD95792F0272E6E40BF1A9CCD613A069BD4F7CC07AE9B8A5AE7CCF7461218D648869B9B375F12BFC542272215D11ADA422DD4A7
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449701410_474789018534823_132095418009423402_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=a4-7etsBSc0Q7kNvgGNQ-c5&_nc_ht=video-hou1-1.xx&oh=00_AYBddMuxclFe9RyZwMpsaRcIsWvTHMHPaUlXWSkfhVbxJg&oe=668B2AE3&bytestart=824&byteend=963
                                                Preview:....sidx...........D..............5...\>......0...X...........X.......1:..X......./J..X......./a..X.......0I..X.......0...`........d........

                                                Chrome Cache Entry: 357

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                Category:dropped
                                                Size (bytes):1335
                                                Entropy (8bit):6.678633862683156
                                                Encrypted:false
                                                SSDEEP:24:4qbLWhc1sps0qhfY19nbE25Ids+rshqWWAKUsFKoCtg8HrMWTLOzYa3:NLCiWNqpTs+1WZ2qNHrM/
                                                MD5:F3233168366BD008CCE28DAADDB1616A
                                                SHA1:BEC979CC7017FE7D0493222DD70DA12240340000
                                                SHA-256:C5D0256AB06F2ED47A7F1D2752C8CDD19E6F06633BBC9015A39DD34AEE26BB60
                                                SHA-512:35DD12E4C75EBDDFCBAD3076FFF1E5C06B6E0F9101DE85F39A89CB63C9BA02A00054617E84BA6E0B214B71835518F4A8E52970C6CB9ACB7DBE8716728E7C4FC3
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM..........g..Sqk45epbGm_N6siNwbYV..(.bFBMD0a000a85010000dd010000440200006f020000b20200004a030000c5030000fa0300002a0400006904000037050000...C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2..".....................................................................................n.=.\...W....k]...l.V.[..@...... ..........................0..1................1._y..>a..B.eh..E....}...&....%F...O&.j.Ad..iS."y.O4..W.#......................... !0........?..(y............................ a........?.....j.........,......................!.."12.#Qar. 03@AR.........?..w.....x,..."...s...Y.. .dy(m.1...+.......9...e....Dxu....i.2...uq.......b.e..."...iwr.....5........$....................!1QqAa.. 0............?!.L#}.W.WOW..^..`.Gz.4Xu..e.oC....0.+7...4...+.....*]}....E..)u.L....9dVW..0KZ..[s.V...o.+.Jg..zy..xx.p...n..?...............,0..<....<.........

                                                Chrome Cache Entry: 358

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):80
                                                Entropy (8bit):2.3894383268210744
                                                Encrypted:false
                                                SSDEEP:3:rBltIlyzW/hCv1n6bF:Vl2yi/hC8bF
                                                MD5:0C1FCCD4BF726E228F4B48F6BDC46798
                                                SHA1:42D7EAC7FA0361C55F200BDE7363B105F2ABC08A
                                                SHA-256:547D030799405E91B9EF57B68132E0301BB83EE90EBE2ADD386D8D296C0C1297
                                                SHA-512:671016BCAC0D7A58FF2634E96FD1F96D26A8967CCF5692CEB0CAE8B66321751A093826147B143F4752C0538B683B75D4CA1E394F3713F795B2CD479C2B64F519
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=826&byteend=905
                                                Preview:...Psidx..........<...............Xc..,...........,.......!...,.......B{..$.....

                                                Chrome Cache Entry: 359

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):824
                                                Entropy (8bit):3.4626747454307254
                                                Encrypted:false
                                                SSDEEP:12:ASOtJXSkouwKJRLrtX9iZkF/xt42/INA/m+ZWFyKmMQoK5I10Lrw8NPtR/QQO:ASOWnKJx5xj/m+Z/b5I1aHZgQ
                                                MD5:AD764EB7638168DDA857CE117D7BEB83
                                                SHA1:1A33C347B74A13CD33813693B43773B5B1654B86
                                                SHA-256:110E620D87DB081EB8F0FF88C9063C522B84E5338CF4600DC66361A170656EF1
                                                SHA-512:7CE65A6C791AD67A59B74704B4297AC4387BD681232F317558426C4FCCCC2B41DEC3A34007C35C678AF288B709452DBBDEA37A2E9761CE9A255B385A6289C1E5
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=0&byteend=823
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd..................................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd......................................................................@..............Tmdia... mdhd.........................-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a...............................)esds...........@..............+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 360

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 49 x 74, 8-bit colormap, non-interlaced
                                                Category:dropped
                                                Size (bytes):1633
                                                Entropy (8bit):7.352151724937379
                                                Encrypted:false
                                                SSDEEP:48:Qy3Hwa/3ffWoAf6t+snxsGhlYUcGwMMQ1:xQaXfKG+IJcJM51
                                                MD5:72EE577BCC1A6A29D0422C3EB1248861
                                                SHA1:800818D8D4A3E67D49ED2A3A935B355F8452DDDD
                                                SHA-256:97FADFDD7D274DAABD9F7D79C817F4A9FACC08EBA67E38284698525E8A1FFFD0
                                                SHA-512:A373DB5E786A91D299394B45D707A067CEC708966B8757BF84F5BEF0F167E7EE4388C4356468526A6A8B4AD3521773FE78FDE18422B16F730D9116245544171B
                                                Malicious:false
                                                Preview:.PNG........IHDR...1...J.....%.L,....PLTE.....................GpL...........................FFF......ooo...BBB.......................................NNN...uuu...............................................................999..................,,,.........AAA...............444......................................................777...WWW......:::.....................333........CCC........................zzzhhh....."""{{{...jjj.............%%%...555............................................bbbccc.........rrr......sssrrrsss.................................to.K....tRNSfJ....\.Td..hLfl.xP6.\x.....jf..|..N|`........N..R`..n..^.tVp..V.v...z...t.|.."^v.hfBlZX.j...tb..p~b....:4r..x...h......n.......n.t.....`.`.....b....b.................TIDATx^..es#G.....dY`.33...!3C.0.c.....~.|.D+E.f....}.T......j...3..3...)C."...'..........GK._..........J.....%..vw:....D&+5.fl... ..@..Q.4.$.h.&Zb..N.....b-.h.".....R'.b.n...!.T#..N.G.a..UEg.DZ.3.....OtC{......+.7.......E.$...

                                                Chrome Cache Entry: 361

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (693)
                                                Category:downloaded
                                                Size (bytes):3143
                                                Entropy (8bit):5.37079395351489
                                                Encrypted:false
                                                SSDEEP:48:o7gbuQLkZHPLbrzOw3KP757NQ8jsKyYqb6f4np/EkGuf/x06IZ2rw:orQGXJaT57OMNwp/kufJRgqw
                                                MD5:DB38B407EAF251C03254DA070DF97E29
                                                SHA1:440A9FE061A55A3C2E20FC8D5421CB89B691C4D5
                                                SHA-256:7071B6E12C5D15142A9D5EF16103678A3038B6D8FFDCDCE248C9E26B9D4D0E81
                                                SHA-512:B99B5DDA32BACF2C79CB23FFD9EC624AD678243C6DBEC19409C298C09486E8F38F31AD658A23BC9D5E249E7D906BA66C303EA3B84F63FD6B053CF588B718F377
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.ZU1EFvXsC20.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAgJYBMgM/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EN3i8d,F6sNGb,Fndnac,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,lRrMHd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,r1n9ec,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEfiLuEnjxYrdf-rk4qPrRacOxopQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
                                                Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ZwDk9d");.var gw=function(a){_.J.call(this,a.Fa)};_.B(gw,_.J);gw.Na=_.J.Na;gw.Ba=_.J.Ba;gw.prototype.aO=function(a){return _.qe(this,{ab:{hP:_.zj}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.sh(function(e){window._wjdc=function(f){d(f);e(EFa(f,b,a))}}):EFa(c,b,a)})};var EFa=function(a,b,c){return(a=a&&a[c])?a:b.ab.hP.aO(c)};.gw.prototype.aa=function(a,b){var c=_.Vta(b).Fi;if(c.startsWith("$")){var d=_.Zl.get(a);_.$p[b]&&(d||(d={},_.Zl.set(a,d)),d[c]=_.$p[b],delete _.$p[b],_.aq--);if(d)if(a=d[c])b=_.pe(a);else throw Error("Xb`"+b);else b=null}else b=null;return b};_.Pq(_.mea,gw);._.l();._.k("SNUn3");._.DFa=new _.Ce(_.yf);._.l();._.k("RMhBfe");.var FFa=function(a,b){a=_.msa(a,b);return a.length==0?null:a[0].ctor},GFa=function(){return Object.values(_.Yo).reduce(function(a,b){return a+Object.keys(b).length},0)},HFa=function(){return Object.entries

                                                Chrome Cache Entry: 362

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:dropped
                                                Size (bytes):90611
                                                Entropy (8bit):7.971480654815842
                                                Encrypted:false
                                                SSDEEP:1536:O44J2FZ64LQuIqkjQUfM+vlT/PJvjZxJnPMSjGC3rkUYgPvvk4dPQfet:O4425LrIF90EtVnPx7bkHsPF
                                                MD5:DF0C52D1196691BFA19719D220DEF927
                                                SHA1:803229F0960F3B7697551A4387BF0507D4118785
                                                SHA-256:A6E4308B428728D558ABA29367B04A740AFB08F5464160F2FBEB2D5AECD1419A
                                                SHA-512:5534766D8292DC87DEA024954CBB1821EB9E2AF50EC3585F698B14B3A7055877A9D9A5FA0EA4DA649C475EF7DE93DF19EEC114F15366B8FB3CBAC3187C49CCB7
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f0100001f1e00001c5300002256000041590000b17f0000e9cf00001cd6000065db0000e3e00000f3610100....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."..............................................................................iv&....K...1.b...^D..]..&.'^Fg..J..D...F..]..hp !i[.1HC...E,&GD..R.[./...YR.5..V.T.5.....MR{...5.bA..{Y.M..w..F4.............>..z...!...a.bm..}Lo?...x...W...........:V.g6......LA........7...Vy........,.i[...0.y.W"...............y.o.wwNx..Z..{y.X..m..0\..zH.s..;`n....-.V._C.....G....=....x.|...\..8...Y..T$O.5XQ....W ...I+..2.b......`..(..aF.H..}.......".{.,.\.9w.:..y......;.."..F;9...@.._W...SL.....Qm....1.....hg(.FP.....k..8.TFT..e.P..A...l.U.....T.."...ZJv2.ZTM.`I.....,..{;.....UI..s..?...I...6.\y.G......J..>~.wo?Jm=,V.q=...2u.....yp<w....%^s.3.Q..P.....,.Y...R\..5E....E.@.SB.

                                                Chrome Cache Entry: 363

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):826
                                                Entropy (8bit):3.505679134773534
                                                Encrypted:false
                                                SSDEEP:12:LuA47STXSkouwKJRLrv9uckg/OcRS+xtEqltEf95I10HZ/8:LuAUSSnKJLR/VRS+TDEnI1
                                                MD5:8315A80BFB1FF769A5B2BA8B921E11EC
                                                SHA1:B812B318E40501077896DF89336ED7CAD130F2FA
                                                SHA-256:C73C738DEFB1144E4C4618F5A06F81B70E7936CBECBECC5026C8BD1740FBACA0
                                                SHA-512:96AF526E44C0474230A9C67E9E91DB7819F8E9FB7852B253CE877758FC450A1AD1B1445809757806906F4B53EEA81D1A9E76DD55A3CEDF9A64CD0704787AD9DF
                                                Malicious:false
                                                Preview:...(ftypmp41....iso8isommp41dashav01cmfc....moov...lmvhd............2.....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd......................................................................@....h.........vmdia... mdhd............2.....U......-hdlr........vide............VideoHandler....!minf...$dinf....dref............url ........stbl....stsd............av01.........................h...H...H.........AOM Coding.............................av1C..........M..@..........colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 364

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):44121
                                                Entropy (8bit):7.962602874805387
                                                Encrypted:false
                                                SSDEEP:768:bjQbDWCsZVaF83WqX2SF7VB1Z+h1fYpq+Rc2RnezBHVFHVOfeok68VoCHn:3QbQZVamG8F1Z+b8q+RLZez9V5VOml3n
                                                MD5:4AA11FEFE20BF4B6FC3D8CD1502E760A
                                                SHA1:7EBFE1769B574490C0FC555C7D5DE4743685F65D
                                                SHA-256:471154EE195B49411A2D3E17AA02683466409AA555F3E5BF8A2FC1A8F4AF4A18
                                                SHA-512:EEB593AA80FC79C4FE19AD17E0EFDDB104F77B543144D468768D4FEF1577E65DE6F0301DA94FB239BBA2C7ADF316B0CCD46442F3BCDD458094D0FB78393EEC4A
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449694296_1560210191559240_4020235943818543510_n.mp4?_nc_cat=108&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=G_r6oeHwmwAQ7kNvgG6sqtC&_nc_ht=video-hou1-1.xx&oh=00_AYDS2eQw4y1eaYumABsQPAZWQpmI7avDCc5ri5ShKEtmDA&oe=668B3299&bytestart=1014&byteend=45134
                                                Preview:....moof....mfhd............traf....tfhd...*....................tfdt...........ptrun.......................G.......................Q...............Q...............................D...............M...............................Q.......q.......N...............................n.......................)...............n.......].......f.......s.......F.......................r...............r.......................0.......]...............Z...............................R...............R.......3.......................w...............................................~.......................X.......&.......>...............................P.......$...............x.......................%.......&............mdat......D..5|.... 2.....i..$...~p. .....Q.,..r..~b..(AY.k.U.....=.=....G@..\j..F*~.J......+.r......F....B.5y.:3.hQ._.xo.D.O<UE.`.Dj7.....gn.......J.Z../../X..Rsj.=.7W..Lx......p.*.A....>q...N..4n....;.x.N.....@D....R...AM...X..W{.4.z.RZH...D2H@.r..?.G...:.u......m...x.&Dg3}X.....

                                                Chrome Cache Entry: 365

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                Category:dropped
                                                Size (bytes):1533
                                                Entropy (8bit):6.950634983778945
                                                Encrypted:false
                                                SSDEEP:24:gqymtRxc1spCBmmNJASrXwv59NCgjXZO/odpZnKLWPj13SKKnhr3Qz:gTmtRxiWCBjbnAFpqoA01bGx3W
                                                MD5:D00C42B8E81402F439C2225F5AE87E2A
                                                SHA1:8BD3F9513951E06D2F4D9F13F659D6064B43571B
                                                SHA-256:6E0E82D5C0761F6C51BD1725036ECC4605ED5BFBFA5EBE91AD1D18B0EE1B8BE7
                                                SHA-512:DDAC5EC91B7761DDA68B3CDC2EFC2FE392A5315C65FFAB88D244BEF49F1686FFF93E9073B73B59ABC66031C08538F21A7596A521FF30CE01A33F27858500A6D1
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6c010000e4010000730200009e020000da0200008d0300003b04000071040000a3040000de040000fd050000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."...........................................................................,..!..n<.N...Co..q.J....a....ee%.....q..j..e..a}.....yv........(..........................2...."#$134A.............K....u.<....KF.......JiM.$.......K.o.L...-...W*...p(21q\...y...G.4..gc$.e....t-.m..#...~..pc%:........................... 0........?...=............................ !........?......._...).......................!1A.."Qq2ar B...........?...F.D......L(.Z.............G....<4.'...a..woH..P..wmg5h..~.6..c._0.O..C........"..:..Tls..j.A.X..%'..UR.LJ.7..F.h`.....:c..."....................!1AQaq.............?!.'.5.KgW.J...fy.=8@gT..D.Y.AM,.. ..qd1..&.J...Sb:.....2{5+...H>.....q..x....

                                                Chrome Cache Entry: 366

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:downloaded
                                                Size (bytes):44
                                                Entropy (8bit):4.453416561671607
                                                Encrypted:false
                                                SSDEEP:3:8VKJmQcwVbF7KnZ:BJmjwVbF7KZ
                                                MD5:491DC96011445194971CFAE6A7A0B191
                                                SHA1:74BD675A8CBC8AF507C0EB5509727EA3F9B85060
                                                SHA-256:C3BA6FCBB38A83C87009DEE4BAB93A9B3274553128D77E5B2C04077ECD35C1D3
                                                SHA-512:38356EF67B6B704F2129828299E516B04B29EA1EEB25CF356E22E3AFEC7A875E2187F70E9E7CF0467DEFA14F11D802ACF00D69B2B13EFEA025942E21383AC35E
                                                Malicious:false
                                                URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
                                                Preview:Ch8KBw0ZARP6GgAKCw3oIX6GGgQISxgCCgcN05ioBxoA

                                                Chrome Cache Entry: 367

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (45939)
                                                Category:downloaded
                                                Size (bytes):133457
                                                Entropy (8bit):5.130346614800303
                                                Encrypted:false
                                                SSDEEP:3072:h5uEi/bA+TnJDpamoObnmodwbwnwmwowd6/yW8RNK+blic1rU6fJGnjkuC6hfMEl:jblic1rU6fJGjQ6hkefClYgNJFC
                                                MD5:E46314BB0E1BC605ECC4B109884DC57B
                                                SHA1:3679B4E58BC40E16F26E5FBFA84145D766E90C25
                                                SHA-256:A414CB8F1C321717D7109A62E26CFFA5E336C970F906B89C05B9836734D5D8A0
                                                SHA-512:D398D0D3E581F900A74685D001EC241C1F745BEAFE3F60B9B2A7A737B2B3198D8C63E84D160FFCE15E1A850BB31441EC812F4D161CC2A1F415E3E36D523840EC
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3i19e4/y7/l/en_GB/g25nMFNsm6P.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/..__d("BaseTextWithIcon.react",["BaseNonBreakingSpace.react","BaseView.react","react","react-strict-dom"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||d("react"),j={icon:{alignItems:"x6s0dn4",display:"x3nfvp2",verticalAlign:"xxymvpz",$$css:!0},iconContainer:{display:"xt0psk2",whiteSpace:"xuxw1ft",$$css:!0}};function a(a){var b=a.children,e=a.iconAfter,f=a.iconBefore,g=a.iconOverrideVerticalStyle;g=g===void 0?null:g;var h=a.observeDirectionality;h=h===void 0?!1:h;a=a.spacing;a=a===void 0?.5:a;f=i.jsxs(i.Fragment,{children:[f!=null&&i.jsxs(c("BaseView.react"),{xstyle:j.iconContainer,children:[i.jsx(c("BaseView.react"),{xstyle:babelHelpers["extends"]({},j.icon,g),children:f}),i.jsx(c("BaseNonBreakingSpace.react"),{size:a})]}),b,e!=null&&i.jsxs(c("BaseView.react"),{xstyle:j.iconContainer,children:[i.jsx(c("BaseNonBreakingSpace.react"),{size:a}),i.jsx(c("BaseView.react"),{xstyle:babelHelpers["extends"]({},j.icon,g),children:e})]})]});return h?i.jsx(d("react-strict-dom")

                                                Chrome Cache Entry: 368

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (44533)
                                                Category:downloaded
                                                Size (bytes):834206
                                                Entropy (8bit):5.751935958869683
                                                Encrypted:false
                                                SSDEEP:6144:PLTYSPd+lWTqKZF8hmDrIM7qu3+jgX0BWj4+X82Wfwp8S+lo:PLTYSF+lWTASMjGXa49
                                                MD5:82B51CAEEAD41E79E3A990E6958DC87A
                                                SHA1:E74031E393003DE1758C41C0C524A08C8B8C1641
                                                SHA-256:DD6E978BC16278B08A0C289AFBC2CF9A50F54AF5B81DAC12E818506BAF21C51D
                                                SHA-512:1F48CB64A022929439FA7D5E55CF4B58C5F23A72D791459F050F6150FFD13F5F3AA77CB5659D735B9044E1355C3FEDB693F2C2F807B20B8B07C7B0B54CEE8302
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.tJAV7vL1l6c.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAAJYBMgM/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHSmMVe3EF2eQKql4kfMC1M0jwtog/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,STuCOe,njlZCf,m9oV,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,lRrMHd,xBaz7b,F6sNGb,eVCnO,r1n9ec,LDQI"
                                                Preview:"use strict";_F_installCss(".VfPpkd-Sx9Kwc .VfPpkd-P5QLlc{background-color:#fff;background-color:var(--mdc-theme-surface,#fff)}.VfPpkd-Sx9Kwc .VfPpkd-IE5DDf,.VfPpkd-Sx9Kwc .VfPpkd-P5QLlc-GGAcbc{background-color:rgba(0,0,0,.32)}.VfPpkd-Sx9Kwc .VfPpkd-k2Wrsb{color:rgba(0,0,0,.87)}.VfPpkd-Sx9Kwc .VfPpkd-cnG4Wd{color:rgba(0,0,0,.6)}.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub{color:#000;color:var(--mdc-theme-on-surface,#000)}.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub .VfPpkd-Bz112c-Jh9lGc::before,.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub .VfPpkd-Bz112c-Jh9lGc::after{background-color:#000;background-color:var(--mdc-ripple-color,var(--mdc-theme-on-surface,#000))}.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub:hover .VfPpkd-Bz112c-Jh9lGc::before,.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub.VfPpkd-ksKsZd-XxIAqe-OWXEXe-ZmdkE .VfPpkd-Bz112c-Jh9lGc::before{opacity:.04;opacity:var(--mdc-ripple-hover-opacity,.04)}.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub.VfPpkd-ksKsZd-mWPk3d-OWXEXe-AHe6Kc-XpnDCe .VfPpkd-Bz112c-Jh9lGc::before,.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub:not(.VfPpkd-ksKsZd-mWPk3d):

                                                Chrome Cache Entry: 369

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):92
                                                Entropy (8bit):2.1221145304364146
                                                Encrypted:false
                                                SSDEEP:3:vBlti/r08/l//Ebldt/z1f1t/EFldt/1spFn:Zlk0OObwFcpF
                                                MD5:616465D0F637F176224D15C81F9B9A36
                                                SHA1:51AF65C57050CC3420EC87D406A6B337823D5056
                                                SHA-256:657C98B255EEA7D197D2562B70355140EC8F62E1FED559B0D2BB564B9C64D70F
                                                SHA-512:BD8B935FD8A80154EBE08F3E8CFA0C02CB32D8817BA8E8BE667AC806FB4A7469875A08061EF712B50279D2CBCBF806D7837C5627BA6DA97E368B45927EBD5DC5
                                                Malicious:false
                                                Preview:...\sidx..........2..........................a~..........V2..........a`..........P.........

                                                Chrome Cache Entry: 370

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                Category:downloaded
                                                Size (bytes):21875
                                                Entropy (8bit):7.968424155529536
                                                Encrypted:false
                                                SSDEEP:384:FaF6fRGyzYohszb2XiAvrZLc8k3a4aA+RuIMxYwniqW0ztCj4shIJks+:FacpYoY4jZLc8l4HvFkSahskz
                                                MD5:049D60AB478FDB47FB66103EEAE1FDBC
                                                SHA1:4C5FA31A0FE4710DD619584DD44EC5C8E5848BDE
                                                SHA-256:0333E499AD55CCCA1D46D5C823FA0ECF9218D987A8EAB12F9AFDB4D9FABD8AF4
                                                SHA-512:8BC1D145B782625DC7B0210310A7D4D053BB49C8B30A9B722888B0BCB3530063FC25BBC6CB79B96F01B951D6448F04706D10CD8D2CB622767E0D1BA362E74DBC
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/446011137_845336897476330_471070398515497688_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=v7hJjTPWU-8Q7kNvgEv2wTk&_nc_ht=scontent-hou1-1.xx&oh=00_AYCfTZltWEu8w35W3YzOzPGVyDPH-ZqRjNGO2SbVQQFKMA&oe=668B33D6
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f0100004406000013100000d9100000b61100007b1f00001433000024340000943500001e37000073550000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n...."..............................................................................F...l.gYl......hd....P.Y\......%.F..c...AlM.......U.g........di:2sLS....Mq...........f.+T.I.z[W....b.\...0...p.nH(@.?)p.Z...N,#.WD>.....m+..k..E{KdVac(.*o&;...U....HMY.I...+US[...enE.y.*z*..N.(H:.4.`ez.}X.v..paz.O...y..,it...0.k3..4g'a]5y.....ps}.N...Nk.x8......f....([...9ZS..I5.r.v).T.S\Pk4V.1.T.0....o.S..f>Fp...1]..T.oB.w.Rz.:/b..X-&CH.[e..-...?..b9.Q.....=..*...U.FJ.~.[.<e.N.C.......m,(..w..?.@..Dh...H:4...0-T....*..w.N......{6._A.EF.(..>r...........~(.`A.....*.....Z.UV....e.mMC...\:~.......2..0.a.$](..fk...O.fU...uu.>M;d....u.8.=...K...h`X.xU...a....q,)D..?@q..E.J]..(.~VA.rA....$

                                                Chrome Cache Entry: 371

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:downloaded
                                                Size (bytes):90611
                                                Entropy (8bit):7.971480654815842
                                                Encrypted:false
                                                SSDEEP:1536:O44J2FZ64LQuIqkjQUfM+vlT/PJvjZxJnPMSjGC3rkUYgPvvk4dPQfet:O4425LrIF90EtVnPx7bkHsPF
                                                MD5:DF0C52D1196691BFA19719D220DEF927
                                                SHA1:803229F0960F3B7697551A4387BF0507D4118785
                                                SHA-256:A6E4308B428728D558ABA29367B04A740AFB08F5464160F2FBEB2D5AECD1419A
                                                SHA-512:5534766D8292DC87DEA024954CBB1821EB9E2AF50EC3585F698B14B3A7055877A9D9A5FA0EA4DA649C475EF7DE93DF19EEC114F15366B8FB3CBAC3187C49CCB7
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/442015974_912843267314068_1743771999496193037_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=zkb3Mq01jDsQ7kNvgHbfuPm&_nc_ht=scontent-hou1-1.xx&oh=00_AYDi1cWU_CyeTN-LK4i01f38fd_u6Dcvx_s3QT3qCalc1g&oe=668B155D
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f0100001f1e00001c5300002256000041590000b17f0000e9cf00001cd6000065db0000e3e00000f3610100....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."..............................................................................iv&....K...1.b...^D..]..&.'^Fg..J..D...F..]..hp !i[.1HC...E,&GD..R.[./...YR.5..V.T.5.....MR{...5.bA..{Y.M..w..F4.............>..z...!...a.bm..}Lo?...x...W...........:V.g6......LA........7...Vy........,.i[...0.y.W"...............y.o.wwNx..Z..{y.X..m..0\..zH.s..;`n....-.V._C.....G....=....x.|...\..8...Y..T$O.5XQ....W ...I+..2.b......`..(..aF.H..}.......".{.,.\.9w.:..y......;.."..F;9...@.._W...SL.....Qm....1.....hg(.FP.....k..8.TFT..e.P..A...l.U.....T.."...ZJv2.ZTM.`I.....,..{;.....UI..s..?...I...6.\y.G......J..>~.wo?Jm=,V.q=...2u.....yp<w....%^s.3.Q..P.....,.Y...R\..5E....E.@.SB.

                                                Chrome Cache Entry: 372

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):824
                                                Entropy (8bit):3.466018055506166
                                                Encrypted:false
                                                SSDEEP:12:ASDCHXSkouwKJRLrtX9FsZkF/aCC2/INA/m+ZWFyKmMQL5I10Lrw8NPtR/c:ASXnKJxRB/m+Z/L5I1aHZ
                                                MD5:15E567AFF33A0F9DB7B4ECC6A1E3FBFE
                                                SHA1:498F477E9EF13360796ED58C012732EB339E26B8
                                                SHA-256:C86C63FC47DD36E021E2924AEA166BF34EEA5CCC1F5A8E603F652FD168F2ABB8
                                                SHA-512:6D92AD2255F659AC955FAEE48AB53EAEC0B84D6385604E02F5641749D5C5ECA1D14BB6826B5FA1E70F71767D3C4BCC039627529C640D3BABC3F03407FEFC85DB
                                                Malicious:false
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd......!..!........................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd......!..!............................................................@..............Tmdia... mdhd......!..!...............-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a...............................)esds...........@.......W...W..+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 373

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):818
                                                Entropy (8bit):3.433127122589121
                                                Encrypted:false
                                                SSDEEP:12:Lu3kSFXSkouwKJRLrX9ickaHtOcRb++o3SKUTP95I10HZ/eM:LuUSwnKJzXHtVRb++rI1
                                                MD5:E2AACF2335215B431ABBF8C16FCC0808
                                                SHA1:69B866E1B56F8F31FCE7DB9C0A534242F6BE1986
                                                SHA-256:E7043F217FB2F7E3ABDFFA6022233F05829C0F218B7D8757FB179822BB033695
                                                SHA-512:351F40CA0C950A220A4FD131B54446735FA52C6E5728B6627DC3DE51DC87B09A485DBE70CD9513272B4729ACD42E9EC99781E495D3F0EED7DFCD0F1491BB6FB6
                                                Malicious:false
                                                Preview:...(ftypmp41....iso8isommp41dashvp09cmfc....moov...lmvhd..........<.....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd....................................................................@..............nmdia... mdhd..........<.....U......-hdlr........vide............VideoHandler.....minf...$dinf....dref............url ........stbl....stsd...........}vp09.............................H...H.........VPC Coding.............................vpcC................colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd......|.... trex........................

                                                Chrome Cache Entry: 374

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):17701
                                                Entropy (8bit):7.8708161117066915
                                                Encrypted:false
                                                SSDEEP:384:amUA/Gv6kIGrTRagTH013MwcU5Td8daL8SaXASafi7e6nweE:amFOv68xDT8cwcWtxqiBMVE
                                                MD5:ECF3123F436575206905A48382B690A1
                                                SHA1:825644C34A7807B0A1F1FB1BC91C84E4D31B070C
                                                SHA-256:54D576D1C9F9C17CBEBF522F8D2DFDF7D646C241C8F32945CA5B9EB90D253C99
                                                SHA-512:05C4A45B8CC8E878D685CE5032B85DC6B8DB5E0A22DC51DAE1D7BF962CA2CFF4E00EBE2FE24A2C613216051E2B80B6546A4DB112E5797A4EB23116985AF7BCD6
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=904&byteend=18604
                                                Preview:...4moof....mfhd............traf....tfhd...*....................tfdt............trun...........<...s...t...s...........................................r...b...M...V...z.......y...y...h...s...]...i.......l...o...Z...R...e...W...c...Z...y...e...........j...T...\...U...[...`...g...d....sbgp....roll..............C.mdat!.E..P.F.=..<.@............................................................................................................................................................................................................................................................................................D)iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiix!!E..P.F...............................................................................................................................................................................................................................................................................................)iiiiiiiiiiiiiiiii

                                                Chrome Cache Entry: 375

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):140
                                                Entropy (8bit):2.53830466738071
                                                Encrypted:false
                                                SSDEEP:3:fBnltcXT01NWllhCtll2tllPllnCl/llzkP/ll4FNM9ln:pnl+0tTF2
                                                MD5:0AECE8EB39C2B638384D07A701E7681F
                                                SHA1:369614C234766EFB07A7F78F6CF8E289B8325C3B
                                                SHA-256:D6B80D6D994DD103FD3DC9F69F1DB936CCB1F22A6850B6382079AD52DF136C26
                                                SHA-512:3B619E8951A4823C4DB3198690C4178FFD63E7BDBDCC5757213D4369C175EAB2B03826D488ADDD3A32EDC012A6CEA45BF0CC994C36B83B1B9D538A24709AC6B1
                                                Malicious:false
                                                Preview:....sidx...........D..............E...\>......?#..X.......?...X.......?...X.......?...X.......?...X.......?O..X.......@...`...........@.....

                                                Chrome Cache Entry: 376

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                Category:dropped
                                                Size (bytes):1933
                                                Entropy (8bit):7.190556724742186
                                                Encrypted:false
                                                SSDEEP:48:g6r0iWJoPAHMGfPdeJZSC/XKxibwTZzYE1mXtE9:1e9fPUJZSyUTJv1stE9
                                                MD5:4D0F1CEB4D895316AA0A904CD63D7532
                                                SHA1:94C9612D5ED8D1A8186392F3F021FB4594194BE4
                                                SHA-256:0502404C3CD6C2804813308FF4BFA5A96D7C470889E5585E9D196462D760756B
                                                SHA-512:0708DDD28BEA1D4ADBCAA4D17404F276A939D490EF8BDD8B546F475D97F6B8B25F195113D34E543762F19033238D40FDF1EE2152F37CE8BD87F2628BA5C4FE08
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e010000e301000087020000cd0200001f030000f8030000020500003c0500008b050000da0500008d070000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."............................................................................a.9..~: ..S.zT1....+........Q.V=$cY../..z.+Y)k.....Y._+....l..L..?..."..........................!#2"34............q.PV.l,.e.E.^....jX..In.:..X..{..|.E....5.A....?.\.....\|..Bh7vn..y.3.Rj.......S..s.mf.%.0.....|....:t;2.......$.... .........................!21R.........?.7....*.Yn...bD..Q...Ob.g.... .........................!1.3q........?...U.+...k.4Q."..*..m..=...;....(......................!1.AQ"Bq.2a.#...........?.%.]........Aqw..?<..........<.?A.M#..x....K.j.V)'...x.2.......S<...6..J.F.Bi..\..H.h...Y..w.....<':O......*..eF...v+L.8....sW.-K.v....#P.Y.gP.p..Y....)..L.....\.|,....#.................

                                                Chrome Cache Entry: 377

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):92
                                                Entropy (8bit):2.547028628684007
                                                Encrypted:false
                                                SSDEEP:3:vBltNXl4gjQbv/llN11klXrqXl3lv9l:ZlTXHQbfx9l
                                                MD5:F3EBF406A882F862BD59DAE6A0CE7D92
                                                SHA1:98FE89C7BC10D2BE9BBFA5A40541BF8E7CAE4787
                                                SHA-256:19B6324C3C21AD3AC45BDC85128758049953B71930BCDE1F4F56166F81F079D6
                                                SHA-512:9DD998C06DA7F80292ADA49FF7C6B9B90408E7E664E4F5380F097DD659D9A32482B2DB3D57B7E87A3187D9D7E8DF0044B017EA9A6731BA1C7048B8A6F8881618
                                                Malicious:false
                                                Preview:...\sidx..........................E...|>......?...x.......?s..x.......?...p................

                                                Chrome Cache Entry: 378

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):188
                                                Entropy (8bit):2.52777929308576
                                                Encrypted:false
                                                SSDEEP:3:PBnltIld21DzlfUI1sXQ1p8+J9XOF9XHwr11bW2lfFgJlfC/NMzXiMw8flH:5nl2dVImgA+yAhw/JQmeMJNH
                                                MD5:D81E704510D1AD0681B0BA98DDB0D9B7
                                                SHA1:0821A7B8B72FB8438B3EC3E639F6A6884D06CEAA
                                                SHA-256:7A905352520B2676A07529277B39B0F493303CF2AD201EEF95D7740D10433311
                                                SHA-512:B121D1618D116C864B3AF6B125B540CAD25C4DB1E3D59D672E40FF7D37CDD71970312ED8F389986ADF8BFD0C621CB0A2D89C47A1D7FCA37877A195C4D4DF4E30
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449694296_1560210191559240_4020235943818543510_n.mp4?_nc_cat=108&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=G_r6oeHwmwAQ7kNvgG6sqtC&_nc_ht=video-hou1-1.xx&oh=00_AYDS2eQw4y1eaYumABsQPAZWQpmI7avDCc5ri5ShKEtmDA&oe=668B3299&bytestart=826&byteend=1013
                                                Preview:....sidx..........<................Y..,........A..,...........,...........,...........,...........,........,..,.......~...,...........,...........,...........,...........,........N..F.....

                                                Chrome Cache Entry: 379

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:C source, ASCII text, with very long lines (4162)
                                                Category:downloaded
                                                Size (bytes):1137262
                                                Entropy (8bit):5.558904998390639
                                                Encrypted:false
                                                SSDEEP:6144:wqRP8Ke/4kXP9/Tn7nM+yYs9TWa1GmbjDHVXVevKZ2P4Mmm7oqhle5C8Dmoj0+ky:J4sPjVXVH0TZokwktQDr2Ul
                                                MD5:5C35989D9ADCEDFD7743E3CAD9E09153
                                                SHA1:A416D86795E5A0E2440008A1F39D32724E531016
                                                SHA-256:765539F4474B1CC3ECF7070406A2CB61ED54247F64125120240BECA02ACE44C8
                                                SHA-512:36F68B9CB64D5B333AA86DF99AD3660CB8EC11337496CB29E47982E5564ADC4FD31C124385DF0502CE78C3087A212D69D97B815056432A8BC1ADFBD9188938CA
                                                Malicious:false
                                                URL:https://static.xx.fbcdn.net/rsrc.php/v3iwqK4/yD/l/en_GB/yW5mlSpCn9mRZLWp0bJ4uPcKI4lWgwKKj-ueoATFbIw-uaTxM-JV6thYT7n1sgH1lvsz5KVEO_BkqDYvatkvPhoONu3pkqVqdCD9WJk8ujrnjKWwIwOKBPFJOCwuhXh84BiB8aEbWRwojUJXL0ygo8J-EX1Rdzuzi16yghjE4ZDgkA82rIloB7qqcm2jr73EEuMST7r_l1DuzAtWVRntr0ucTZxwWk6_vabK_-gp55HfXW__mMzi95_wmB-512pEQn4HVER6.js?_nc_x=Ij3Wp8lg5Kz
                                                Preview:;/*FB_PKG_DELIM*/..__d("LynxGeneration",["LinkshimHandlerConfig","URI"],(function(a,b,c,d,e,f,g){var h,i=new(h||(h=c("URI")))(c("LinkshimHandlerConfig").linkshim_path).setDomain(c("LinkshimHandlerConfig").linkshim_host),j={getShimURI:function(){return new(h||(h=c("URI")))(i)},getLynxURIProtocol:function(a){return c("LinkshimHandlerConfig").always_use_https?"https":a.getProtocol()==="http"?"http":"https"},getShimmedHref:function(a,b,d){var e;a=new(h||(h=c("URI")))(a);var f=j.getLynxURIProtocol(a);a=j.getShimURI().setQueryData((e={},e[c("LinkshimHandlerConfig").linkshim_url_param]=a.toString(),e[c("LinkshimHandlerConfig").linkshim_enc_param]=b,e)).setProtocol(f);b=d==null?void 0:d.trackingNodes;e=d==null?void 0:d.callbacks;b&&b.length&&(a=a.addQueryData("__tn__",b.join("")));e&&e.length&&(a=a.addQueryData("c",e));return a}};a=j;g["default"]=a}),98);.__d("NonFBLinkReferrerProtector",["$","LinkshimHandlerConfig","Parent","URI","cr:5662","setTimeout"],(function(a,b,c,d,e,f){"use strict";var

                                                Chrome Cache Entry: 380

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):17809
                                                Entropy (8bit):7.889876715927552
                                                Encrypted:false
                                                SSDEEP:384:P0wlCG5ahqGMB7wWaJxJBBIzIvIzSKj9jU9ZEmIk1q:cwlCmadMNlauzVt9jUHEmIGq
                                                MD5:4C0B6485E57A9D58E99184DB2BAF95A1
                                                SHA1:24BBD1AAC3B00C95713CF1D3B9DC339A1CD9171E
                                                SHA-256:7C5B0E81B9C4A676FFD8A9A887676D8FDE7E3143CA1CDAB285D47158A81AFBB7
                                                SHA-512:2CB2E1B278E6E9B362F0761FE1DDA042DF5EF2838FEE5AA88B8A11EE9FA0599EBDFA4D31F6208B6A77B613D48D44C180373FE7DC09E3C192E396AFB7CA78C199
                                                Malicious:false
                                                Preview:...4moof....mfhd............traf....tfhd...*....................tfdt............trun...........<...s...............................n...R...i...................~...|...z...m...\.......w...P...g...`...h...`.......Q...T...h...................N...R...Y...A...V...s...l...Z...g...v...s....sbgp....roll..............D]mdat!!E..P.F.=..<.@............................................................................................................................................................................................................................................................................................D)iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiix!O..........~C.}.S.Q.h>.^i??.....~>..(.=...B...%..D ".9..F....C.>.w.F~G.l..c'.....<...........o.~.~..q......3.....`..}D/...@0...8.."I[..3.a........D.......A.....eU).....e.s=...y0...0].D`.e.D..6.l:v...cvF^..<.~'N.W.q.e......{...Gz.......SwX......Z...+.`s>J.?.......}.\...P.w.?..#.{'...Gox.#.......2.....

                                                Chrome Cache Entry: 381

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):824
                                                Entropy (8bit):3.448226753484057
                                                Encrypted:false
                                                SSDEEP:12:AS0ArXSkouwKJRLrtX9BsZkF/hAJA/m+ZWFyKaQGFh5I10Lrw8NPtR/cO:AS0AKnKJx1hAJ+Z2GFh5I1aHZ
                                                MD5:229CBD2FFE2B1D950C82CA007F84BB12
                                                SHA1:682E6BEE249A7442BD1F83C5EB0D0EB0722F5C1D
                                                SHA-256:6E932E38E244EDAC1A46058D6113544A8A6D556F555ADCD6AF5207BC499B2268
                                                SHA-512:90C22186014541E2F5AB5D042CF39266019728928999A5312D71F0E677DCB16EC2788BDB2206CD7AEA34A719EDE10F13D15BCD0F24BF7AE1720DBCFA0FE4BDB0
                                                Malicious:false
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd.....W8.W8...D....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd.....W8.W8............................................................@..............Tmdia... mdhd.....W8.W8...D....U......-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a.........................D.....)esds...........@.......y...y..+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 382

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1136)
                                                Category:dropped
                                                Size (bytes):1555
                                                Entropy (8bit):5.249530958699059
                                                Encrypted:false
                                                SSDEEP:24:hY6svN/6zSU6pedQf3Zvcn1BZdAe1nCr1LTHI5z1sW:3qN/2+pUAew85zf
                                                MD5:FBE36EB2EECF1B90451A3A72701E49D2
                                                SHA1:AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D
                                                SHA-256:E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63
                                                SHA-512:7B1FD6CF34C26AF2436AF61A1DE16C9DBFB4C43579A9499F4852A7848F873BAC15BEEEA6124CF17F46A9F5DD632162364E0EC120ACA5F65E7C5615FF178A248F
                                                Malicious:false
                                                Preview:<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 400 (Bad Request)!!1</title>. <style>. *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//ww

                                                Chrome Cache Entry: 383

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:dropped
                                                Size (bytes):127219
                                                Entropy (8bit):7.9870295399132
                                                Encrypted:false
                                                SSDEEP:3072:oiGt0gVkM6839lgj+25yETT/iJpmMIqk5kQNmYu1b1BQ:oiGuIx39lgq0Uwqk5kQNmYWbfQ
                                                MD5:D1C56E2460AF0B65C349BFFACEE35B96
                                                SHA1:BF666ED0F8E4DAFDDE476C78A294B9B9A7288C1E
                                                SHA-256:0B33C8E140385E1195D9993BD425D52B2CDBAD36E8F9D45300009807F17D5868
                                                SHA-512:D41994FE132D281D107E9EE3EA22EC330CE73D451CAE78D4CE7E72D3550416BC2561F2528EB54927431B83F4880D98C93F8C996F3F542BF879E20D902CC68D63
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f010000d1210000df61000016650000d46b000068ba0000cf280100fc2e010011350100703d0100f3f00100....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."..............................................................................%.y.^V..a.....T..YE..P....;4...1...u.W+.&R{.k:.p..beU.s....m...U.rzy..9.....G.#..r..ge.t......%....]...G......Xj.1;.q.....D.GST.... .{..a.j.k..iQ.`F|....5.k.g..wvbP.gOf.0,*....U.-...J....3.9Hx..%Z.:_$vfg..b=v....V.V..zjk.-.D....hZ.>..].:.Fx...1.UVT.../EyKu.$...s3/..M..k..........)zN..4$.6z.....$.9..P.].4.[v$._E.r....se... .A.X.(maV.....-#A...`y'}.W.eSaGp..W..K.*.F.......tn.'........w.G....t;.ys..*.\i..^..5:.'J..h.f.Y.f.=...[5QQ. j.W.J.k-L....7!.........q4{i..?@[....R.j.[..%..+[.q.+v(gtS4.P.cv..U;...U<..c.b.&..H_P.......x...y.1j.\F...-d..Wi.U...Y..|..|..z...j...Z...Z..5...`.m.

                                                Chrome Cache Entry: 384

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):826
                                                Entropy (8bit):3.5180132696972732
                                                Encrypted:false
                                                SSDEEP:12:LuA47S0U5hXSkouwKJRLrv9ZEckp2hU5kOcRS+xtEqC95I10HZ/UY:LuAUS0JnKJL1hjVRS+eI1
                                                MD5:191F4AB024431AB44353859FBE16B843
                                                SHA1:4B442BC28664B047231967FE6648CAB67232089F
                                                SHA-256:8CD59B412DEE3910F6DD17D293828FAA203AD6A5D85167E7301C03C4FB8B79A8
                                                SHA-512:E315D928D7CD0684F354E5BB8D1DBF3FA76AECB936B16D9DDCA17E70DE62FD9E094B6869B2ECEA62035BB6C65E1BFCFDCB5911100E778CCD4C135A7C57EB8D85
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=0&byteend=825
                                                Preview:...(ftypmp41....iso8isommp41dashav01cmfc....moov...lmvhd......O..O..<.....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd......O..O............................................................@..............vmdia... mdhd......O..O..<.....U......-hdlr........vide............VideoHandler....!minf...$dinf....dref............url ........stbl....stsd............av01.............................H...H.........AOM Coding.............................av1C.........,.?./....$....colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 385

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:dropped
                                                Size (bytes):46236
                                                Entropy (8bit):7.980756845423282
                                                Encrypted:false
                                                SSDEEP:768:7vELPYMwtRbbOvsFFFgbh4Hxa1PUs2IA5v2bTjEiARNZrMFKwkQ8UKvwC9EsqvW:jMAftRbbOvAFgu62hRSXSRNqFKQ8UMSm
                                                MD5:5BB0A294FB1233AE53D94C892775AAD3
                                                SHA1:1D92AD2DAD7580EAD0B53065A8A7CD1B7D8DC6E7
                                                SHA-256:1AD63DD16B81DAE619ADF445A7C87B881BAED81549DAE23E20A08009460F8017
                                                SHA-512:55F541274EB74A5AF91DC6ED48249AD9DDC410EA488B2CC4D09286D3D5537ECFC247A99A0911BF2782FA87D0FED89859FE3BBB00CC1584CDD71DD4C79B3BCEB8
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a70010000bb1a00008a320000523600001c3a000070420000d8630000086a0000f46e0000777400009cb40000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."...............................................................................[.o.=.D...@.LC}fa...-.....$I!".1`......a.$$"!..@...!$..Q+...2...I.D...X%aD.!. 00....M[nU...Y]...5Jm...1..&A...6C.....R....Hi Q.".....!...C ..).. B.#H.d.I!..."BD,(%.[ .VQG".R0.e.CS.m:-.:o....e*..Q...6).j.Rfl...U2K#I...`...@.. ...B..0...gN.....L.a.Da@2H.@..HD...e(`...........k..#.ty.....-.z..,.g...3L.yg).sP...F...!...>.....Cz..v.......^.3uy<....&I..E.Q.*..!%e. p.`....\p.....!C.....Y........]yd......sF.U..0...e.k..n..\.}..'....$..<......%.9.:q...8V.0H.....@.D,)U.d. .d.$.!.......E.f....Rs.^...~yo.\:}^gS.....Z.....D.u....i..{....-...t.lqs......N.......8A$*."..,.e..H$.d.]..Q.JxT.,[..v.u...^.

                                                Chrome Cache Entry: 386

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                Category:downloaded
                                                Size (bytes):1700
                                                Entropy (8bit):6.323201485125496
                                                Encrypted:false
                                                SSDEEP:24:V79dlcsVrDYHlctR2HbHL88+2Yc1spoyj7ilwCG3S1/dbKqQWTprCQ6X0f:7dl/ulER8EiWoG7ilb1RTpu10f
                                                MD5:58F290922F06D8276E0481875E087386
                                                SHA1:B7FCE28D96AB016A3BD377EB2C40D79749BA9E09
                                                SHA-256:2C7029BF8BB85E1D3A3D11D10C080CFD192E9C51B20B1411FCEAF846AC1E8C7C
                                                SHA-512:774894BF6F8B923794B6C1E7153951F1B322C45E8CD74042C2909BF94BC3ECDF08A363ED347F13F3ACE599545FD66A3C97941FC2CF81FB9848337B081A595A3E
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t39.30808-1/347289288_940658950320773_5181046417556168232_n.jpg?stp=cp6_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=50d2ac&_nc_ohc=lUai_6JnLsUQ7kNvgGud4pc&_nc_ht=scontent-hou1-1.xx&oh=00_AYCZHvtcBsXaonrh2ASHSgFuSaMRue07RBVkGTtP2PHBEQ&oe=668B288F
                                                Preview:......JFIF..............ICC_PROFILE.......lcms....mntrRGB XYZ ............acspMSFT....sawsctrl.......................-hand.......<.Q.E(z..................................desc.......^cprt........wtpt........rXYZ...,....gXYZ...@....bXYZ...T....rTRC...h...`gTRC...h...`bTRC...h...`desc........uP3.............text....CC0.XYZ .......Q........XYZ ..........=.....XYZ ......J....7....XYZ ......(8.......curv.......*...|.....u.....N.....b.......j.. C$.)j.~3.9.?.FWM6Tv\.d.l.uV~..,.6..........e.w........Photoshop 3.0.8BIM.......h..(.bFBMD0a000a47030000a00300000a040000340400006d040000fe0400006b050000a0050000cb05000001060000a4060000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."..............................................................................kXMY...8<.:..`.s.....z..cd...V.......#........................ .....!"1..............4..C...u...`@.jrF.V..=.{...M."&.zr'.q.z..+YZ....E~

                                                Chrome Cache Entry: 387

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):47580
                                                Entropy (8bit):7.955498481495531
                                                Encrypted:false
                                                SSDEEP:768:J4iz3YMECrtph/wOagw23UxnsSs4bHwCx7uk8MkL45kc1ei/8JA62hubPLR382q7:J499Oag4nsSs4jwCsLcepJlV382S
                                                MD5:F21EF8B712EB0AA2A185F1F0BE88F0DE
                                                SHA1:B81F730A8AEC38CEB48B3686AD7F0DD7E34CC90D
                                                SHA-256:F88A00F3DA1E47EB2C7C97930D6BD96AD504EE4859A2B8CD2BC30B2A9D0D1222
                                                SHA-512:5160321193A3B7A61F564DAED470E9DCF8C576D0C475A5FA09705BA2541A3AEEF1779CEBC471437CAF0CE6BFE95140A2C74023CB41A5A9D075A7DFCC37338111
                                                Malicious:false
                                                Preview:....moof....mfhd............traf....tfhd...*....................tfdt...........ptrun...................`........... ...#.......-...........................................#...................................$...............P...J...........;...K...M...E.......M...F...B...A...........G...(...............P...C...d....................... ...........V...W...........(...k...............................................#...l.......[...................................h...................L.......O...................................6...................w...................V...........f...b.......v.......o...x...n...!...........a...5...].......?...<...A...A.......K...>...8...*...............w............... mdat.I.B@!.;.D*....................|o..'..?......O....~O..z..>7.....MH....[..\....9k.M....W...;....M.)k...yt...'t._..........^r&.1..Vu....m*....L....Ne.........k...*..JADUAT.p@n.}..XW#..2(........C....&7/=.....v5%..h.Z.J.T.....D...y....uS.U.+bh..@..8.0..7K...'.a..d.dESf ..hC....s...0

                                                Chrome Cache Entry: 388

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):80
                                                Entropy (8bit):2.5984822215897525
                                                Encrypted:false
                                                SSDEEP:3:rBltIl3A19c52l1+NWCdgnzl/:Vl2A+52l1+NWlx
                                                MD5:FB6977B3AF34CDE98103125C26C95CBA
                                                SHA1:9E077564E06C7E23A074013831A2371DB47BFD61
                                                SHA-256:6381FFA1526250A7E3F72F9D06D9EB3E8C93301C90018E90886096F31340A729
                                                SHA-512:42C8EB59E54764ED8A6ECA68BF469DDBC86234341E6E85548A3C7849DD353A065233F910A1ACCBFAA779D403647C8A6A7F2151D536DB6032887BF7EFAE27FF13
                                                Malicious:false
                                                Preview:...Psidx..........<...................,...........,..........,...........T.....

                                                Chrome Cache Entry: 389

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):128
                                                Entropy (8bit):2.5014824367742965
                                                Encrypted:false
                                                SSDEEP:3:bBnltcXnjcuQknllOCtll5Clv/llHCl/llIWllk+P/llntlH:lnlftCmp92X
                                                MD5:3DC1A2F4D09D3E593FD1024394FE2FCE
                                                SHA1:06448763E538161E02B7BE39AFAD564EF8D94BEE
                                                SHA-256:1E35BC91DDEAFF355F91770D4A786DBA1C4EACD47EB3768913FAB37A4F387F96
                                                SHA-512:42EB3DC288B32A2F205A8D11D4A7A44487B76EA11853858AD19135832CFA01EC47F5B21FADEB97186ACFD61D28CD11CC1E324A6DAA336BF215DC938FA24720FF
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=824&byteend=951
                                                Preview:....sidx...........D..............F...\>......?^..X.......?...X.......?...X.......?...X.......?&..X.......?...X.......0.........

                                                Chrome Cache Entry: 390

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):188
                                                Entropy (8bit):2.52777929308576
                                                Encrypted:false
                                                SSDEEP:3:PBnltIld21DzlfUI1sXQ1p8+J9XOF9XHwr11bW2lfFgJlfC/NMzXiMw8flH:5nl2dVImgA+yAhw/JQmeMJNH
                                                MD5:D81E704510D1AD0681B0BA98DDB0D9B7
                                                SHA1:0821A7B8B72FB8438B3EC3E639F6A6884D06CEAA
                                                SHA-256:7A905352520B2676A07529277B39B0F493303CF2AD201EEF95D7740D10433311
                                                SHA-512:B121D1618D116C864B3AF6B125B540CAD25C4DB1E3D59D672E40FF7D37CDD71970312ED8F389986ADF8BFD0C621CB0A2D89C47A1D7FCA37877A195C4D4DF4E30
                                                Malicious:false
                                                Preview:....sidx..........<................Y..,........A..,...........,...........,...........,...........,........,..,.......~...,...........,...........,...........,...........,........N..F.....

                                                Chrome Cache Entry: 391

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):826
                                                Entropy (8bit):3.4788411476568806
                                                Encrypted:false
                                                SSDEEP:12:LuA47S0HqXSkouwKJRLrv9ickYhHnOcRS+xtEil8a495I10HZ/m:LuAUS0lnKJLFhHVRS+bgI1
                                                MD5:028478B27F2CF81A961E47B7AC200616
                                                SHA1:8DA76EF8BDB485C0B8311EF7C84DB2A5FBE7F1DE
                                                SHA-256:CC1B7E2E9BC1F742617E2A0EA0D88F36D58725A6A3A51E0EDD166290669E0A08
                                                SHA-512:2E13C69F67DA79BCACF72CB37FB0AE785FE774B0C7A114863449C53132DD8DAA4E382043375401B925C8243B2706ED2CE25D2056D6A7A7EB82CEAEBE77BBB81F
                                                Malicious:false
                                                Preview:...(ftypmp41....iso8isommp41dashav01cmfc....moov...lmvhd.....p..p...<.....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd.....p..p.............................................................@.... .........vmdia... mdhd.....p..p...<.....U......-hdlr........vide............VideoHandler....!minf...$dinf....dref............url ........stbl....stsd............av01......................... ...H...H.........AOM Coding.............................av1C..........D...|.... ....colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd......V.... trex........................

                                                Chrome Cache Entry: 392

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:downloaded
                                                Size (bytes):24
                                                Entropy (8bit):4.053508854797679
                                                Encrypted:false
                                                SSDEEP:3:ez1h8FfY:Kh8Fw
                                                MD5:A62223264CD530204B2933EF9B663F93
                                                SHA1:7CD63C5A89DB974468AA6765C5BE8DC719AB811D
                                                SHA-256:FD802AFC88F2A78C16207E7055F163D903BE3B32E3A11A95E84ACC6284798883
                                                SHA-512:02276DFEBBC9C4BBA0286232D571C16155F017914CEB37B3F32FC12D3B81B174478C20444902E31957FAEF59BAD0C80D4D1D5241E5DBABDB69CB3F1314E9AE6E
                                                Malicious:false
                                                URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAlyCXj1PD6lfBIFDb2Fgw8=?alt=proto
                                                Preview:Cg8KDQ29hYMPGgYIARABGAM=

                                                Chrome Cache Entry: 393

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:BS image, Version 30820, Quantization 26995, (Decompresses to 0 words)
                                                Category:downloaded
                                                Size (bytes):56
                                                Entropy (8bit):2.0550212339213947
                                                Encrypted:false
                                                SSDEEP:3:jBltIlnc81o4dln:9l2c8i4
                                                MD5:8EB7D176EEE280B236DFF38E3B998728
                                                SHA1:C8AD80093ED78F15E5722F39EBA0C2AF33D21154
                                                SHA-256:CD997494968627CC0AA61AD51F8323502BEF0D52F775EBA88BC19ECA0FA338EB
                                                SHA-512:CA776705A9C0750A7019C920FED4D69EE624BA9B47124C52D123EC1D90171950AB56C1ED2B1B354585E25457B7BFC9F0653B62E5FED3D1CE493ECEA44D1925DE
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=818&byteend=873
                                                Preview:...8sidx..........<...................,.......M...P.....

                                                Chrome Cache Entry: 394

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):826
                                                Entropy (8bit):3.502424085444056
                                                Encrypted:false
                                                SSDEEP:12:LuA47SRXSkouwKJRLrv9eckp2ROcRS+xtEqy95I10HZ/c:LuAUSUnKJLdRVRS+OI1
                                                MD5:FA536F383C65C192463E988524DFFC55
                                                SHA1:044CE1120A4A2210A1243B4778D05BF712CAD50D
                                                SHA-256:6C229C1BCA271C9E1D92237EAFA7EA9CB3A67810E9E9A526398ED00AC4B78EF3
                                                SHA-512:FB901BB3BDE44E3B85BE90B4A841F2847195FD4A1688D6BF5EE9BD3C19C83448D3E5E8C6A71E354DB6FFF8662ED33F0B9E827BEFC607B09BF3D1CD964D952FAF
                                                Malicious:false
                                                Preview:...(ftypmp41....iso8isommp41dashav01cmfc....moov...lmvhd......K..K..<.....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd......K..K............................................................@..............vmdia... mdhd......K..K..<.....U......-hdlr........vide............VideoHandler....!minf...$dinf....dref............url ........stbl....stsd............av01.............................H...H.........AOM Coding.............................av1C.........,.?./....$....colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd......8.... trex........................

                                                Chrome Cache Entry: 395

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):80
                                                Entropy (8bit):2.5445179762781582
                                                Encrypted:false
                                                SSDEEP:3:rBltcXw5bfzClHll6sllUUv/:Vlv6bv/
                                                MD5:F8BF567FB0A50D6BFF777C48B563869A
                                                SHA1:E68EAD11271AC323F200FFC7B464D5388E55EB27
                                                SHA-256:A5DA9840B996D3A3F996EB52728BDD7C74499B33118799CA6DC746EEC87637CE
                                                SHA-512:DEBFED0E3DBD7319FED703D40901ACAD1C48E48E19BBA14577B89BB4BF010EC64C52D1857C478DE710B1C01C754D27A00FEDFDF995E4B2DCB932EAA262BA035F
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=824&byteend=903
                                                Preview:...Psidx...........D..............E%..\>......?...X.......?...X...........7.....

                                                Chrome Cache Entry: 396

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):92
                                                Entropy (8bit):2.1221145304364146
                                                Encrypted:false
                                                SSDEEP:3:vBlti/r08/l//Ebldt/z1f1t/EFldt/1spFn:Zlk0OObwFcpF
                                                MD5:616465D0F637F176224D15C81F9B9A36
                                                SHA1:51AF65C57050CC3420EC87D406A6B337823D5056
                                                SHA-256:657C98B255EEA7D197D2562B70355140EC8F62E1FED559B0D2BB564B9C64D70F
                                                SHA-512:BD8B935FD8A80154EBE08F3E8CFA0C02CB32D8817BA8E8BE667AC806FB4A7469875A08061EF712B50279D2CBCBF806D7837C5627BA6DA97E368B45927EBD5DC5
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=826&byteend=917
                                                Preview:...\sidx..........2..........................a~..........V2..........a`..........P.........

                                                Chrome Cache Entry: 397

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):17937
                                                Entropy (8bit):7.794777690480409
                                                Encrypted:false
                                                SSDEEP:384:g3OkgPaHxCaz0ijL7RAk+GkPxhgTbKj/KhWzdH6vMkg:EKaHxCazVH+wkp2TCKhOdH6vpg
                                                MD5:D117165E4D738057F1BFA9AB02DA635A
                                                SHA1:76D4841622DE4646B522A709048A918120E7E939
                                                SHA-256:8ED222F5F52D436BA552A3EB35644E31308F1E7DDDECFE935BED764FF1452401
                                                SHA-512:8EA625CB5B7F2CBFD1D7777D5E86746959B054C52E87B439D30891DFB0B6CB87168A7A3BF365568CC393608EBE971AF6CA11F830FBA3D5C9B967267BCE5A80E5
                                                Malicious:false
                                                Preview:...4moof....mfhd............traf....tfhd...*....................tfdt............trun...........<...s...t...s...P.......................S...................l...B...@...U...i...........B...M...U...Q...l.......[...z...]...|...b...u.......v...p...u...j...n...t...p...s...b...u.......f....sbgp....roll..............D.mdat!.E..P.F.=..<.@............................................................................................................................................................................................................................................................................................D)iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiix!.E..P.F...............................................................................................................................................................................................................................................................................................)iiiiiiiiiiiiiiiii

                                                Chrome Cache Entry: 398

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):824
                                                Entropy (8bit):3.440133388592401
                                                Encrypted:false
                                                SSDEEP:12:AS5XSkouwKJRLrtX9CZkF/e/INA/m+ZWFyKaQi5I10Lrw8NPtR/B:AScnKJxZe/m+Z2i5I1aHZ
                                                MD5:26EC79088F7739C7F4202C88738044F2
                                                SHA1:3A04B72A8E24219F6534E45F7B1A3488F39A0324
                                                SHA-256:1134F9777B04155FDBD1F62DB8D7CA02C9DB2D882612D1FC074FFD54D3DBD835
                                                SHA-512:6AD766E8BF966471ACCE89C6DD7FD35569024A4CE9F8FD3102A7864EDDF60F8A5B966FC3141D9341A16F9CAFDF314CC97C40024A47B5041C5EDC27E517ED68EB
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=0&byteend=823
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd.....{d.{d...D....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd.....{d.{d............................................................@..............Tmdia... mdhd.....{d.{d...D...........-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a.........................D.....)esds...........@..............+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 399

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):826
                                                Entropy (8bit):3.515565432868116
                                                Encrypted:false
                                                SSDEEP:12:LuA47S0yXSkouwKJRLrv9ickp2hPOcRS+xtEqy95I10HZ/UV0:LuAUS0NnKJLhhPVRS+OI1/
                                                MD5:AAC0CEA1859C9A095B5BB558E032B472
                                                SHA1:7A8B6BE397920EDAEAA5FBB67AAA4A6832F6C6A5
                                                SHA-256:33089A0B61E398AAF5D9AD14BF2FE383CF58BEDF5FFDADE267E85F6B9419265B
                                                SHA-512:809EB3A508A19BD96360E83C3EBE0C1197E482E6E5CF2606B7980F49926073D37618772BF6E085D24EA1580729FF38364ACDACC6D795B664EC9FD3BBDBB86BB4
                                                Malicious:false
                                                Preview:...(ftypmp41....iso8isommp41dashav01cmfc....moov...lmvhd......|..|..<.....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd......|..|............................................................@..............vmdia... mdhd......|..|..<.....U......-hdlr........vide............VideoHandler....!minf...$dinf....dref............url ........stbl....stsd............av01.............................H...H.........AOM Coding.............................av1C.........,.?./....$....colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 400

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):589000
                                                Entropy (8bit):7.999147947077226
                                                Encrypted:true
                                                SSDEEP:12288:Qb+4dNgfQobhSrlC22FNZa55/5nZchCr+PDAnHc5/c7:QbDsoobhFzZav1ZkR8T
                                                MD5:D9532BBDE135A9AADBF87B1BC7E8F053
                                                SHA1:5F39A7140D3B23FEEBC67E240728ED08BDF595D3
                                                SHA-256:C56133E95AF4B75B37A748E5FE8AEFC94F7259330FE9E48ABF5A42B7E93859E0
                                                SHA-512:571A61D8B2412900F0242A57E890975FB7B593856008B8FFB435CD1EE6F3A1865D44DBD59860D80AE9D0441292253DB0D4AE697EAEE6A4147E2B70522528EC46
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=906&byteend=589905
                                                Preview:....moof....mfhd............traf....tfhd...*....................tfdt...........ptrun...................V...................................................O.......$.......M.......I.......}.............../...............n.......................'.......................................S...............................................#.......................................X.......i.......................................................4...............=.......................................b...............d...............................d..............................................................................o................}....................................................................mdat.....,.?.....$2.....i... A.......<....' ..'.....3..'\.s.1.a0p..]%..,._..^....9.,.|.ZP(..W...e.4...sg.x..8Z.S.Y^%'..#...@.5%.D....H>^.{!S.9...9.n....i.Vb...K.N.J}.]R..?.A.!(.B..5<..2.\.2@..BE*c.p.v.....R..U=..B.BM......s~...I...^...3..N......'..S...B.@...j .a.0.xQ.W..m.

                                                Chrome Cache Entry: 401

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):824
                                                Entropy (8bit):3.455065918560999
                                                Encrypted:false
                                                SSDEEP:12:ASZXSkouwKJRLrtX9iZkF/kA/m+ZWFyKaQi5I10Lrw8NPtR/c+:AS8nKJx56+Z2i5I1aHZ
                                                MD5:190FF87CAC2E07307F79BF720DC9140C
                                                SHA1:2D878383F5C9885DA7A6E68DFB6DA39405DB09F0
                                                SHA-256:3B977E09CE3D2903F33EB14562E9084A938A1ADEF35F1505C3459A442E74896E
                                                SHA-512:F395BD0C410BF3962D48440BFA71D83DA5EBDDD3C29C72CEB09DA92DF47BBA74F8A49012D9B3CB74482E493BB4823B206B62339CBAE5A91091D4E6F146CD40A5
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=0&byteend=823
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd...........D....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd....................................................................@..............Tmdia... mdhd...........D....U......-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a.........................D.....)esds...........@..............+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd...... .... trex........................

                                                Chrome Cache Entry: 402

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):826
                                                Entropy (8bit):3.575104636447861
                                                Encrypted:false
                                                SSDEEP:12:LuA47SHJXSkouwKJRLrv9iXckaPKbcRS+xtEKW95I10HZ/yc:LuAUSsnKJL3PHRS+iI1N
                                                MD5:04EA4A0CFE34DF4030E83B150EB9C1D5
                                                SHA1:B5477B732C4C3C9A259F22246461BBFEC4DE5022
                                                SHA-256:919AB28F0F430671063F1EE27E5C334934AF9BAD544097E6FA1E1B3C1A388C0B
                                                SHA-512:91FA162A232B41DC10068EA64E92BA41B623D897090380758E115250056856E189356BBC86BDB91F759279B4854812A73AEEA62CA0EB3AE068FC7FACBFC11FCA
                                                Malicious:false
                                                Preview:...(ftypmp41....iso8isommp41dashav01cmfc....moov...lmvhd............u/....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd......................................................................@..............vmdia... mdhd............u/....U......-hdlr........vide............VideoHandler....!minf...$dinf....dref............url ........stbl....stsd............av01.............................H...H.........AOM Coding.............................av1C.........$.7._....H....colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 403

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (44533)
                                                Category:downloaded
                                                Size (bytes):836241
                                                Entropy (8bit):5.751370782507753
                                                Encrypted:false
                                                SSDEEP:6144:PLTYSPd+lWTqKZF8hmDrIMmqu3+jgX0BWj4+X+bW1wp8S+lo:PLTYSF+lWTASNjGXLC9
                                                MD5:775F8A77AAE74DB7478D5EDADF67460A
                                                SHA1:740A72415AC75C2F1E08654386BC7B1B5E21BC5C
                                                SHA-256:01917BB57EA57B80D14AD3FACD6560106AA6935A26077C0AD13BF460751D8A65
                                                SHA-512:E8FFE4E59CC021EB2DC32B7050922BA61EC75A17C40245F399AE4064BBCD2029DA014E5D33D44F8447120DA2727ACC55DB6838A75563F6E7C276462907F92679
                                                Malicious:false
                                                URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.ZU1EFvXsC20.es5.O/ck=boq-identity.AccountsSignInUi.DDD9SPcAL2k.L.B1.O/am=HmAYCJ1zFADxnHPgA5QCIQMAAAAAAAAAgJYBMgM/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEfiLuEnjxYrdf-rk4qPrRacOxopQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:F6sNGb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,STuCOe,njlZCf,m9oV,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,lRrMHd,xBaz7b,F6sNGb,eVCnO,r1n9ec,LDQI"
                                                Preview:"use strict";_F_installCss(".VfPpkd-Sx9Kwc .VfPpkd-P5QLlc{background-color:#fff;background-color:var(--mdc-theme-surface,#fff)}.VfPpkd-Sx9Kwc .VfPpkd-IE5DDf,.VfPpkd-Sx9Kwc .VfPpkd-P5QLlc-GGAcbc{background-color:rgba(0,0,0,.32)}.VfPpkd-Sx9Kwc .VfPpkd-k2Wrsb{color:rgba(0,0,0,.87)}.VfPpkd-Sx9Kwc .VfPpkd-cnG4Wd{color:rgba(0,0,0,.6)}.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub{color:#000;color:var(--mdc-theme-on-surface,#000)}.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub .VfPpkd-Bz112c-Jh9lGc::before,.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub .VfPpkd-Bz112c-Jh9lGc::after{background-color:#000;background-color:var(--mdc-ripple-color,var(--mdc-theme-on-surface,#000))}.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub:hover .VfPpkd-Bz112c-Jh9lGc::before,.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub.VfPpkd-ksKsZd-XxIAqe-OWXEXe-ZmdkE .VfPpkd-Bz112c-Jh9lGc::before{opacity:.04;opacity:var(--mdc-ripple-hover-opacity,.04)}.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub.VfPpkd-ksKsZd-mWPk3d-OWXEXe-AHe6Kc-XpnDCe .VfPpkd-Bz112c-Jh9lGc::before,.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub:not(.VfPpkd-ksKsZd-mWPk3d):

                                                Chrome Cache Entry: 404

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):104
                                                Entropy (8bit):2.5679932036140025
                                                Encrypted:false
                                                SSDEEP:3:TBltcXM11ulldsllQknllp0l1tll1l:Nlzxcn
                                                MD5:8E2AA44446860BB117F5F2C60EFA2C5B
                                                SHA1:4D7D0DCBA1DCE58B576F01F6D2C47E3218F42369
                                                SHA-256:0BEB0DF97EE52BD814A07D9191297359AD1420864170196ED47C1B15C4CC9EF4
                                                SHA-512:791F0399C599C748F8F44BEA0C7379BD6DBDC9B040BA875101CFFD65F6D72F0BFB38DA23A6E68CB5251C5098AC051D50B82BA969CAECA5C0A241BF59AFC1C845
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449705054_491731483514107_4213972426740765497_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0ODM4NTEyMjczNzcxNDl9&_nc_ohc=sfLLDPkRnaYQ7kNvgEmsM24&_nc_ht=video-hou1-1.xx&oh=00_AYDKK53K9bXolIEERe7J3ZqtehB6VIGEfx1JVnAXC5q7jw&oe=668B388A&bytestart=824&byteend=927
                                                Preview:...hsidx...........D..............F...\>......?a..X.......>...X.......?^..X.......?...X........y........

                                                Chrome Cache Entry: 405

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:downloaded
                                                Size (bytes):57986
                                                Entropy (8bit):7.962049349706165
                                                Encrypted:false
                                                SSDEEP:1536:iSm9Ysn9yu41QFhOgLYoect22hlYOcBl2wqIn4p:c9YO9dWYYnct26hcBgwqb
                                                MD5:6A5CD8F2512E5E251953C5028A12C42F
                                                SHA1:FC3F89EACC5955ECB6981EE4F48938EC19B97AD7
                                                SHA-256:2B634E2BB3DCBB5A64E7B141B10065ED6C6A47FF09B30DFECD003416D5A543BD
                                                SHA-512:978689AE1C37EB85FF68A901E764EA3450E449F168EEF2BFA28E02CF6FB2AF6EEC56789F0975274105BB66B4ADBFAE93DB158BB109B9B434EFEFB7E7649E3C8F
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/449712644_816422753527500_4620893420354803502_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=w3LX7afKrBsQ7kNvgEQ5S8s&_nc_ht=scontent-hou1-1.xx&oh=00_AYDgVlUrnI3YVIhnU4Rtviyi17Z7BWHmT7t4HLp7HtBchg&oe=668B44F5
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a7001000091170000d4380000173b00006c3d000077590000cc880000fb8e00004e920000cc95000082e20000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."...............................................................................H.............................................................................................................................................................................................................................................o.j.1.p......}G......<..`.O.......#...;..s...}.d..='.0..#..2.....>...&F.........~.....o..Y.<..M..+...~....{..C.....:...?m4i..j.Y.O.}l.r}.O.ps.>...3...."z/G.=.>.'.x.{.....T.3...fu~3.....v...|.....hO.s...S...........d..#...Q.?,.@.....NO......T.VOE.>z=...{..g.|....#....=...[..[...;..,.....>..<..q.._>`...L}OW...._-..........}..........g...7...V.}H.e^.....5.&.J.

                                                Chrome Cache Entry: 406

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                Category:downloaded
                                                Size (bytes):1533
                                                Entropy (8bit):6.950634983778945
                                                Encrypted:false
                                                SSDEEP:24:gqymtRxc1spCBmmNJASrXwv59NCgjXZO/odpZnKLWPj13SKKnhr3Qz:gTmtRxiWCBjbnAFpqoA01bGx3W
                                                MD5:D00C42B8E81402F439C2225F5AE87E2A
                                                SHA1:8BD3F9513951E06D2F4D9F13F659D6064B43571B
                                                SHA-256:6E0E82D5C0761F6C51BD1725036ECC4605ED5BFBFA5EBE91AD1D18B0EE1B8BE7
                                                SHA-512:DDAC5EC91B7761DDA68B3CDC2EFC2FE392A5315C65FFAB88D244BEF49F1686FFF93E9073B73B59ABC66031C08538F21A7596A521FF30CE01A33F27858500A6D1
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t39.30808-1/449321335_395689360177909_8550182580164337098_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=102&ccb=1-7&_nc_sid=50d2ac&_nc_ohc=_Xa0Uj6O_nMQ7kNvgGuNcWv&_nc_ht=scontent-hou1-1.xx&oh=00_AYAKGvx2DcfP2mtCRlf1OfbIssA3-V862UHeEWtcU2ZXbg&oe=668B1EAB
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6c010000e4010000730200009e020000da0200008d0300003b04000071040000a3040000de040000fd050000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."...........................................................................,..!..n<.N...Co..q.J....a....ee%.....q..j..e..a}.....yv........(..........................2...."#$134A.............K....u.<....KF.......JiM.$.......K.o.L...-...W*...p(21q\...y...G.4..gc$.e....t-.m..#...~..pc%:........................... 0........?...=............................ !........?......._...).......................!1A.."Qq2ar B...........?...F.D......L(.Z.............G....<4.'...a..woH..P..wmg5h..~.6..c._0.O..C........"..:..Tls..j.A.X..%'..UR.LJ.7..F.h`.....:c..."....................!1AQaq.............?!.'.5.KgW.J...fy.=8@gT..D.Y.AM,.. ..qd1..&.J...Sb:.....2{5+...H>.....q..x....

                                                Chrome Cache Entry: 407

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:dropped
                                                Size (bytes):824
                                                Entropy (8bit):3.440133388592401
                                                Encrypted:false
                                                SSDEEP:12:AS5XSkouwKJRLrtX9CZkF/e/INA/m+ZWFyKaQi5I10Lrw8NPtR/B:AScnKJxZe/m+Z2i5I1aHZ
                                                MD5:26EC79088F7739C7F4202C88738044F2
                                                SHA1:3A04B72A8E24219F6534E45F7B1A3488F39A0324
                                                SHA-256:1134F9777B04155FDBD1F62DB8D7CA02C9DB2D882612D1FC074FFD54D3DBD835
                                                SHA-512:6AD766E8BF966471ACCE89C6DD7FD35569024A4CE9F8FD3102A7864EDDF60F8A5B966FC3141D9341A16F9CAFDF314CC97C40024A47B5041C5EDC27E517ED68EB
                                                Malicious:false
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd.....{d.{d...D....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd.....{d.{d............................................................@..............Tmdia... mdhd.....{d.{d...D...........-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a.........................D.....)esds...........@..............+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 408

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:downloaded
                                                Size (bytes):116
                                                Entropy (8bit):2.5549267249335
                                                Encrypted:false
                                                SSDEEP:3:3BltcXKl616Clv/ll4l/llq+nllaEtllf0l1tllklulln:xltClpCBcslu/n
                                                MD5:E5CC819D93CB047090BB1B8C5094E56F
                                                SHA1:B6ED997BD6DF05500033F108F16E93A16EE6FFC7
                                                SHA-256:643C0A2455BAF1F75681197808C6ACDF2014F36BAF1E29B1E4D335720730E9CE
                                                SHA-512:8259852D0928B8C7337633D814E4903D27CFC12324229FD6FF7F74BC02DCC1ACBF9D5E7CED830F4E199625B9FCE7787A7406FF6916F572576B44F6B898AFFD24
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=824&byteend=939
                                                Preview:...tsidx...........D..............EU..\>......?...X.......?...X.......?...X.......?P..X.......?...X................

                                                Chrome Cache Entry: 409

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):824
                                                Entropy (8bit):3.448226753484057
                                                Encrypted:false
                                                SSDEEP:12:AS0ArXSkouwKJRLrtX9BsZkF/hAJA/m+ZWFyKaQGFh5I10Lrw8NPtR/cO:AS0AKnKJx1hAJ+Z2GFh5I1aHZ
                                                MD5:229CBD2FFE2B1D950C82CA007F84BB12
                                                SHA1:682E6BEE249A7442BD1F83C5EB0D0EB0722F5C1D
                                                SHA-256:6E932E38E244EDAC1A46058D6113544A8A6D556F555ADCD6AF5207BC499B2268
                                                SHA-512:90C22186014541E2F5AB5D042CF39266019728928999A5312D71F0E677DCB16EC2788BDB2206CD7AEA34A719EDE10F13D15BCD0F24BF7AE1720DBCFA0FE4BDB0
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449701410_474789018534823_132095418009423402_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF80OF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo3NjU0MTQxNDU2NjkzMzR9&_nc_ohc=a4-7etsBSc0Q7kNvgGNQ-c5&_nc_ht=video-hou1-1.xx&oh=00_AYBddMuxclFe9RyZwMpsaRcIsWvTHMHPaUlXWSkfhVbxJg&oe=668B2AE3&bytestart=0&byteend=823
                                                Preview:...$ftypmp41....iso8isommp41dashcmfc....moov...lmvhd.....W8.W8...D....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd.....W8.W8............................................................@..............Tmdia... mdhd.....W8.W8...D....U......-hdlr........soun............SoundHandler.....minf...$dinf....dref............url ........stbl...]stsd...........Mmp4a.........................D.....)esds...........@.......y...y..+..........stts............stsc............stsz................stco............sgpd....roll..............smhd...........$edts....elst.......................8mvex....mehd........... trex........................

                                                Chrome Cache Entry: 410

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                Category:downloaded
                                                Size (bytes):1839
                                                Entropy (8bit):7.170380668946469
                                                Encrypted:false
                                                SSDEEP:48:gsiWwlzaFyNt+oYqDB6tfM6rvBPuIs1t0If3:bst+oYqDB6tTrvsr1KO3
                                                MD5:2E075E2261E2EEA112B5086BFB5A71F9
                                                SHA1:982776D69594043BCB6B28FC92810BEB5921E513
                                                SHA-256:C8F9C904269A8C10537A147F25326507A836C2EA68BCE17CA7C82FABF951D1CB
                                                SHA-512:3F98E254D0C8334B0EB9C97B08ADFA50303622FBC298DDF532F99B146FB92CB502EAF050EE339D7F132372E5F66174B6B96B752B4DC4F1ACB8E2FFFC2A2203DA
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t39.30808-1/242231534_109498171480252_4909944789575946511_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=101&ccb=1-7&_nc_sid=f4b9fd&_nc_ohc=IVI8DmqEO6gQ7kNvgHMETd2&_nc_ht=scontent-hou1-1.xx&oh=00_AYBmvLXpXkFyF_Q2oj_mbyhtb0eTAVdiAa8R6hFKTIPL9A&oe=668B2D3B
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e010000e00100008e020000c80200001003000006040000f30400002905000067050000ae0500002f070000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2..".............................................................................;5.J.Y.x.+y.o(...lJ.wIV.+..|..&...E...G....!.........{.....]..."............................"!23..........m.JV.9........-..+..[.. .Z .dCY.o$...j......3.......[|.....m...l..U...j;...[c!gL.&..n.?.....K.%........!.G.H(.i?f...#F"l0............................. A........?..@..3|..amhiD..?............................1A!........?.r.......dc..m.f.H}.....'.......................!1AQ..."q.2B.a........?..o.K\49.{.....>I......5...b..cc.4..m.[bMFEVU.l.....m.~..Bj`J.b2!.W...J..=..m/"....nq.#o..K....Bf..G.....i.DRX.......E.......A..OO..&6m.:.$.Ady+#..hT.DMz.W...r.S3Y....iEhc).vZ.` ....>cWh. qs..S...!.

                                                Chrome Cache Entry: 411

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:BS image, Version 30820, Quantization 26995, (Decompresses to 0 words)
                                                Category:dropped
                                                Size (bytes):56
                                                Entropy (8bit):2.0899239753965375
                                                Encrypted:false
                                                SSDEEP:3:jBltIlnBfJNfTkNn:9l2ZEN
                                                MD5:5AAE6230695E75B985D37A2DF43B23C6
                                                SHA1:48788E99F4A7CB8CAF3757FDE7E2A1357E111EF7
                                                SHA-256:1EA9C83F28226919A3D2899AD64633119350E3E7EC731E36475769CD85644628
                                                SHA-512:6E807ADAB647039CB27759114CFD4AC1D08251ADA8A3484ED6D31E8CED87B435C6AA2B089AAA58BDA4CF2EDA42D63BF69ABC6D556836F832F5DF9817CC03A950
                                                Malicious:false
                                                Preview:...8sidx..........<...................,........d........

                                                Chrome Cache Entry: 412

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                Category:dropped
                                                Size (bytes):24791
                                                Entropy (8bit):7.969792119384995
                                                Encrypted:false
                                                SSDEEP:384:WWCjOYxB/hnqiBGatsW/Faw04RzvOs1aZlIh67bbq1WpX9jZ2jx9gqsnyr9jWy:pCphnwW9Zv8lIw3q1WpX9jGgqsy4y
                                                MD5:87F864B96D7055DE961E30E5B46BC01D
                                                SHA1:79F55F75BD82B3571E769EF501EC99D90DFA1CE2
                                                SHA-256:C7F6DEA97A4C9BFC5DF4BB3BE81B42CA702765B727FD68786CEF68D5276ADE11
                                                SHA-512:574CE054A2C6973D12E3FEFD8585871BF4F8AEA4870FBFD28844239D95A90B68EF0A321712D1FFB0E930B3A5CDB5587D1FA20EFD9391C39CC7055BE6F16F7A42
                                                Malicious:false
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e01000043060000b21100008d1200008c13000009260000d03a0000e23b00005e3d0000ef3e0000d7600000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n...."....................................................................................I.Q..E.M.x...g.r#.B.B...51....Ve.U ..5..b..[.)1Z.[...N.J.+k..LMA0....F.j.t.L.b..JT......z."}UU....V.n.*Y...X..T..A$..9<.}EXu.#..f.#..4.)U..1*?V.(...L.J.Q..........=e...j...[..&...tj....`...6.\$..n6.S..).[..^......2.C..I6...r...A.[a..o%......3x...0...[8MsfgM..F.5..5.G~.S.G$.k/.....P...........q.#..6..ek.x.'..84...{.....0..9....YY;(h.{.yK..o..Kt..h..L.RBw8.k..%MO..7Foo...sA....[:...........K.P.FV..rIfN...u...2.n..B.....K..Z..A.5s.G..K...\.f.RW.q.0./...........Q.y.a=Y.Qh.\V.G.z...rY..........}+.......o....c.bD@z....f...<..9..?}..J...N...W[s.{^..w...ka.$D.. }OU.B.....O/

                                                Chrome Cache Entry: 413

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                Category:dropped
                                                Size (bytes):1700
                                                Entropy (8bit):6.323201485125496
                                                Encrypted:false
                                                SSDEEP:24:V79dlcsVrDYHlctR2HbHL88+2Yc1spoyj7ilwCG3S1/dbKqQWTprCQ6X0f:7dl/ulER8EiWoG7ilb1RTpu10f
                                                MD5:58F290922F06D8276E0481875E087386
                                                SHA1:B7FCE28D96AB016A3BD377EB2C40D79749BA9E09
                                                SHA-256:2C7029BF8BB85E1D3A3D11D10C080CFD192E9C51B20B1411FCEAF846AC1E8C7C
                                                SHA-512:774894BF6F8B923794B6C1E7153951F1B322C45E8CD74042C2909BF94BC3ECDF08A363ED347F13F3ACE599545FD66A3C97941FC2CF81FB9848337B081A595A3E
                                                Malicious:false
                                                Preview:......JFIF..............ICC_PROFILE.......lcms....mntrRGB XYZ ............acspMSFT....sawsctrl.......................-hand.......<.Q.E(z..................................desc.......^cprt........wtpt........rXYZ...,....gXYZ...@....bXYZ...T....rTRC...h...`gTRC...h...`bTRC...h...`desc........uP3.............text....CC0.XYZ .......Q........XYZ ..........=.....XYZ ......J....7....XYZ ......(8.......curv.......*...|.....u.....N.....b.......j.. C$.)j.~3.9.?.FWM6Tv\.d.l.uV~..,.6..........e.w........Photoshop 3.0.8BIM.......h..(.bFBMD0a000a47030000a00300000a040000340400006d040000fe0400006b050000a0050000cb05000001060000a4060000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."..............................................................................kXMY...8<.:..`.s.....z..cd...V.......#........................ .....!"1..............4..C...u...`@.jrF.V..=.{...M."&.zr'.q.z..+YZ....E~

                                                Chrome Cache Entry: 414

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):44121
                                                Entropy (8bit):7.962602874805387
                                                Encrypted:false
                                                SSDEEP:768:bjQbDWCsZVaF83WqX2SF7VB1Z+h1fYpq+Rc2RnezBHVFHVOfeok68VoCHn:3QbQZVamG8F1Z+b8q+RLZez9V5VOml3n
                                                MD5:4AA11FEFE20BF4B6FC3D8CD1502E760A
                                                SHA1:7EBFE1769B574490C0FC555C7D5DE4743685F65D
                                                SHA-256:471154EE195B49411A2D3E17AA02683466409AA555F3E5BF8A2FC1A8F4AF4A18
                                                SHA-512:EEB593AA80FC79C4FE19AD17E0EFDDB104F77B543144D468768D4FEF1577E65DE6F0301DA94FB239BBA2C7ADF316B0CCD46442F3BCDD458094D0FB78393EEC4A
                                                Malicious:false
                                                Preview:....moof....mfhd............traf....tfhd...*....................tfdt...........ptrun.......................G.......................Q...............Q...............................D...............M...............................Q.......q.......N...............................n.......................)...............n.......].......f.......s.......F.......................r...............r.......................0.......]...............Z...............................R...............R.......3.......................w...............................................~.......................X.......&.......>...............................P.......$...............x.......................%.......&............mdat......D..5|.... 2.....i..$...~p. .....Q.,..r..~b..(AY.k.U.....=.=....G@..\j..F*~.J......+.r......F....B.5y.:3.hQ._.xo.D.O<UE.`.Dj7.....gn.......J.Z../../X..Rsj.=.7W..Lx......p.*.A....>q...N..4n....;.x.N.....@D....R...AM...X..W{.4.z.RZH...D2H@.r..?.G...:.u......m...x.&Dg3}X.....

                                                Chrome Cache Entry: 415

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ISO Media, MP4 v1 [ISO 14496-1:ch13]
                                                Category:downloaded
                                                Size (bytes):818
                                                Entropy (8bit):3.433127122589121
                                                Encrypted:false
                                                SSDEEP:12:Lu3kSFXSkouwKJRLrX9ickaHtOcRb++o3SKUTP95I10HZ/eM:LuUSwnKJzXHtVRb++rI1
                                                MD5:E2AACF2335215B431ABBF8C16FCC0808
                                                SHA1:69B866E1B56F8F31FCE7DB9C0A534242F6BE1986
                                                SHA-256:E7043F217FB2F7E3ABDFFA6022233F05829C0F218B7D8757FB179822BB033695
                                                SHA-512:351F40CA0C950A220A4FD131B54446735FA52C6E5728B6627DC3DE51DC87B09A485DBE70CD9513272B4729ACD42E9EC99781E495D3F0EED7DFCD0F1491BB6FB6
                                                Malicious:false
                                                URL:https://video-hou1-1.xx.fbcdn.net/v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=0&byteend=817
                                                Preview:...(ftypmp41....iso8isommp41dashvp09cmfc....moov...lmvhd..........<.....................................................@...................................meta....... hdlr........ID32...............`ID32......ID3......HPRIV...>..https://github.com/shaka-project/shaka-packager.v3.2.0-release....trak...\tkhd....................................................................@..............nmdia... mdhd..........<.....U......-hdlr........vide............VideoHandler.....minf...$dinf....dref............url ........stbl....stsd...........}vp09.............................H...H.........VPC Coding.............................vpcC................colrnclx...........stts............stsc............stsz................stco............vmhd...............8mvex....mehd......|.... trex........................

                                                Chrome Cache Entry: 416

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                Category:downloaded
                                                Size (bytes):46236
                                                Entropy (8bit):7.980756845423282
                                                Encrypted:false
                                                SSDEEP:768:7vELPYMwtRbbOvsFFFgbh4Hxa1PUs2IA5v2bTjEiARNZrMFKwkQ8UKvwC9EsqvW:jMAftRbbOvAFgu62hRSXSRNqFKQ8UMSm
                                                MD5:5BB0A294FB1233AE53D94C892775AAD3
                                                SHA1:1D92AD2DAD7580EAD0B53065A8A7CD1B7D8DC6E7
                                                SHA-256:1AD63DD16B81DAE619ADF445A7C87B881BAED81549DAE23E20A08009460F8017
                                                SHA-512:55F541274EB74A5AF91DC6ED48249AD9DDC410EA488B2CC4D09286D3D5537ECFC247A99A0911BF2782FA87D0FED89859FE3BBB00CC1584CDD71DD4C79B3BCEB8
                                                Malicious:false
                                                URL:https://scontent-hou1-1.xx.fbcdn.net/v/t15.5256-10/441895106_1198366088013188_6995649902217432552_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=4WgkZe3RElIQ7kNvgG2v3tP&_nc_ht=scontent-hou1-1.xx&oh=00_AYDb-M11Z0SNpwvXrjD3QZn7r2IuxM_jwUBShiw8VZhMjQ&oe=668B2C36
                                                Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a70010000bb1a00008a320000523600001c3a000070420000d8630000086a0000f46e0000777400009cb40000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."...............................................................................[.o.=.D...@.LC}fa...-.....$I!".1`......a.$$"!..@...!$..Q+...2...I.D...X%aD.!. 00....M[nU...Y]...5Jm...1..&A...6C.....R....Hi Q.".....!...C ..).. B.#H.d.I!..."BD,(%.[ .VQG".R0.e.CS.m:-.:o....e*..Q...6).j.Rfl...U2K#I...`...@.. ...B..0...gN.....L.a.Da@2H.@..HD...e(`...........k..#.ty.....-.z..,.g...3L.yg).sP...F...!...>.....Cz..v.......^.3uy<....&I..E.Q.*..!%e. p.`....\p.....!C.....Y........]yd......sF.U..0...e.k..n..\.}..'....$..<......%.9.:q...8V.0H.....@.D,)U.d. .d.$.!.......E.f....Rs.^...~yo.\:}^gS.....Z.....D.u....i..{....-...t.lqs......N.......8A$*."..,.e..H$.d.]..Q.JxT.,[..v.u...^.

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                Entropy (8bit):6.575924221466677
                                                TrID:
                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                • DOS Executable Generic (2002/1) 0.02%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:osr730ky3m.exe
                                                File size:915'968 bytes
                                                MD5:366397087c219fd1ec3465b6075c99cb
                                                SHA1:51b93cc23768f1dc9c0745e7818c4bf0365669cd
                                                SHA256:12f94033d272f341426a6e2afa2937218346cd79960592ed2d7d79d22335ffc9
                                                SHA512:2a260a4918d5224f902c77993f0ba1c88e038f63d966d9d027dc86f116f64a72bd836cfbaab03cc878a1f78c8bf6c5f77a0fbcf15bc9962291fee38d99931a87
                                                SSDEEP:12288:tqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga4TZ:tqDEvCTbMWu7rQYlBQcBiT6rprG8aAZ
                                                TLSH:A8159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                File Icon

                                                Icon Hash:aaf3e3e3938382a0

                                                Static PE Info

                                                General

                                                Entrypoint:0x420577
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x667977EE [Mon Jun 24 13:43:10 2024 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:5
                                                OS Version Minor:1
                                                File Version Major:5
                                                File Version Minor:1
                                                Subsystem Version Major:5
                                                Subsystem Version Minor:1
                                                Import Hash:948cc502fe9226992dce9417f952fce3

                                                Entrypoint Preview

                                                Instruction
                                                call 00007F00C51DBA13h
                                                jmp 00007F00C51DB31Fh
                                                push ebp
                                                mov ebp, esp
                                                push esi
                                                push dword ptr [ebp+08h]
                                                mov esi, ecx
                                                call 00007F00C51DB4FDh
                                                mov dword ptr [esi], 0049FDF0h
                                                mov eax, esi
                                                pop esi
                                                pop ebp
                                                retn 0004h
                                                and dword ptr [ecx+04h], 00000000h
                                                mov eax, ecx
                                                and dword ptr [ecx+08h], 00000000h
                                                mov dword ptr [ecx+04h], 0049FDF8h
                                                mov dword ptr [ecx], 0049FDF0h
                                                ret
                                                push ebp
                                                mov ebp, esp
                                                push esi
                                                push dword ptr [ebp+08h]
                                                mov esi, ecx
                                                call 00007F00C51DB4CAh
                                                mov dword ptr [esi], 0049FE0Ch
                                                mov eax, esi
                                                pop esi
                                                pop ebp
                                                retn 0004h
                                                and dword ptr [ecx+04h], 00000000h
                                                mov eax, ecx
                                                and dword ptr [ecx+08h], 00000000h
                                                mov dword ptr [ecx+04h], 0049FE14h
                                                mov dword ptr [ecx], 0049FE0Ch
                                                ret
                                                push ebp
                                                mov ebp, esp
                                                push esi
                                                mov esi, ecx
                                                lea eax, dword ptr [esi+04h]
                                                mov dword ptr [esi], 0049FDD0h
                                                and dword ptr [eax], 00000000h
                                                and dword ptr [eax+04h], 00000000h
                                                push eax
                                                mov eax, dword ptr [ebp+08h]
                                                add eax, 04h
                                                push eax
                                                call 00007F00C51DE0BDh
                                                pop ecx
                                                pop ecx
                                                mov eax, esi
                                                pop esi
                                                pop ebp
                                                retn 0004h
                                                lea eax, dword ptr [ecx+04h]
                                                mov dword ptr [ecx], 0049FDD0h
                                                push eax
                                                call 00007F00C51DE108h
                                                pop ecx
                                                ret
                                                push ebp
                                                mov ebp, esp
                                                push esi
                                                mov esi, ecx
                                                lea eax, dword ptr [esi+04h]
                                                mov dword ptr [esi], 0049FDD0h
                                                push eax
                                                call 00007F00C51DE0F1h
                                                test byte ptr [ebp+08h], 00000001h
                                                pop ecx

                                                Rich Headers

                                                Programming Language:
                                                • [ C ] VS2008 SP1 build 30729
                                                • [IMP] VS2008 SP1 build 30729

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9000.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xdd0000x7594.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .rsrc0xd40000x90000x9000b5e3b9071c144824e7db81fa7305c8a0False0.254638671875data4.977868520893527IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0xdd0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                RT_RCDATA0xdc7b80x2c8data1.0154494382022472
                                                RT_GROUP_ICON0xdca800x76dataEnglishGreat Britain0.6610169491525424
                                                RT_GROUP_ICON0xdcaf80x14dataEnglishGreat Britain1.25
                                                RT_GROUP_ICON0xdcb0c0x14dataEnglishGreat Britain1.15
                                                RT_GROUP_ICON0xdcb200x14dataEnglishGreat Britain1.25
                                                RT_VERSION0xdcb340xdcdataEnglishGreat Britain0.6181818181818182
                                                RT_MANIFEST0xdcc100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                Imports

                                                DLLImport
                                                WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                PSAPI.DLLGetProcessMemoryInfo
                                                IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                UxTheme.dllIsThemeActive
                                                KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                Possible Origin

                                                Language of compilation systemCountry where language is spokenMap
                                                EnglishGreat Britain

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Jul 3, 2024 15:46:53.083944082 CEST49675443192.168.2.523.1.237.91
                                                Jul 3, 2024 15:46:53.083977938 CEST49674443192.168.2.523.1.237.91
                                                Jul 3, 2024 15:46:53.208885908 CEST49673443192.168.2.523.1.237.91
                                                Jul 3, 2024 15:46:57.924786091 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:57.924844027 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:57.924920082 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:57.925168037 CEST49705443192.168.2.5142.250.185.78
                                                Jul 3, 2024 15:46:57.925204039 CEST44349705142.250.185.78192.168.2.5
                                                Jul 3, 2024 15:46:57.925259113 CEST49705443192.168.2.5142.250.185.78
                                                Jul 3, 2024 15:46:57.964340925 CEST49705443192.168.2.5142.250.185.78
                                                Jul 3, 2024 15:46:57.964359999 CEST44349705142.250.185.78192.168.2.5
                                                Jul 3, 2024 15:46:57.964643955 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:57.964677095 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:58.679824114 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:58.680804014 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:58.680835962 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:58.682202101 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:58.682297945 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:58.684447050 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:58.684564114 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:58.684907913 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:58.684919119 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:58.783440113 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.030570030 CEST44349705142.250.185.78192.168.2.5
                                                Jul 3, 2024 15:46:59.030884981 CEST49705443192.168.2.5142.250.185.78
                                                Jul 3, 2024 15:46:59.030895948 CEST44349705142.250.185.78192.168.2.5
                                                Jul 3, 2024 15:46:59.031300068 CEST44349705142.250.185.78192.168.2.5
                                                Jul 3, 2024 15:46:59.031366110 CEST49705443192.168.2.5142.250.185.78
                                                Jul 3, 2024 15:46:59.031995058 CEST44349705142.250.185.78192.168.2.5
                                                Jul 3, 2024 15:46:59.032068968 CEST49705443192.168.2.5142.250.185.78
                                                Jul 3, 2024 15:46:59.034873962 CEST49705443192.168.2.5142.250.185.78
                                                Jul 3, 2024 15:46:59.034940004 CEST44349705142.250.185.78192.168.2.5
                                                Jul 3, 2024 15:46:59.035136938 CEST49705443192.168.2.5142.250.185.78
                                                Jul 3, 2024 15:46:59.035141945 CEST44349705142.250.185.78192.168.2.5
                                                Jul 3, 2024 15:46:59.079478025 CEST49705443192.168.2.5142.250.185.78
                                                Jul 3, 2024 15:46:59.105376959 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.105431080 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.105464935 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.105480909 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.105520010 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.105554104 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.105567932 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.105576038 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.105622053 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.116592884 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.116740942 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.116794109 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.116826057 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.116878986 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.125907898 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.125953913 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.125973940 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.125983000 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.126034975 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.208467960 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.208547115 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.208553076 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.208586931 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.208631039 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.209964991 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.210016966 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.210021019 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.210042000 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.210083008 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.214494944 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.214554071 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.220632076 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.220702887 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.220729113 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.220757008 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.220801115 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.226923943 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.226993084 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.226999044 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.227027893 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.227077007 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.233217955 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.233283043 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.233289003 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.233321905 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.233364105 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.245676041 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.245752096 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.245770931 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.245825052 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.245873928 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.245899916 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.245940924 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.251792908 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.251866102 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.251868963 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.251920938 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.251970053 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.253741980 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.253803015 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.253804922 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.253838062 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.253887892 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.307264090 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.307374954 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.307400942 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.307432890 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.307483912 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.309170008 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.309231997 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.313666105 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.313738108 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.313762903 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.313791037 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.313860893 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.318973064 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.319051981 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.319087982 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.319139004 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.321932077 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.322017908 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.322036982 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.322068930 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.322113037 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.325915098 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.325951099 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.325980902 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.326009989 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.326050997 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.329668045 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.329730988 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.329734087 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.329761028 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.329804897 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.333112001 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.333164930 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.336844921 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.336884022 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.336908102 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.336940050 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.336981058 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.340734005 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.340770006 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.340790987 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.340818882 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.340858936 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.343517065 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.343569040 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.343595028 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.343645096 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.346637011 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.346688032 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.346714020 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.346767902 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.349858999 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.349925995 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.352766037 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.352818012 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.352821112 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.352844954 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.352899075 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.355721951 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.355772972 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.355798006 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.355846882 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.358570099 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.358613968 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.358628035 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.358658075 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.358695030 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.361120939 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.361195087 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.361227989 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.361277103 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.363696098 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.363759041 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.363785982 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.363832951 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.366225004 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.366326094 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.368638039 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.368676901 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.368721008 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.368738890 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.368784904 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.408287048 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.408446074 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.408469915 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.408515930 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.408555984 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.409223080 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.409307003 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.409327984 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.409382105 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.409431934 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.409440994 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.411611080 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.411670923 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.411689043 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.411717892 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.411767006 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.563071012 CEST49713443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.563149929 CEST44349713157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.563215017 CEST49713443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.563637972 CEST49713443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.563664913 CEST44349713157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665240049 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665307999 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665329933 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.665349960 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665380001 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665399075 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.665400028 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.665410995 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665421009 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665446043 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.665453911 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665488958 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.665625095 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665663958 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.665672064 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665688038 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665710926 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.665716887 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665729046 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665751934 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.665759087 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665793896 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665807009 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665808916 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.665817022 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665829897 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.665843964 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665855885 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.665867090 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665893078 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665927887 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.665935040 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.665973902 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.667057037 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.667135954 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.667790890 CEST44349705142.250.185.78192.168.2.5
                                                Jul 3, 2024 15:46:59.667831898 CEST44349705142.250.185.78192.168.2.5
                                                Jul 3, 2024 15:46:59.667870045 CEST49705443192.168.2.5142.250.185.78
                                                Jul 3, 2024 15:46:59.667879105 CEST44349705142.250.185.78192.168.2.5
                                                Jul 3, 2024 15:46:59.667918921 CEST44349705142.250.185.78192.168.2.5
                                                Jul 3, 2024 15:46:59.667957067 CEST49705443192.168.2.5142.250.185.78
                                                Jul 3, 2024 15:46:59.667972088 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.668005943 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.668020010 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.668045998 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.668081999 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.668086052 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.668095112 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.668118000 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.668126106 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.668133974 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.668157101 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.670170069 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.670221090 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.670248985 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.670280933 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.670321941 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.670330048 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.670362949 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.670392036 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.670470953 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.670480013 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.670519114 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.671506882 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.671562910 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.671567917 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.671607971 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.671658993 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.671673059 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.672014952 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.672058105 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.672058105 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.672071934 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.672101974 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.672108889 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.672122002 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.672159910 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.672167063 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.672178030 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.672226906 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.672878027 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.672924995 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.672938108 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.672956944 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.672981024 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.672991991 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.672998905 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.673007965 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.673032999 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.674016953 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.674050093 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.674063921 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.674077034 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.674088001 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.674118996 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.674133062 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.674180031 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.675363064 CEST49714443192.168.2.5157.240.0.6
                                                Jul 3, 2024 15:46:59.675410986 CEST44349714157.240.0.6192.168.2.5
                                                Jul 3, 2024 15:46:59.675452948 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.675472021 CEST49714443192.168.2.5157.240.0.6
                                                Jul 3, 2024 15:46:59.675503969 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.675525904 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.675551891 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.675569057 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.675591946 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.675623894 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.675668955 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.675970078 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.675982952 CEST49715443192.168.2.5157.240.0.6
                                                Jul 3, 2024 15:46:59.676018953 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.676026106 CEST44349715157.240.0.6192.168.2.5
                                                Jul 3, 2024 15:46:59.676033020 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.676067114 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.676103115 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.676105022 CEST49715443192.168.2.5157.240.0.6
                                                Jul 3, 2024 15:46:59.676115036 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.676157951 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.676206112 CEST49716443192.168.2.5157.240.0.6
                                                Jul 3, 2024 15:46:59.676225901 CEST44349716157.240.0.6192.168.2.5
                                                Jul 3, 2024 15:46:59.676273108 CEST49716443192.168.2.5157.240.0.6
                                                Jul 3, 2024 15:46:59.676532984 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.676587105 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.676791906 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.676837921 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.676840067 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.676856041 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.676897049 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.676899910 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.676942110 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.676948071 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.677743912 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.677792072 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.677798033 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.677819967 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.677854061 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.677870035 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.677876949 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.677901030 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.678591013 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.678663015 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.678683043 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.678808928 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.678859949 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.678872108 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.678883076 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.678894043 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.678916931 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.678925037 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.678962946 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.679409981 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.679457903 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.679506063 CEST49714443192.168.2.5157.240.0.6
                                                Jul 3, 2024 15:46:59.679536104 CEST44349714157.240.0.6192.168.2.5
                                                Jul 3, 2024 15:46:59.679563999 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.679600000 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.679610968 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.679649115 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.679657936 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.679666042 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.679702997 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.679975986 CEST49715443192.168.2.5157.240.0.6
                                                Jul 3, 2024 15:46:59.680006981 CEST44349715157.240.0.6192.168.2.5
                                                Jul 3, 2024 15:46:59.680206060 CEST49716443192.168.2.5157.240.0.6
                                                Jul 3, 2024 15:46:59.680222988 CEST44349716157.240.0.6192.168.2.5
                                                Jul 3, 2024 15:46:59.680272102 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.680315018 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.680321932 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.680740118 CEST49705443192.168.2.5142.250.185.78
                                                Jul 3, 2024 15:46:59.680768967 CEST44349705142.250.185.78192.168.2.5
                                                Jul 3, 2024 15:46:59.681739092 CEST49717443192.168.2.5157.240.253.1
                                                Jul 3, 2024 15:46:59.681780100 CEST44349717157.240.253.1192.168.2.5
                                                Jul 3, 2024 15:46:59.681869030 CEST49717443192.168.2.5157.240.253.1
                                                Jul 3, 2024 15:46:59.683994055 CEST49717443192.168.2.5157.240.253.1
                                                Jul 3, 2024 15:46:59.684015036 CEST44349717157.240.253.1192.168.2.5
                                                Jul 3, 2024 15:46:59.685043097 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685081959 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685092926 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.685110092 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685122013 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685146093 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685182095 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.685204029 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685221910 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.685292006 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685319901 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685332060 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.685340881 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685353041 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685375929 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.685384035 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685394049 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685431004 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.685437918 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685487986 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.685667992 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685714006 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685743093 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.685755968 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685766935 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.685772896 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685800076 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685802937 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.685825109 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.685831070 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.685869932 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.687046051 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687100887 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687104940 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.687129021 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687145948 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687146902 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.687191963 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.687199116 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687211037 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687247992 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687249899 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.687262058 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687287092 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687289000 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.687335014 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.687341928 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687381029 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.687383890 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687393904 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687427998 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.687436104 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687480927 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.687712908 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687757969 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687757969 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.687773943 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687784910 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687828064 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687833071 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.687838078 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687848091 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687870979 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.687872887 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687886000 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.687892914 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687907934 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687922001 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687939882 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.687946081 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687957048 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.687967062 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.687985897 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.688000917 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.688009024 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.688045979 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.688051939 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.688097000 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.690640926 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.690692902 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.690716982 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.690725088 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.690736055 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.690759897 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.690772057 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.690787077 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.690790892 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.690824032 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.690824032 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.690843105 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.690885067 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.690896034 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.690903902 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.690932989 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.690952063 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.690959930 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.690980911 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.691225052 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691253901 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691266060 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.691273928 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691308022 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.691313028 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691356897 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.691430092 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691468954 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691472054 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.691479921 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691514015 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.691523075 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691565990 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691569090 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.691590071 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691597939 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691618919 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.691633940 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691643953 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.691653013 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691672087 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691687107 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.691694021 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691732883 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.691746950 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691768885 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691785097 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.691791058 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691824913 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.691842079 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691886902 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.691888094 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691896915 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.691941977 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.692040920 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.692080021 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.692086935 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.692095995 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.692133904 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.692140102 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.692183018 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.692388058 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.692632914 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.692677975 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.692701101 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.692727089 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.692744970 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.692753077 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.692773104 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.692775011 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.692815065 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.692825079 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.693206072 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.693233013 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.693247080 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.693257093 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.693274975 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.693288088 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.693295956 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.693326950 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.693336010 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.693341970 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.693353891 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.693363905 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.693401098 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.693408966 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.693449974 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.693648100 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.693701029 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.693706036 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.693746090 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.693769932 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.693811893 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.693813086 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.693821907 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.693830967 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.693860054 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.694219112 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.694250107 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.694277048 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.694277048 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.694294930 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.694319010 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.694340944 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.694386005 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.694394112 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.697736025 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.697776079 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.697792053 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.697808981 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.697823048 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.697846889 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.697849989 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.697881937 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.697890997 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.697907925 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.697925091 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.697946072 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.697953939 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.697990894 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.698138952 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.698175907 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.698184967 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.698193073 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.698221922 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.698225021 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.698232889 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.698276043 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.698278904 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.698290110 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.698368073 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.724973917 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.725038052 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.725066900 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.725095987 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.725100994 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.725147009 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.725163937 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.725198984 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.725208044 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.725215912 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.725246906 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.725251913 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.725259066 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.725275040 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.725285053 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.725318909 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.725321054 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.725332975 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.725363016 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.728074074 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728127956 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728144884 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.728178024 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728198051 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.728225946 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.728382111 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728425026 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728442907 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.728451967 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728465080 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.728528976 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728555918 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728580952 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728588104 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.728595018 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728619099 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.728735924 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728765965 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728785038 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.728792906 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728820086 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728842974 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728842974 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.728852987 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728864908 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.728878021 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728894949 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.728902102 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728933096 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728945017 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.728946924 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.728955030 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729001045 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.729302883 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729345083 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729356050 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729360104 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.729367018 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729389906 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.729394913 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729412079 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.729418993 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729443073 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729453087 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729456902 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.729464054 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729490042 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.729571104 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729599953 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729617119 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.729623079 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729645967 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729659081 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729660988 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.729669094 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729697943 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.729697943 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729737997 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729743004 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.729756117 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729770899 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729799032 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.729803085 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729813099 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729846001 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729851961 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.729860067 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729888916 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.729892015 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729924917 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729938030 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.729945898 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729974985 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.729990005 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.729998112 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730021000 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730030060 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730031013 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.730062962 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.730068922 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730077982 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730112076 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730119944 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.730129004 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730154991 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.730627060 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730659962 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730675936 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.730685949 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730695963 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730720997 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730722904 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.730747938 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730763912 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.730773926 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730793953 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730806112 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730813026 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.730818987 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730837107 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730844021 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.730854988 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730887890 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.730895996 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.730937958 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.731200933 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.731230021 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.731250048 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.731255054 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.731266022 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.731267929 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.731292963 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.731296062 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.731304884 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.731339931 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.731348038 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.731390953 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.732547998 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.732584953 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.732610941 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.732614994 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.732636929 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.732657909 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.732666016 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.732717991 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.732724905 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.732748032 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.732774019 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.732781887 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.732791901 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.732878923 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.732904911 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.732918978 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.732927084 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.732954025 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.732985973 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.732986927 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.733000994 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.733007908 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.733035088 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.733091116 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.733139038 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.733141899 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.733149052 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.733170986 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.733181953 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.733189106 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.733213902 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.734865904 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.734926939 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.734940052 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.734963894 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.735009909 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.747101068 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.747199059 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.747217894 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.747246981 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.747270107 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.747270107 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.747317076 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.747323990 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.747365952 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.821685076 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.821746111 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.821784019 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.821806908 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.821846962 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.821868896 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.821868896 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.822005033 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.822076082 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.822087049 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.822153091 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.825649023 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.825704098 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.825730085 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.825764894 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.825784922 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.825784922 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.825804949 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.825812101 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.825839996 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.825854063 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.825875044 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.825882912 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.825903893 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.825932026 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.825997114 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826036930 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.826042891 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826071024 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826083899 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.826090097 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826112032 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.826258898 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826301098 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826307058 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.826316118 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826335907 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826347113 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.826363087 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.826369047 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826416016 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.826461077 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826507092 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.826514959 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826555014 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.826560020 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826567888 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826602936 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.826626062 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826693058 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.826704979 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826741934 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.826746941 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826783895 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826785088 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.826797009 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826822996 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.826894045 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826920986 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826942921 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.826951027 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.826968908 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.827039003 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827064991 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827076912 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.827083111 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827101946 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827116966 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.827124119 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827164888 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.827287912 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827321053 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827332020 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827347994 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.827354908 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827368975 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827406883 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.827410936 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827420950 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827445984 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827459097 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.827466965 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827476978 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827491045 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.827511072 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.827514887 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827795982 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827821970 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827842951 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.827851057 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827860117 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.827892065 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.827997923 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828027010 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828038931 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.828048944 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828068018 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828075886 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828078985 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.828085899 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828105927 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828111887 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.828116894 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828144073 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828161001 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.828169107 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828182936 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.828190088 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828227997 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.828234911 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828318119 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828356981 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.828366041 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828391075 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828399897 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828409910 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.828416109 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828434944 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828434944 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.828450918 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828475952 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.828495026 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828515053 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828531981 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.828538895 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828577995 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.828692913 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828725100 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828748941 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828758001 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.828768015 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828788042 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.828788042 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828800917 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828823090 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.828829050 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828852892 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828869104 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.828876019 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828888893 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.828950882 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.828986883 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.828991890 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.829781055 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.829816103 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.829838991 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.829847097 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.829860926 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.829885006 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.829919100 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.829945087 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.829955101 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.829962969 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.829983950 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.830009937 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.830018044 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.830055952 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.844477892 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.844548941 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.844558954 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.844578028 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.844589949 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.844607115 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.844624996 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.844644070 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.844696999 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.925576925 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.925620079 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.925645113 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.925649881 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.925681114 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.925700903 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.925700903 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.925734043 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.925743103 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.925753117 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.925762892 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.925786972 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.925795078 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.925815105 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.925833941 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.925851107 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.925862074 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.925887108 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.925894976 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.925905943 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.925935030 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.925945044 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.925954103 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.925972939 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.925981998 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926008940 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926021099 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.926029921 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926039934 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926065922 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.926069021 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926080942 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926107883 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926111937 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.926120043 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926141977 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926143885 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.926203966 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.926211119 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926285982 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926316023 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926327944 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.926335096 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926351070 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926376104 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.926384926 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926394939 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926430941 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.926431894 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926444054 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926470041 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926476002 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.926484108 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926501036 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926506042 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.926529884 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926542997 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.926549911 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926558971 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926585913 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.926592112 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926642895 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.926698923 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926754951 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926774025 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.926778078 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926786900 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926822901 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.926954031 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926980019 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.926992893 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.927004099 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927016020 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927043915 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927051067 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.927061081 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927071095 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927093029 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.927095890 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927119017 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.927125931 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927134037 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927155018 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927182913 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927184105 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.927192926 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927197933 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.927223921 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.927227974 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927237988 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927265882 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927269936 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.927277088 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927304029 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927316904 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.927325964 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927337885 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927361012 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927366972 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.927372932 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927416086 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.927550077 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927620888 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.927757978 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927787066 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927797079 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.927809000 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927820921 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927825928 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.927850008 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927865982 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.927874088 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927884102 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927911043 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.927911997 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927923918 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927947998 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.927972078 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.927997112 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928004980 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.928013086 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928026915 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928045988 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.928052902 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928065062 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928090096 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928091049 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.928121090 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928128958 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.928136110 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928147078 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928175926 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928180933 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.928188086 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928203106 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928226948 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928241014 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.928248882 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928283930 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.928740025 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928767920 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928790092 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.928796053 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928806067 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928827047 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928850889 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928855896 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.928867102 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928881884 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.928881884 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928903103 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.928910017 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928920984 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928947926 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.928950071 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928958893 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928982973 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.928991079 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.928998947 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929009914 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929018021 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.929037094 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929056883 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.929064035 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929074049 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929097891 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.929097891 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929110050 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929135084 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929143906 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.929152966 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929167986 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929198027 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.929204941 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929219961 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.929483891 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929518938 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929527044 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.929539919 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929552078 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929573059 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.929579020 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929588079 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929610014 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929622889 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.929631948 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.929645061 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.929694891 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.942267895 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.942306995 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.942333937 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.942342043 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.942363977 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.942379951 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.942385912 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.942408085 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.942409992 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.942418098 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.942444086 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.942445040 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:46:59.942480087 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:46:59.942493916 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.023480892 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.023524046 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.023551941 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.023551941 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.023583889 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.023597956 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.023601055 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.023631096 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.023639917 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.023648024 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.023682117 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.023715019 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.023725033 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.023732901 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.023746967 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.023766041 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.023792982 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.023803949 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.023811102 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.023822069 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.023849964 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.023871899 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.023873091 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.023888111 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.023890018 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.023929119 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.024002075 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024025917 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024051905 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.024058104 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024106026 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.024182081 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024229050 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024235964 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.024243116 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024252892 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024300098 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024313927 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.024322033 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024336100 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024343014 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.024365902 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024377108 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.024384022 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024395943 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024424076 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024425030 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.024435043 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024460077 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024463892 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.024502039 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024508953 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.024516106 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024527073 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024554014 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.024559975 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024610043 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024650097 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.024657011 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024696112 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.024781942 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024816036 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024832010 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.024837971 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024847984 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024880886 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024887085 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.024897099 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024905920 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024916887 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.024934053 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024940014 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.024946928 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024960995 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.024991989 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.024996042 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025005102 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025029898 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025033951 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.025043964 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025069952 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025077105 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.025084972 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025099039 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025106907 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.025124073 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025161982 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.025168896 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025207996 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.025445938 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025474072 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025499105 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025501966 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.025511026 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025530100 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025537968 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.025573969 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.025579929 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025728941 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025755882 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025779009 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.025784016 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025794029 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025816917 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.025819063 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025847912 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025857925 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.025866985 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025878906 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025901079 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.025904894 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025913000 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025938034 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025943041 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.025953054 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025983095 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.025990963 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.025998116 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.026010990 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.026019096 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.026038885 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.026067019 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.026071072 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.026083946 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.026103973 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.026109934 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.026135921 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.026154041 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.026160955 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.026170969 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.026199102 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.026206017 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.026216984 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.026243925 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.026288033 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.026297092 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.026510954 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.026540995 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.026556969 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.026567936 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.026710033 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.030038118 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.047914028 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.047956944 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.047981977 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.047985077 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048018932 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048039913 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048039913 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048073053 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048082113 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048090935 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048103094 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048131943 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048141003 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048151970 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048161983 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048166990 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048191071 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048206091 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048213005 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048223972 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048254967 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048261881 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048271894 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048283100 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048307896 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048310995 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048321009 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048333883 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048347950 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048352957 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048361063 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048377037 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048399925 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048401117 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048415899 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048449039 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048469067 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048500061 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048511982 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048521042 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048536062 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048609972 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048636913 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048649073 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048659086 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048670053 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048693895 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048706055 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048716068 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048729897 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048800945 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048830032 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048846960 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048857927 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048867941 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048890114 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048908949 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048918962 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048932076 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.048934937 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048976898 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.048983097 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.117626905 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.117677927 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.117691040 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.117710114 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.117722034 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.117750883 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.117758989 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.117798090 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.117815018 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.117820024 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.117851973 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.117860079 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.117870092 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.117902040 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.117918968 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.117935896 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.117944956 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.117968082 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.117974997 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.117986917 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.118021965 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.118030071 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.118037939 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.118067026 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.118501902 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.118531942 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.118550062 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.118562937 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.118575096 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.118609905 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.118618011 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.118634939 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.118658066 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.118668079 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.118679047 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.118705988 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.118714094 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.118724108 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.118746996 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.118880987 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.118916035 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.118928909 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.118937969 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.118947983 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.118977070 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.118987083 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.118994951 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119013071 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119020939 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.119044065 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119057894 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.119066000 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119075060 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119110107 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.119112968 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119122982 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119158983 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119163036 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.119168997 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119191885 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119199038 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.119240046 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.119246006 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119434118 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119466066 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119479895 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.119488001 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119499922 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119529009 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119538069 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.119545937 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119554996 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119566917 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.119664907 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119692087 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.119693041 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119703054 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119729042 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119744062 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.119752884 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.119764090 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.122140884 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122175932 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122208118 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122215033 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.122241020 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122256041 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122262001 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.122292042 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122298002 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.122307062 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122324944 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122356892 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122370005 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.122379065 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122390985 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122396946 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.122416019 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122440100 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.122447014 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122454882 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122478962 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.122486115 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122495890 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122524977 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122539997 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.122545958 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122575998 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.122585058 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122598886 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122626066 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.122632027 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122653961 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122682095 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122698069 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.122706890 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122716904 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.122716904 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122749090 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122777939 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.122790098 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122798920 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122824907 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.122826099 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122840881 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122859955 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.122869968 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122898102 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122909069 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.122915983 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122937918 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122962952 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122973919 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.122982025 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.122998953 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.144808054 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.144872904 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.144879103 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.144900084 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.144958019 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.144964933 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.144984961 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145014048 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145055056 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.145065069 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145082951 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145128965 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.145136118 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145148039 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145174980 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.145183086 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145203114 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145232916 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.145241022 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145260096 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145284891 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.145292044 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145313978 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145334005 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.145342112 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145376921 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.145376921 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145395041 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145452023 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145507097 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145538092 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.145549059 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145558119 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.145584106 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145642996 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.145649910 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145665884 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145698071 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.145720959 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145797968 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.145827055 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145878077 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145879030 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.145894051 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145956993 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.145998955 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.146008968 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.146023035 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.146061897 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.146069050 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.146080971 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.146117926 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.146125078 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.146136999 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.146173954 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.146179914 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.146192074 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.146222115 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.146225929 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.146238089 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.146270990 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.146275997 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.146287918 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.146323919 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.146332979 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.146342039 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.146358967 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.146363974 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.146395922 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.146399021 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.146408081 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.146437883 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.215960979 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.216017008 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.216046095 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.216051102 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.216100931 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.216120005 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.216152906 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.216154099 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.216166019 CEST44349704157.240.0.35192.168.2.5
                                                Jul 3, 2024 15:47:00.216167927 CEST49704443192.168.2.5157.240.0.35
                                                Jul 3, 2024 15:47:00.216202974 CEST44349704157.240.0.35192.168.2.5

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Jul 3, 2024 15:46:57.872219086 CEST192.168.2.51.1.1.10x46bfStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.872709990 CEST192.168.2.51.1.1.10x4d21Standard query (0)www.youtube.com65IN (0x0001)false
                                                Jul 3, 2024 15:46:57.911323071 CEST192.168.2.51.1.1.10x7d9aStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.911551952 CEST192.168.2.51.1.1.10xaf03Standard query (0)www.facebook.com65IN (0x0001)false
                                                Jul 3, 2024 15:46:59.564872980 CEST192.168.2.51.1.1.10x2785Standard query (0)scontent.xx.fbcdn.netA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:59.565025091 CEST192.168.2.51.1.1.10x75d5Standard query (0)scontent.xx.fbcdn.net65IN (0x0001)false
                                                Jul 3, 2024 15:46:59.565541029 CEST192.168.2.51.1.1.10xbf56Standard query (0)video.xx.fbcdn.netA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:59.565732956 CEST192.168.2.51.1.1.10x688dStandard query (0)video.xx.fbcdn.net65IN (0x0001)false
                                                Jul 3, 2024 15:46:59.567410946 CEST192.168.2.51.1.1.10x8c1aStandard query (0)static.xx.fbcdn.netA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:59.567589045 CEST192.168.2.51.1.1.10xff4eStandard query (0)static.xx.fbcdn.net65IN (0x0001)false
                                                Jul 3, 2024 15:47:01.186945915 CEST192.168.2.51.1.1.10x7306Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:01.187088966 CEST192.168.2.51.1.1.10x124eStandard query (0)www.google.com65IN (0x0001)false
                                                Jul 3, 2024 15:47:05.263323069 CEST192.168.2.51.1.1.10x4d85Standard query (0)video-hou1-1.xx.fbcdn.netA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:05.263636112 CEST192.168.2.51.1.1.10x2d23Standard query (0)video-hou1-1.xx.fbcdn.net65IN (0x0001)false
                                                Jul 3, 2024 15:47:06.250468016 CEST192.168.2.51.1.1.10xdeebStandard query (0)video-hou1-1.xx.fbcdn.netA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:06.252513885 CEST192.168.2.51.1.1.10xebd6Standard query (0)video-hou1-1.xx.fbcdn.net65IN (0x0001)false
                                                Jul 3, 2024 15:47:07.347906113 CEST192.168.2.51.1.1.10x44daStandard query (0)video.xx.fbcdn.netA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:07.348067999 CEST192.168.2.51.1.1.10x2bbcStandard query (0)video.xx.fbcdn.net65IN (0x0001)false
                                                Jul 3, 2024 15:47:09.038589001 CEST192.168.2.51.1.1.10xddd3Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:09.038768053 CEST192.168.2.51.1.1.10xbd0dStandard query (0)www.facebook.com65IN (0x0001)false
                                                Jul 3, 2024 15:47:10.482482910 CEST192.168.2.51.1.1.10x40acStandard query (0)accounts.youtube.comA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:10.482726097 CEST192.168.2.51.1.1.10xf225Standard query (0)accounts.youtube.com65IN (0x0001)false
                                                Jul 3, 2024 15:47:10.784708977 CEST192.168.2.51.1.1.10x838bStandard query (0)play.google.comA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:10.785094976 CEST192.168.2.51.1.1.10x8346Standard query (0)play.google.com65IN (0x0001)false
                                                Jul 3, 2024 15:47:10.849992990 CEST192.168.2.51.1.1.10x61c6Standard query (0)scontent-hou1-1.xx.fbcdn.netA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:10.850210905 CEST192.168.2.51.1.1.10x8844Standard query (0)scontent-hou1-1.xx.fbcdn.net65IN (0x0001)false
                                                Jul 3, 2024 15:47:11.713732004 CEST192.168.2.51.1.1.10xd627Standard query (0)scontent-hou1-1.xx.fbcdn.netA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:11.713877916 CEST192.168.2.51.1.1.10xafd8Standard query (0)scontent-hou1-1.xx.fbcdn.net65IN (0x0001)false
                                                Jul 3, 2024 15:47:15.375044107 CEST192.168.2.51.1.1.10x512eStandard query (0)static.xx.fbcdn.netA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:15.375255108 CEST192.168.2.51.1.1.10xa67dStandard query (0)static.xx.fbcdn.net65IN (0x0001)false
                                                Jul 3, 2024 15:47:15.856662035 CEST192.168.2.51.1.1.10xd20aStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:15.857125998 CEST192.168.2.51.1.1.10xf72Standard query (0)www.google.com65IN (0x0001)false
                                                Jul 3, 2024 15:47:16.310894012 CEST192.168.2.51.1.1.10x7cdStandard query (0)play.google.comA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:16.311070919 CEST192.168.2.51.1.1.10x5f8fStandard query (0)play.google.com65IN (0x0001)false
                                                Jul 3, 2024 15:47:25.884994984 CEST192.168.2.51.1.1.10x5fe8Standard query (0)scontent.xx.fbcdn.netA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:25.885163069 CEST192.168.2.51.1.1.10xe074Standard query (0)scontent.xx.fbcdn.net65IN (0x0001)false
                                                Jul 3, 2024 15:48:07.632114887 CEST192.168.2.51.1.1.10xf461Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:48:07.632256031 CEST192.168.2.51.1.1.10xa6f7Standard query (0)www.facebook.com65IN (0x0001)false
                                                Jul 3, 2024 15:48:15.282577991 CEST192.168.2.51.1.1.10x3ea9Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:48:15.282862902 CEST192.168.2.51.1.1.10xb1f2Standard query (0)play.google.com65IN (0x0001)false
                                                Jul 3, 2024 15:48:17.675015926 CEST192.168.2.51.1.1.10xa323Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:48:17.675177097 CEST192.168.2.51.1.1.10x9103Standard query (0)play.google.com65IN (0x0001)false
                                                Jul 3, 2024 15:48:21.688414097 CEST192.168.2.51.1.1.10x9de6Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:48:21.688554049 CEST192.168.2.51.1.1.10xb96dStandard query (0)www.facebook.com65IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Jul 3, 2024 15:46:57.905857086 CEST1.1.1.1192.168.2.50x46bfNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.905857086 CEST1.1.1.1192.168.2.50x46bfNo error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.905857086 CEST1.1.1.1192.168.2.50x46bfNo error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.905857086 CEST1.1.1.1192.168.2.50x46bfNo error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.905857086 CEST1.1.1.1192.168.2.50x46bfNo error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.905857086 CEST1.1.1.1192.168.2.50x46bfNo error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.905857086 CEST1.1.1.1192.168.2.50x46bfNo error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.905857086 CEST1.1.1.1192.168.2.50x46bfNo error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.905857086 CEST1.1.1.1192.168.2.50x46bfNo error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.905857086 CEST1.1.1.1192.168.2.50x46bfNo error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.905857086 CEST1.1.1.1192.168.2.50x46bfNo error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.905857086 CEST1.1.1.1192.168.2.50x46bfNo error (0)youtube-ui.l.google.com172.217.23.110A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.905857086 CEST1.1.1.1192.168.2.50x46bfNo error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.905857086 CEST1.1.1.1192.168.2.50x46bfNo error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.905857086 CEST1.1.1.1192.168.2.50x46bfNo error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.905857086 CEST1.1.1.1192.168.2.50x46bfNo error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.905857086 CEST1.1.1.1192.168.2.50x46bfNo error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.906030893 CEST1.1.1.1192.168.2.50x4d21No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.906030893 CEST1.1.1.1192.168.2.50x4d21No error (0)youtube-ui.l.google.com65IN (0x0001)false
                                                Jul 3, 2024 15:46:57.919333935 CEST1.1.1.1192.168.2.50xaf03No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.920548916 CEST1.1.1.1192.168.2.50x7d9aNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                Jul 3, 2024 15:46:57.920548916 CEST1.1.1.1192.168.2.50x7d9aNo error (0)star-mini.c10r.facebook.com157.240.0.35A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:59.669925928 CEST1.1.1.1192.168.2.50x2785No error (0)scontent.xx.fbcdn.net157.240.253.1A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:59.670007944 CEST1.1.1.1192.168.2.50xff4eNo error (0)static.xx.fbcdn.netscontent.xx.fbcdn.netCNAME (Canonical name)IN (0x0001)false
                                                Jul 3, 2024 15:46:59.670357943 CEST1.1.1.1192.168.2.50x8c1aNo error (0)static.xx.fbcdn.netscontent.xx.fbcdn.netCNAME (Canonical name)IN (0x0001)false
                                                Jul 3, 2024 15:46:59.670357943 CEST1.1.1.1192.168.2.50x8c1aNo error (0)scontent.xx.fbcdn.net157.240.0.6A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:46:59.671520948 CEST1.1.1.1192.168.2.50xbf56No error (0)video.xx.fbcdn.net157.240.252.22A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:01.199194908 CEST1.1.1.1192.168.2.50x7306No error (0)www.google.com142.250.185.132A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:01.199279070 CEST1.1.1.1192.168.2.50x124eNo error (0)www.google.com65IN (0x0001)false
                                                Jul 3, 2024 15:47:05.285099983 CEST1.1.1.1192.168.2.50x2d23No error (0)video-hou1-1.xx.fbcdn.net65IN (0x0001)false
                                                Jul 3, 2024 15:47:05.293669939 CEST1.1.1.1192.168.2.50x4d85No error (0)video-hou1-1.xx.fbcdn.net157.240.24.20A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:06.263403893 CEST1.1.1.1192.168.2.50xdeebNo error (0)video-hou1-1.xx.fbcdn.net157.240.24.20A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:06.266247988 CEST1.1.1.1192.168.2.50xebd6No error (0)video-hou1-1.xx.fbcdn.net65IN (0x0001)false
                                                Jul 3, 2024 15:47:08.446517944 CEST1.1.1.1192.168.2.50x2b72No error (0)video.xx.fbcdn.net31.13.71.14A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:08.705399036 CEST1.1.1.1192.168.2.50x2b72No error (0)video.xx.fbcdn.net31.13.71.14A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:09.047209978 CEST1.1.1.1192.168.2.50xddd3No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                Jul 3, 2024 15:47:09.047209978 CEST1.1.1.1192.168.2.50xddd3No error (0)star-mini.c10r.facebook.com157.240.252.35A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:09.047734976 CEST1.1.1.1192.168.2.50xbd0dNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                Jul 3, 2024 15:47:10.495235920 CEST1.1.1.1192.168.2.50x40acNo error (0)accounts.youtube.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                Jul 3, 2024 15:47:10.495235920 CEST1.1.1.1192.168.2.50x40acNo error (0)www3.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:10.509047985 CEST1.1.1.1192.168.2.50xf225No error (0)accounts.youtube.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                Jul 3, 2024 15:47:10.793097973 CEST1.1.1.1192.168.2.50x838bNo error (0)play.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:10.858360052 CEST1.1.1.1192.168.2.50x8844No error (0)scontent-hou1-1.xx.fbcdn.net65IN (0x0001)false
                                                Jul 3, 2024 15:47:10.860436916 CEST1.1.1.1192.168.2.50x61c6No error (0)scontent-hou1-1.xx.fbcdn.net157.240.24.13A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:11.722431898 CEST1.1.1.1192.168.2.50xafd8No error (0)scontent-hou1-1.xx.fbcdn.net65IN (0x0001)false
                                                Jul 3, 2024 15:47:11.722474098 CEST1.1.1.1192.168.2.50xd627No error (0)scontent-hou1-1.xx.fbcdn.net157.240.24.13A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:15.382873058 CEST1.1.1.1192.168.2.50x512eNo error (0)static.xx.fbcdn.netscontent.xx.fbcdn.netCNAME (Canonical name)IN (0x0001)false
                                                Jul 3, 2024 15:47:15.382873058 CEST1.1.1.1192.168.2.50x512eNo error (0)scontent.xx.fbcdn.net157.240.252.13A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:15.382895947 CEST1.1.1.1192.168.2.50xa67dNo error (0)static.xx.fbcdn.netscontent.xx.fbcdn.netCNAME (Canonical name)IN (0x0001)false
                                                Jul 3, 2024 15:47:15.864310980 CEST1.1.1.1192.168.2.50xd20aNo error (0)www.google.com142.250.185.132A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:15.865596056 CEST1.1.1.1192.168.2.50xf72No error (0)www.google.com65IN (0x0001)false
                                                Jul 3, 2024 15:47:16.321438074 CEST1.1.1.1192.168.2.50x7cdNo error (0)play.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:47:25.892930031 CEST1.1.1.1192.168.2.50x5fe8No error (0)scontent.xx.fbcdn.net157.240.0.6A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:48:07.641266108 CEST1.1.1.1192.168.2.50xa6f7No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                Jul 3, 2024 15:48:07.641285896 CEST1.1.1.1192.168.2.50xf461No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                Jul 3, 2024 15:48:07.641285896 CEST1.1.1.1192.168.2.50xf461No error (0)star-mini.c10r.facebook.com157.240.0.35A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:48:15.294107914 CEST1.1.1.1192.168.2.50x3ea9No error (0)play.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:48:17.683027029 CEST1.1.1.1192.168.2.50xa323No error (0)play.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:48:21.697413921 CEST1.1.1.1192.168.2.50x9de6No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                Jul 3, 2024 15:48:21.697413921 CEST1.1.1.1192.168.2.50x9de6No error (0)star-mini.c10r.facebook.com157.240.0.35A (IP address)IN (0x0001)false
                                                Jul 3, 2024 15:48:21.697431087 CEST1.1.1.1192.168.2.50xb96dNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false

                                                HTTPS Proxied Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.549704157.240.0.354432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:46:58 UTC664OUTGET /video HTTP/1.1
                                                Host: www.facebook.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                sec-ch-ua-platform: "Windows"
                                                Upgrade-Insecure-Requests: 1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: navigate
                                                Sec-Fetch-User: ?1
                                                Sec-Fetch-Dest: document
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:46:59 UTC1188INHTTP/1.1 200 OK
                                                Vary: Accept-Encoding
                                                accept-ch-lifetime: 4838400
                                                accept-ch: viewport-width,dpr,Sec-CH-Prefers-Color-Scheme,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model
                                                Link: <https://www.facebook.com/watch/>; rel="canonical"
                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown&brsid=7387405675209508329", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown&brsid=7387405675209508329"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                2024-07-03 13:46:59 UTC2238INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 2d 72 65 70 6f 72 74 2d 6f 6e 6c 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61
                                                Data Ascii: content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.fa
                                                2024-07-03 13:46:59 UTC1935INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27
                                                Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net '
                                                2024-07-03 13:46:59 UTC1827INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 61 74 74 65 72 79 3d 28 73 65 6c 66 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f
                                                Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewpo
                                                2024-07-03 13:46:59 UTC6INData Raw: 37 31 65 62 0d 0a
                                                Data Ascii: 71eb
                                                2024-07-03 13:46:59 UTC1500INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 5f 39 64 6c 73 20 5f 5f 66 62 2d 6c 69 67 68 74 2d 6d 6f 64 65 22 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 3e 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 64 65 66 61 75 6c 74 2d 69 63 6f 6e 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 79 54 2f 72 2f 61 47 54 33 67 73 6b 7a 57 42 66 2e 69 63 6f 22 20 64 61 74 61 2d 62 61 64 67 65 64 2d 69 63 6f 6e 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 79 44 2f 72 2f 55 4a 6a 30 74 67 6b 2d 52 72 54 2e 69 63 6f 22 20 72 65 6c
                                                Data Ascii: <!DOCTYPE html><html id="facebook" class="_9dls __fb-light-mode" lang="en" dir="ltr"><head><link data-default-icon="https://static.xx.fbcdn.net/rsrc.php/yT/r/aGT3gskzWBf.ico" data-badged-icon="https://static.xx.fbcdn.net/rsrc.php/yD/r/UJj0tgk-RrT.ico" rel
                                                2024-07-03 13:46:59 UTC1500INData Raw: 22 20 69 64 3d 22 4d 41 4e 49 46 45 53 54 5f 4c 49 4e 4b 22 20 68 72 65 66 3d 22 2f 64 61 74 61 2f 6d 61 6e 69 66 65 73 74 2f 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 75 73 65 2d 63 72 65 64 65 6e 74 69 61 6c 73 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6c 69 67 68 74 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 46 46 46 46 46 46 22 20 2f 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 77 4d 55 6a 50 64 46 22 3e 3a 72 6f 6f 74 7b 2d 2d 66 64 73 2d 62 6c 61 63 6b 3a 23 30 30 30 30 30 30 3b 2d 2d 66 64 73 2d 62 6c 61 63 6b 2d 61 6c 70 68 61 2d 30 35 3a 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 30 35 29
                                                Data Ascii: " id="MANIFEST_LINK" href="/data/manifest/" crossorigin="use-credentials" /><meta name="color-scheme" content="light" /><meta name="theme-color" content="#FFFFFF" /><style nonce="5wMUjPdF">:root{--fds-black:#000000;--fds-black-alpha-05:rgba(0, 0, 0, 0.05)
                                                2024-07-03 13:46:59 UTC1500INData Raw: 3a 23 43 46 44 31 44 35 3b 2d 2d 66 64 73 2d 73 70 65 63 74 72 75 6d 2d 63 68 65 72 72 79 3a 23 46 33 35 33 36 39 3b 2d 2d 66 64 73 2d 73 70 65 63 74 72 75 6d 2d 63 68 65 72 72 79 2d 74 69 6e 74 2d 37 30 3a 23 46 42 43 43 44 32 3b 2d 2d 66 64 73 2d 73 70 65 63 74 72 75 6d 2d 67 72 61 70 65 2d 74 69 6e 74 2d 37 30 3a 23 44 44 44 35 46 30 3b 2d 2d 66 64 73 2d 73 70 65 63 74 72 75 6d 2d 67 72 61 70 65 2d 74 69 6e 74 2d 39 30 3a 23 46 34 46 31 46 41 3b 2d 2d 66 64 73 2d 73 70 65 63 74 72 75 6d 2d 6c 65 6d 6f 6e 2d 64 61 72 6b 2d 31 3a 23 46 35 43 33 33 42 3b 2d 2d 66 64 73 2d 73 70 65 63 74 72 75 6d 2d 6c 65 6d 6f 6e 2d 74 69 6e 74 2d 37 30 3a 23 46 45 46 32 44 31 3b 2d 2d 66 64 73 2d 73 70 65 63 74 72 75 6d 2d 6c 69 6d 65 3a 23 41 33 43 45 37 31 3b 2d 2d 66
                                                Data Ascii: :#CFD1D5;--fds-spectrum-cherry:#F35369;--fds-spectrum-cherry-tint-70:#FBCCD2;--fds-spectrum-grape-tint-70:#DDD5F0;--fds-spectrum-grape-tint-90:#F4F1FA;--fds-spectrum-lemon-dark-1:#F5C33B;--fds-spectrum-lemon-tint-70:#FEF2D1;--fds-spectrum-lime:#A3CE71;--f
                                                2024-07-03 13:46:59 UTC1500INData Raw: 34 30 3a 23 36 35 36 37 36 42 3b 2d 2d 61 6c 77 61 79 73 2d 67 72 61 79 2d 37 35 3a 23 42 43 43 30 43 34 3b 2d 2d 61 6c 77 61 79 73 2d 67 72 61 79 2d 39 35 3a 23 46 30 46 32 46 35 3b 2d 2d 61 74 74 61 63 68 6d 65 6e 74 2d 66 6f 6f 74 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 30 46 32 46 35 3b 2d 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 64 65 65 6d 70 68 61 73 69 7a 65 64 3a 23 46 30 46 32 46 35 3b 2d 2d 62 61 64 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 2d 62 6c 75 65 3a 76 61 72 28 2d 2d 61 63 63 65 6e 74 29 3b 2d 2d 62 61 64 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 2d 64 61 72 6b 2d 67 72 61 79 3a 76 61 72 28 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 69 63 6f 6e 29 3b 2d 2d 62 61 64 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63
                                                Data Ascii: 40:#65676B;--always-gray-75:#BCC0C4;--always-gray-95:#F0F2F5;--attachment-footer-background:#F0F2F5;--background-deemphasized:#F0F2F5;--badge-background-color-blue:var(--accent);--badge-background-color-dark-gray:var(--secondary-icon);--badge-background-c
                                                2024-07-03 13:46:59 UTC1500INData Raw: 68 74 6e 65 73 73 28 39 38 25 29 20 63 6f 6e 74 72 61 73 74 28 38 39 25 29 3b 2d 2d 66 69 6c 74 65 72 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2d 69 63 6f 6e 3a 69 6e 76 65 72 74 28 35 39 25 29 20 73 65 70 69 61 28 31 31 25 29 20 73 61 74 75 72 61 74 65 28 32 30 30 25 29 20 73 61 74 75 72 61 74 65 28 31 33 35 25 29 20 68 75 65 2d 72 6f 74 61 74 65 28 31 37 36 64 65 67 29 20 62 72 69 67 68 74 6e 65 73 73 28 39 36 25 29 20 63 6f 6e 74 72 61 73 74 28 39 34 25 29 3b 2d 2d 66 69 6c 74 65 72 2d 70 72 69 6d 61 72 79 2d 61 63 63 65 6e 74 3a 69 6e 76 65 72 74 28 32 37 25 29 20 73 65 70 69 61 28 39 35 25 29 20 73 61 74 75 72 61 74 65 28 33 31 31 36 25 29 20 68 75 65 2d 72 6f 74 61 74 65 28 32 31 32 64 65 67 29 20 62 72 69 67 68 74 6e 65 73 73 28 39 39 25 29 20 63 6f 6e
                                                Data Ascii: htness(98%) contrast(89%);--filter-placeholder-icon:invert(59%) sepia(11%) saturate(200%) saturate(135%) hue-rotate(176deg) brightness(96%) contrast(94%);--filter-primary-accent:invert(27%) sepia(95%) saturate(3116%) hue-rotate(212deg) brightness(99%) con
                                                2024-07-03 13:46:59 UTC1500INData Raw: 65 72 3a 72 67 62 61 28 36 38 2c 20 37 33 2c 20 38 30 2c 20 30 2e 31 35 29 3b 2d 2d 6d 65 64 69 61 2d 69 6e 6e 65 72 2d 62 6f 72 64 65 72 3a 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 31 29 3b 2d 2d 6d 65 64 69 61 2d 6f 75 74 65 72 2d 62 6f 72 64 65 72 3a 23 46 46 46 46 46 46 3b 2d 2d 6d 65 64 69 61 2d 70 72 65 73 73 65 64 3a 72 67 62 61 28 36 38 2c 20 37 33 2c 20 38 30 2c 20 30 2e 33 35 29 3b 2d 2d 6d 65 73 73 65 6e 67 65 72 2d 63 61 72 64 2d 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 46 46 46 3b 2d 2d 6d 77 70 2d 68 65 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 6d 65 73 73 65 6e 67 65 72 2d 63 61 72 64 2d 62 61 63 6b 67 72 6f 75 6e 64 29 3b 2d 2d 6d 77 70 2d 68 65 61 64 65 72 2d 62 75 74 74 6f 6e 2d 63 6f
                                                Data Ascii: er:rgba(68, 73, 80, 0.15);--media-inner-border:rgba(0, 0, 0, 0.1);--media-outer-border:#FFFFFF;--media-pressed:rgba(68, 73, 80, 0.35);--messenger-card-background:#FFFFFF;--mwp-header-background-color:var(--messenger-card-background);--mwp-header-button-co


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.549705142.250.185.784432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:46:59 UTC810OUTGET /account HTTP/1.1
                                                Host: www.youtube.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                sec-ch-ua-platform: "Windows"
                                                Upgrade-Insecure-Requests: 1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: navigate
                                                Sec-Fetch-User: ?1
                                                Sec-Fetch-Dest: document
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:46:59 UTC2470INHTTP/1.1 303 See Other
                                                Content-Type: application/binary
                                                X-Content-Type-Options: nosniff
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Wed, 03 Jul 2024 13:46:59 GMT
                                                Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en
                                                X-Frame-Options: SAMEORIGIN
                                                Strict-Transport-Security: max-age=31536000
                                                Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main"
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
                                                P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
                                                Server: ESF
                                                Content-Length: 0
                                                X-XSS-Protection: 0
                                                Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Wed, 03-Jul-2024 14:16:59 GMT; Path=/; Secure; HttpOnly
                                                Set-Cookie: YSC=SHg8M41C4KI; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                                                Set-Cookie: VISITOR_INFO1_LIVE=ZcIzZTUjRwI; Domain=.youtube.com; Expires=Mon, 30-Dec-2024 13:46:59 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                                                Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgUQ%3D%3D; Domain=.youtube.com; Expires=Mon, 30-Dec-2024 13:46:59 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.549713157.240.0.354432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:00 UTC895OUTPOST /ajax/qm/?__a=1&__user=0&__comet_req=15&jazoest=2985 HTTP/1.1
                                                Host: www.facebook.com
                                                Connection: keep-alive
                                                Content-Length: 124
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Content-Type: application/x-www-form-urlencoded
                                                sec-ch-ua-platform-version: "10.0.0"
                                                sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                sec-ch-ua-model: ""
                                                sec-ch-prefers-color-scheme: light
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/video
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:00 UTC124OUTData Raw: 65 76 65 6e 74 5f 69 64 3d 37 33 38 37 34 30 35 36 37 35 32 30 39 35 30 38 33 32 39 26 6d 61 72 6b 65 72 5f 70 61 67 65 5f 74 69 6d 65 3d 32 33 37 32 26 73 63 72 69 70 74 5f 70 61 74 68 3d 58 43 6f 6d 65 74 57 61 74 63 68 43 6f 6e 74 72 6f 6c 6c 65 72 26 77 65 69 67 68 74 3d 30 26 63 6c 69 65 6e 74 5f 73 74 61 72 74 3d 31 26 6c 73 64 3d 41 56 71 49 7a 76 76 50 38 51 49
                                                Data Ascii: event_id=7387405675209508329&marker_page_time=2372&script_path=XCometWatchController&weight=0&client_start=1&lsd=AVqIzvvP8QI
                                                2024-07-03 13:47:00 UTC1828INHTTP/1.1 200 OK
                                                Content-Type: application/x-javascript; charset=utf-8
                                                cross-origin-resource-policy: cross-origin
                                                Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                Pragma: no-cache
                                                X-Frame-Options: DENY
                                                X-Content-Type-Options: nosniff
                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown&brsid=7387405682817953188"
                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown&brsid=7387405682817953188"}]}
                                                cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
                                                cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
                                                origin-agent-cluster: ?0
                                                Access-Control-Expose-Headers: X-FB-Debug, X-Loader-Length, X-Stack
                                                Access-Control-Allow-Methods: OPTIONS
                                                Access-Control-Allow-Credentials: true
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                Vary: Accept-Encoding
                                                Strict-Transport-Security: max-age=15552000; preload
                                                X-FB-Debug: 1uIAh4kgileuQDWb3Yao7ehcGmFY/YIclic3LZvvQy2UJIHa1S2NO/gNeaWXHyrXz0aXXICIoDUi9T/Taq1ItA==
                                                Date: Wed, 03 Jul 2024 13:47:00 GMT
                                                Transfer-Encoding: chunked
                                                X-FB-Connection-Quality: GOOD; q=0.7, rtt=101, rtx=0, c=10, mss=1392, tbw=3404, tp=-1, tpl=-1, uplat=154, ullat=0
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                2024-07-03 13:47:00 UTC4INData Raw: 66 33 0d 0a
                                                Data Ascii: f3
                                                2024-07-03 13:47:00 UTC245INData Raw: 66 6f 72 20 28 3b 3b 29 3b 7b 22 5f 5f 61 72 22 3a 31 2c 22 65 72 72 6f 72 22 3a 31 33 35 37 30 30 35 2c 22 65 72 72 6f 72 53 75 6d 6d 61 72 79 22 3a 22 59 6f 75 72 20 72 65 71 75 65 73 74 20 63 6f 75 6c 64 6e 27 74 20 62 65 20 70 72 6f 63 65 73 73 65 64 22 2c 22 65 72 72 6f 72 44 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 72 65 20 77 61 73 20 61 20 70 72 6f 62 6c 65 6d 20 77 69 74 68 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 20 57 65 27 72 65 20 77 6f 72 6b 69 6e 67 20 6f 6e 20 67 65 74 74 69 6e 67 20 69 74 20 66 69 78 65 64 20 61 73 20 73 6f 6f 6e 20 61 73 20 77 65 20 63 61 6e 2e 22 2c 22 70 61 79 6c 6f 61 64 22 3a 6e 75 6c 6c 2c 22 6c 69 64 22 3a 22 37 33 38 37 34 30 35 36 38 32 38 31 37 39 35 33 31 38 38 22 7d 0d 0a
                                                Data Ascii: for (;;);{"__ar":1,"error":1357005,"errorSummary":"Your request couldn't be processed","errorDescription":"There was a problem with this request. We're working on getting it fixed as soon as we can.","payload":null,"lid":"7387405682817953188"}
                                                2024-07-03 13:47:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.549715157.240.0.64432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:00 UTC633OUTGET /rsrc.php/v3/yu/l/0,cross/WHol-iR7sqMVWgg-YkpZuD.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                Host: static.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                Origin: https://www.facebook.com
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: text/css,*/*;q=0.1
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: style
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:01 UTC1971INHTTP/1.1 200 OK
                                                Content-Type: text/css; charset=utf-8
                                                Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                content-md5: AW4AbjGxVKqySDUof06tPQ==
                                                Expires: Thu, 03 Jul 2025 05:27:05 GMT
                                                Cache-Control: public,max-age=31536000,immutable
                                                reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                timing-allow-origin: *
                                                document-policy: force-load-at-top
                                                permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                cross-origin-resource-policy: cross-origin
                                                X-Content-Type-Options: nosniff
                                                report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                origin-agent-cluster: ?0
                                                X-FB-Debug: 7qj+65uJBAOAjR6kf0+iz6mfM3luOK3Y5/lluDrXVd6x0eLZCyx96jm5KF3bnzoF/SUrAS9QjdvItgzC3EsZTw==
                                                Date: Wed, 03 Jul 2024 13:47:00 GMT
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: MODERATE; q=0.3, rtt=192, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=3, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 612576
                                                2024-07-03 13:47:01 UTC1INData Raw: 40
                                                Data Ascii: @
                                                2024-07-03 13:47:01 UTC15830INData Raw: 6b 65 79 66 72 61 6d 65 73 20 78 63 74 32 67 37 78 2d 42 7b 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 7d 32 35 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 2e 32 29 7d 35 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 39 35 29 7d 31 30 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 7d 7d 2e 78 31 36 38 6c 32 65 74 7b 73 63 72 6f 6c 6c 2d 73 6e 61 70 2d 74 79 70 65 3a 79 20 6d 61 6e 64 61 74 6f 72 79 7d 2e 78 31 61 32 61 37 70 7a 7b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 7d 2e 78 31 68 6c 32 64 68 67 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 2e 78 65 38 75 76 76 78 7b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 2e 78 68 66 62 68 70 77 7b 73 63 72 6f 6c 6c 2d 73 6e 61 70
                                                Data Ascii: keyframes xct2g7x-B{0%{transform:scale(1)}25%{transform:scale(1.2)}50%{transform:scale(.95)}100%{transform:scale(1)}}.x168l2et{scroll-snap-type:y mandatory}.x1a2a7pz{outline:none}.x1hl2dhg{text-decoration:none}.xe8uvvx{list-style:none}.xhfbhpw{scroll-snap
                                                2024-07-03 13:47:01 UTC16384INData Raw: 61 73 69 7a 65 64 2d 62 75 74 74 6f 6e 2d 62 61 63 6b 67 72 6f 75 6e 64 29 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 34 70 78 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 34 70 78 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 34 70 78 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 34 70 78 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 20 72 6f 74 61 74 65 28 30 64 65 67 29 7d 37 35 25 7b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 39 35 2c 2e 30 35 2c 2e 37 39 35 2c 2e 30 33 35 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 76 61
                                                Data Ascii: asized-button-background);border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:4px;border-bottom-left-radius:4px;transform:scale(1) rotate(0deg)}75%{animation-timing-function:cubic-bezier(.95,.05,.795,.035);background-color:va
                                                2024-07-03 13:47:01 UTC16384INData Raw: 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 7d 31 30 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 2e 31 35 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 78 79 74 33 7a 35 38 2d 42 7b 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 7d 35 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 2e 32 29 7d 31 30 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 7d 7d 2e 78 79 78 7a 67 6e 39 7b 2d 2d 6e 61 76 2d 6c 69 73 74 2d 63 65 6c 6c 2d 6d 69 6e 2d 68 65 69 67 68 74 3a 76 61 72 28 2d 2d 61 62 72 61 2d 6e 61 76 2d 70 72 6f 66 69 6c 65 2d 6c 69 73 74 2d 63 65 6c 6c 2d 6d 69 6e 2d 68 65 69 67 68 74 29 7d 40 6b 65 79 66 72 61 6d 65 73 20 78 7a 30 6e 62 31 6f 2d 42 7b 30 25 7b 6f 70 61 63 69 74 79 3a 30 3b 74 72 61 6e
                                                Data Ascii: sform:scale(1)}100%{transform:scale(1.15)}}@keyframes xyt3z58-B{0%{transform:scale(1)}50%{transform:scale(1.2)}100%{transform:scale(1)}}.xyxzgn9{--nav-list-cell-min-height:var(--abra-nav-profile-list-cell-min-height)}@keyframes xz0nb1o-B{0%{opacity:0;tran
                                                2024-07-03 13:47:01 UTC16384INData Raw: 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 61 63 63 65 6e 74 29 7d 2e 78 74 30 62 38 7a 76 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 78 76 36 35 38 74 77 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 78 31 37 30 77 70 36 79 3a 66 6f 63 75 73 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 6e 6f 6e 65 7d 2e 78 31 6c 6d 6d 62 6f 70 3a 66 6f 63 75 73 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 62 61 73 65 2d 62 6c 75 65 29 7d 2e 78 31 71 6f 64 30 62 68 3a 66 6f 63 75 73 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 6e 6f 6e 65 7d 2e 78 31 75 76 74
                                                Data Ascii: border-bottom:2px solid var(--accent)}.xt0b8zv:hover{text-decoration:underline}.xv658tw:hover{text-decoration:none!important}.x170wp6y:focus{border-bottom:none}.x1lmmbop:focus{border-bottom:2px solid var(--base-blue)}.x1qod0bh:focus{border-top:none}.x1uvt
                                                2024-07-03 13:47:01 UTC1500INData Raw: 2e 78 31 34 35 65 6e 76 6a 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 32 30 7d 2e 78 31 34 35 75 30 34 36 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 30 2e 37 25 7d 2e 78 31 34 36 64 6e 31 6c 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 31 70 78 7d 2e 78 31 34 37 6a 68 77 6d 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 66 64 73 2d 62 6c 61 63 6b 2d 61 6c 70 68 61 2d 31 30 29 7d 2e 78 31 34 37 79 67 32 6b 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 35 30 25 2c 2d 35 30 25 29 7d 2e 78 31 34 38 36 66 70 6c 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 76 61 72 28 2d 2d 6c 69 73 74 2d 62 6f 72 64 65 72 2d 77 69 64 74 68 2c 30 70 78 29 7d 2e 78 31 34
                                                Data Ascii: .x145envj{border-top-color:#FFFFFF20}.x145u046{margin-left:-0.7%}.x146dn1l{border-top-left-radius:1px}.x147jhwm{border-top-color:var(--fds-black-alpha-10)}.x147yg2k{transform:translate(50%,-50%)}.x1486fpl{border-top-width:var(--list-border-width,0px)}.x14
                                                2024-07-03 13:47:01 UTC14884INData Raw: 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 68 64 73 2d 63 6f 72 65 2d 75 69 2d 77 68 69 74 65 29 7d 2e 78 31 34 6e 37 30 6a 31 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 34 34 70 78 7d 2e 78 31 34 6e 38 6d 63 75 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 63 62 63 66 64 36 7d 2e 78 31 34 6e 66 6d 65 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 64 69 76 69 64 65 72 29 7d 2e 78 31 34 6e 6c 64 61 33 7b 6c 65 66 74 3a 2d 39 39 39 39 70 78 7d 2e 78 31 34 6e 79 74 77 67 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 39 39 70 78 7d 2e 78 31 34 6f 39 6e 77 68 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 78 31 77 63 6a 68 36 34 29 7d 2e 78 31 34 6f 6d 6b 31 37 7b 62 61
                                                Data Ascii: color:var(--hds-core-ui-white)}.x14n70j1{margin-right:44px}.x14n8mcu{background-color:#cbcfd6}.x14nfmen{background-color:var(--divider)}.x14nlda3{left:-9999px}.x14nytwg{border-bottom-left-radius:99px}.x14o9nwh{background-color:var(--x1wcjh64)}.x14omk17{ba
                                                2024-07-03 13:47:01 UTC16384INData Raw: 6f 72 64 65 72 2d 74 6f 70 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 31 2e 35 70 78 7d 2e 78 31 39 30 34 75 63 30 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 74 6f 70 2c 76 61 72 28 2d 2d 77 65 62 2d 77 61 73 68 29 2c 23 35 38 39 30 46 46 29 7d 2e 78 31 39 30 38 72 68 68 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 69 2f 72 2f 6b 64 66 6c 45 41 5f 61 65 73 50 2e 70 6e 67 29 7d 2e 78 31 39 30 6c 67 6c 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 31 61 38 31 37 7d 2e 78 31 39 30 71 67 66 68 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 36 32 35 72 65 6d 7d 2e 78 31 39 31 79 65 65 70 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63
                                                Data Ascii: order-top-right-radius:1.5px}.x1904uc0{background-image:linear-gradient(to top,var(--web-wash),#5890FF)}.x1908rhh{background-image:url(/rsrc.php/v3/yi/r/kdflEA_aesP.png)}.x190lgle{background-color:#f1a817}.x190qgfh{font-size:.625rem}.x191yeep{background-c
                                                2024-07-03 13:47:01 UTC16384INData Raw: 69 67 68 74 3a 35 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 73 68 61 64 6f 77 2d 38 29 7d 2e 78 31 64 75 36 66 61 69 7b 62 6f 72 64 65 72 2d 6c 65 66 74 2d 63 6f 6c 6f 72 3a 23 31 33 38 61 33 39 7d 2e 78 31 64 75 66 6d 33 33 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 2d 32 30 70 78 29 7d 2e 78 31 64 75 6a 69 71 74 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 34 2e 32 35 70 78 7d 2e 78 31 64 75 6e 7a 35 73 7b 6f 62 6a 65 63 74 2d 70 6f 73 69 74 69 6f 6e 3a 2d 35 32 70 78 20 2d 31 33 34 70 78 7d 2e 78 31 64 75 70 76 70 68 7b 61 73 70 65 63 74 2d 72 61 74 69 6f 3a 32 2e 30 31 38 36 7d 2e 78 31 64 77 6b 37 6e 67 7b 6c 65 66 74 3a 35 34 25 7d 2e 78 31 64 77 73 72 69 7a 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 78 31 64
                                                Data Ascii: ight:5px solid var(--shadow-8)}.x1du6fai{border-left-color:#138a39}.x1dufm33{transform:translateY(-20px)}.x1dujiqt{margin-left:4.25px}.x1dunz5s{object-position:-52px -134px}.x1dupvph{aspect-ratio:2.0186}.x1dwk7ng{left:54%}.x1dwsriz{padding-right:auto}.x1d
                                                2024-07-03 13:47:01 UTC14884INData Raw: 61 6c 6c 7d 2e 78 31 69 64 6b 33 74 6d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 69 2f 72 2f 33 69 4c 4b 4c 36 32 53 45 54 67 2e 70 6e 67 29 7d 2e 78 31 69 65 64 68 65 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 32 38 70 78 7d 2e 78 31 69 65 77 69 33 6f 7b 6c 69 73 74 2d 73 74 79 6c 65 2d 74 79 70 65 3a 69 6e 69 74 69 61 6c 7d 2e 78 31 69 66 66 6a 74 6c 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 39 30 64 65 67 29 7d 2e 78 31 69 67 62 75 63 77 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 65 30 31 62 7d 2e 78 31 69 68 72 66 6a 34 7b 63 6f 6c 75 6d 6e 2d 67 61 70 3a 33 70 78 7d 2e 78 31 69 68 73 6e 75 35 7b 6f 72 64 65 72 3a 34 34 7d 2e 78 31 69 69 39 65 73 79 7b 2d 77
                                                Data Ascii: all}.x1idk3tm{background-image:url(/rsrc.php/v3/yi/r/3iLKL62SETg.png)}.x1iedhe{margin-left:28px}.x1iewi3o{list-style-type:initial}.x1iffjtl{transform:rotate(90deg)}.x1igbucw{background-color:#ffe01b}.x1ihrfj4{column-gap:3px}.x1ihsnu5{order:44}.x1ii9esy{-w


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.2.549716157.240.0.64432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:00 UTC599OUTGET /rsrc.php/v3/y5/r/16tMAVgIV_z.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                Host: static.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                Origin: https://www.facebook.com
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: script
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:01 UTC1957INHTTP/1.1 200 OK
                                                Content-Type: application/x-javascript; charset=utf-8
                                                Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                content-md5: rUvILr7bu4n7ifOFanNYVw==
                                                Expires: Wed, 02 Jul 2025 22:45:44 GMT
                                                Cache-Control: public,max-age=31536000,immutable
                                                reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                timing-allow-origin: *
                                                document-policy: force-load-at-top
                                                permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                cross-origin-resource-policy: cross-origin
                                                X-Content-Type-Options: nosniff
                                                report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                X-FB-Debug: L18P8PmCSh7jRWHe441MUVh7BFFD2n8URK//aV0zRxRHMbPi9uhe/hy2GuJoHY8TVdotTzEyDpCbG+7YneVS+A==
                                                Date: Wed, 03 Jul 2024 13:47:01 GMT
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: GOOD; q=0.7, rtt=148, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=4, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 270048
                                                2024-07-03 13:47:01 UTC1INData Raw: 3b
                                                Data Ascii: ;
                                                2024-07-03 13:47:01 UTC15859INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 67 6c 6f 62 61 6c 54 68 69 73 7c 7c 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 73 65 6c 66 7c 7c 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 67 6c 6f 62 61 6c 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 41 62 6f 72 74 43 6f 6e 74 72 6f 6c 6c 65 72 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 29 72 65 74 75 72 6e 3b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 74 68 69 73 2e 5f 5f 6c 69 73 74 65 6e
                                                Data Ascii: /*FB_PKG_DELIM*/"use strict";(function(){var a=typeof globalThis!=="undefined"&&globalThis||typeof self!=="undefined"&&self||typeof global!=="undefined"&&global;if(typeof a.AbortController!=="undefined")return;var b=function(){function a(){this.__listen
                                                2024-07-03 13:47:01 UTC16384INData Raw: 20 74 68 69 73 2e 5f 69 6e 76 6f 6b 65 28 22 74 68 72 6f 77 22 2c 61 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 5b 22 72 65 74 75 72 6e 22 5d 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 69 6e 76 6f 6b 65 28 22 72 65 74 75 72 6e 22 2c 61 29 7d 3b 62 2e 63 72 65 61 74 65 43 6c 61 73 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 61 28 61 2c 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 3b 64 2e 65 6e 75 6d 65 72 61 62 6c 65 3d 64 2e 65 6e 75 6d 65 72 61 62 6c 65 7c 7c 21 31 3b 64 2e 63 6f 6e 66 69 67 75 72 61 62 6c 65 3d 21 30 3b 22 76 61 6c 75 65 22 69 6e 20 64 26 26 28 64 2e 77 72 69 74 61 62 6c 65 3d 21 30 29 3b 4f 62 6a 65 63
                                                Data Ascii: this._invoke("throw",a)};e.prototype["return"]=function(a){return this._invoke("return",a)};b.createClass=function(){function a(a,b){for(var c=0;c<b.length;c++){var d=b[c];d.enumerable=d.enumerable||!1;d.configurable=!0;"value"in d&&(d.writable=!0);Objec
                                                2024-07-03 13:47:01 UTC16384INData Raw: 6e 74 20 23 22 2b 61 2b 22 3b 20 25 73 22 3b 62 2e 6c 65 6e 67 74 68 3e 30 26 26 28 64 2b 3d 22 20 50 61 72 61 6d 73 3a 20 22 2b 62 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 22 25 73 22 7d 29 2e 6a 6f 69 6e 28 22 2c 20 22 29 29 3b 61 3d 28 68 7c 7c 28 68 3d 63 28 22 45 6e 76 22 29 29 29 2e 73 68 6f 77 5f 69 6e 76 61 72 69 61 6e 74 5f 64 65 63 6f 64 65 72 3d 3d 3d 21 30 3f 22 76 69 73 69 74 20 22 2b 6a 28 61 2c 62 29 2b 22 20 74 6f 20 73 65 65 20 74 68 65 20 66 75 6c 6c 20 6d 65 73 73 61 67 65 2e 22 3a 22 22 3b 72 65 74 75 72 6e 7b 6d 65 73 73 61 67 65 3a 64 2c 64 65 63 6f 64 65 72 4c 69 6e 6b 3a 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 6a 28 61 2c 62 29 7b 61 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 6e 74 65 72 6e 61 6c 66 62 2e
                                                Data Ascii: nt #"+a+"; %s";b.length>0&&(d+=" Params: "+b.map(function(a){return"%s"}).join(", "));a=(h||(h=c("Env"))).show_invariant_decoder===!0?"visit "+j(a,b)+" to see the full message.":"";return{message:d,decoderLink:a}}function j(a,b){a="https://www.internalfb.
                                                2024-07-03 13:47:01 UTC16384INData Raw: 68 61 6e 64 6c 65 64 52 65 6a 65 63 74 69 6f 6e 5f 22 2b 28 63 3d 3d 3d 6e 75 6c 6c 3f 22 6e 75 6c 6c 22 3a 74 79 70 65 6f 66 20 63 29 2c 65 2e 6e 61 6d 65 3d 66 7d 63 61 74 63 68 28 61 29 7b 7d 74 72 79 7b 67 3d 63 3d 3d 3d 6e 75 6c 6c 7c 7c 63 3d 3d 3d 76 6f 69 64 20 30 3f 76 6f 69 64 20 30 3a 63 2e 73 74 61 63 6b 3b 28 74 79 70 65 6f 66 20 67 21 3d 3d 22 73 74 72 69 6e 67 22 7c 7c 67 3d 3d 3d 22 22 29 26 26 28 67 3d 65 2e 73 74 61 63 6b 29 3b 28 74 79 70 65 6f 66 20 67 21 3d 3d 22 73 74 72 69 6e 67 22 7c 7c 67 3d 3d 3d 22 22 29 26 26 28 67 3d 68 28 22 22 29 2e 73 74 61 63 6b 29 3b 65 2e 73 74 61 63 6b 3d 65 2e 6e 61 6d 65 2b 22 3a 20 22 2b 65 2e 6d 65 73 73 61 67 65 2b 22 5c 6e 22 2b 67 2e 73 70 6c 69 74 28 22 5c 6e 22 29 2e 73 6c 69 63 65 28 31 29 2e
                                                Data Ascii: handledRejection_"+(c===null?"null":typeof c),e.name=f}catch(a){}try{g=c===null||c===void 0?void 0:c.stack;(typeof g!=="string"||g==="")&&(g=e.stack);(typeof g!=="string"||g==="")&&(g=h("").stack);e.stack=e.name+": "+e.message+"\n"+g.split("\n").slice(1).
                                                2024-07-03 13:47:01 UTC1500INData Raw: 69 73 2e 24 41 72 62 69 74 65 72 45 76 65 6e 74 48 6f 6c 64 65 72 31 5b 61 5d 3b 63 21 3d 3d 22 70 65 72 73 69 73 74 65 6e 74 22 26 26 74 68 69 73 2e 24 41 72 62 69 74 65 72 45 76 65 6e 74 48 6f 6c 64 65 72 32 28 61 29 3b 69 66 28 63 21 3d 3d 22 65 76 65 6e 74 22 29 7b 76 61 72 20 64 3b 66 6f 72 28 76 61 72 20 65 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 66 3d 6e 65 77 20 41 72 72 61 79 28 65 3e 31 3f 65 2d 31 3a 30 29 2c 67 3d 31 3b 67 3c 65 3b 67 2b 2b 29 66 5b 67 2d 31 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 67 5d 3b 72 65 74 75 72 6e 28 64 3d 62 2e 70 72 6f 74 6f 74 79 70 65 2e 68 6f 6c 64 45 76 65 6e 74 29 2e 63 61 6c 6c 2e 61 70 70 6c 79 28 64 2c 5b 74 68 69 73 2c 61 5d 2e 63 6f 6e 63 61 74 28 66 29 29 7d 72 65 74 75 72 6e 20 76 6f 69 64 20
                                                Data Ascii: is.$ArbiterEventHolder1[a];c!=="persistent"&&this.$ArbiterEventHolder2(a);if(c!=="event"){var d;for(var e=arguments.length,f=new Array(e>1?e-1:0),g=1;g<e;g++)f[g-1]=arguments[g];return(d=b.prototype.holdEvent).call.apply(d,[this,a].concat(f))}return void
                                                2024-07-03 13:47:01 UTC14884INData Raw: 74 22 3a 6e 65 77 20 4d 61 70 28 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 64 28 61 29 7b 6e 2e 61 64 64 28 61 29 7d 66 75 6e 63 74 69 6f 6e 20 65 28 61 29 7b 6e 5b 22 64 65 6c 65 74 65 22 5d 28 61 29 2c 6d 2e 69 6e 66 6f 72 6d 28 68 2c 61 2c 22 70 65 72 73 69 73 74 65 6e 74 22 29 7d 66 75 6e 63 74 69 6f 6e 20 66 28 61 2c 62 29 7b 6f 2e 61 64 64 28 70 28 61 2c 62 29 29 7d 66 75 6e 63 74 69 6f 6e 20 71 28 61 2c 62 2c 63 29 7b 6d 2e 69 6e 66 6f 72 6d 28 70 28 61 2c 62 29 2c 63 2c 22 70 65 72 73 69 73 74 65 6e 74 22 29 7d 66 75 6e 63 74 69 6f 6e 20 72 28 61 29 7b 6d 2e 69 6e 66 6f 72 6d 28 6a 2c 61 2c 22 70 65 72 73 69 73 74 65 6e 74 22 29 7d 66 75 6e 63 74 69 6f 6e 20 73 28 61 29 7b 72 65 74 75 72 6e 20 6d 2e 73 75 62 73 63 72 69 62 65 28 68 2c 66 75 6e 63 74 69
                                                Data Ascii: t":new Map()}}function d(a){n.add(a)}function e(a){n["delete"](a),m.inform(h,a,"persistent")}function f(a,b){o.add(p(a,b))}function q(a,b,c){m.inform(p(a,b),c,"persistent")}function r(a){m.inform(j,a,"persistent")}function s(a){return m.subscribe(h,functi
                                                2024-07-03 13:47:01 UTC16384INData Raw: 66 5b 30 5d 3b 66 3d 66 5b 31 5d 3b 68 5b 69 5d 3d 66 7d 72 65 74 75 72 6e 7b 73 65 74 50 72 6f 70 73 3a 62 2c 73 74 72 69 6e 67 50 72 6f 70 73 3a 67 2c 76 65 63 74 6f 72 50 72 6f 70 73 3a 68 7d 7d 3b 61 2e 63 6f 6d 62 69 6e 65 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3b 61 21 3d 6e 75 6c 6c 26 26 62 21 3d 6e 75 6c 6c 3f 28 61 2e 73 74 72 69 6e 67 50 72 6f 70 73 3d 62 61 62 65 6c 48 65 6c 70 65 72 73 5b 22 65 78 74 65 6e 64 73 22 5d 28 7b 7d 2c 62 2e 73 74 72 69 6e 67 50 72 6f 70 73 2c 61 2e 73 74 72 69 6e 67 50 72 6f 70 73 29 2c 61 2e 73 65 74 50 72 6f 70 73 3d 62 61 62 65 6c 48 65 6c 70 65 72 73 5b 22 65 78 74 65 6e 64 73 22 5d 28 7b 7d 2c 62 2e 73 65 74 50 72 6f 70 73 2c 61 2e 73 65 74 50 72 6f 70 73 29 2c 63 3d 61 29 3a 61 21 3d 6e
                                                Data Ascii: f[0];f=f[1];h[i]=f}return{setProps:b,stringProps:g,vectorProps:h}};a.combine=function(a,b){var c;a!=null&&b!=null?(a.stringProps=babelHelpers["extends"]({},b.stringProps,a.stringProps),a.setProps=babelHelpers["extends"]({},b.setProps,a.setProps),c=a):a!=n
                                                2024-07-03 13:47:01 UTC16384INData Raw: 53 75 62 64 6f 6d 61 69 6e 4f 66 44 6f 6d 61 69 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 63 2c 64 29 7b 69 66 28 63 3d 3d 3d 22 22 7c 7c 61 3d 3d 3d 22 22 29 72 65 74 75 72 6e 21 31 3b 69 66 28 61 2e 65 6e 64 73 57 69 74 68 28 63 29 29 7b 76 61 72 20 65 3d 61 2e 6c 65 6e 67 74 68 2c 66 3d 63 2e 6c 65 6e 67 74 68 2c 67 3d 65 2d 66 2d 31 3b 69 66 28 65 3d 3d 3d 66 7c 7c 61 5b 67 5d 3d 3d 3d 22 2e 22 29 7b 65 3d 6e 65 77 20 62 28 6e 75 6c 6c 2c 64 29 3b 65 2e 73 65 74 44 6f 6d 61 69 6e 28 63 29 3b 72 65 74 75 72 6e 20 62 2e 69 73 56 61 6c 69 64 28 65 2c 64 29 7d 7d 72 65 74 75 72 6e 21 31 7d 3b 65 2e 74 6f 53 74 72 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2e 63 61 6c 6c 28 74
                                                Data Ascii: SubdomainOfDomain=function(a,c,d){if(c===""||a==="")return!1;if(a.endsWith(c)){var e=a.length,f=c.length,g=e-f-1;if(e===f||a[g]==="."){e=new b(null,d);e.setDomain(c);return b.isValid(e,d)}}return!1};e.toString=function(){return a.prototype.toString.call(t
                                                2024-07-03 13:47:01 UTC14884INData Raw: 29 7d 76 61 72 20 6e 3d 22 4a 53 52 65 73 6f 75 72 63 65 3a 20 75 6e 6b 6e 6f 77 6e 20 63 61 6c 6c 65 72 22 3b 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 61 2e 73 65 74 42 6f 6f 74 6c 6f 61 64 65 72 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 6c 3d 61 3b 66 6f 72 28 61 3d 30 3b 61 3c 6b 2e 6c 65 6e 67 74 68 3b 61 2b 2b 29 7b 76 61 72 20 62 3d 6b 5b 61 5d 3b 62 28 6c 29 7d 6b 3d 5b 5d 7d 3b 66 75 6e 63 74 69 6f 6e 20 61 28 61 29 7b 74 68 69 73 2e 24 31 3d 61 7d 76 61 72 20 65 3d 61 2e 70 72 6f 74 6f 74 79 70 65 3b 65 2e 67 65 74 4d 6f 64 75 6c 65 49 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 68 69 73 2e 24 31 3b 72 65 74 75 72 6e 20 61 7d 3b 65 2e 67 65 74 4d 6f 64 75 6c 65 49 64 41 73 52 65 66 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e
                                                Data Ascii: )}var n="JSResource: unknown caller";a=function(){a.setBootloader=function(a){l=a;for(a=0;a<k.length;a++){var b=k[a];b(l)}k=[]};function a(a){this.$1=a}var e=a.prototype;e.getModuleId=function(){var a=this.$1;return a};e.getModuleIdAsRef=function(){return


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.2.549714157.240.0.64432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:01 UTC863OUTGET /rsrc.php/v3iwqK4/yD/l/en_GB/yW5mlSpCn9mRZLWp0bJ4uPcKI4lWgwKKj-ueoATFbIw-uaTxM-JV6thYT7n1sgH1lvsz5KVEO_BkqDYvatkvPhoONu3pkqVqdCD9WJk8ujrnjKWwIwOKBPFJOCwuhXh84BiB8aEbWRwojUJXL0ygo8J-EX1Rdzuzi16yghjE4ZDgkA82rIloB7qqcm2jr73EEuMST7r_l1DuzAtWVRntr0ucTZxwWk6_vabK_-gp55HfXW__mMzi95_wmB-512pEQn4HVER6.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                Host: static.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                Origin: https://www.facebook.com
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: script
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:01 UTC1989INHTTP/1.1 200 OK
                                                Content-Type: application/x-javascript; charset=utf-8
                                                Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                content-md5: XDWYnZrc7f13Q+PK2eCRUw==
                                                Expires: Thu, 03 Jul 2025 13:47:01 GMT
                                                Cache-Control: public,max-age=31536000,immutable
                                                reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                timing-allow-origin: *
                                                document-policy: force-load-at-top
                                                permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                cross-origin-resource-policy: cross-origin
                                                X-Content-Type-Options: nosniff
                                                report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                origin-agent-cluster: ?0
                                                X-FB-Debug: 5PbG1BbQBaGoF3GqTW8QzV0qGHSA2KZULRbCrSc5g6Let5W5EUerlcDIskuc3yC2yQI9hsnOcx6433a+6NK2Jw==
                                                Date: Wed, 03 Jul 2024 13:47:01 GMT
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: MODERATE; q=0.3, rtt=180, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=113, ullat=0
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 1137262
                                                2024-07-03 13:47:01 UTC1500INData Raw: 3b 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 4c 79 6e 78 47 65 6e 65 72 61 74 69 6f 6e 22 2c 5b 22 4c 69 6e 6b 73 68 69 6d 48 61 6e 64 6c 65 72 43 6f 6e 66 69 67 22 2c 22 55 52 49 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 76 61 72 20 68 2c 69 3d 6e 65 77 28 68 7c 7c 28 68 3d 63 28 22 55 52 49 22 29 29 29 28 63 28 22 4c 69 6e 6b 73 68 69 6d 48 61 6e 64 6c 65 72 43 6f 6e 66 69 67 22 29 2e 6c 69 6e 6b 73 68 69 6d 5f 70 61 74 68 29 2e 73 65 74 44 6f 6d 61 69 6e 28 63 28 22 4c 69 6e 6b 73 68 69 6d 48 61 6e 64 6c 65 72 43 6f 6e 66 69 67 22 29 2e 6c 69 6e 6b 73 68 69 6d 5f 68 6f 73 74 29 2c 6a 3d 7b 67 65 74 53 68 69 6d 55 52 49 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 65 77
                                                Data Ascii: ;/*FB_PKG_DELIM*/__d("LynxGeneration",["LinkshimHandlerConfig","URI"],(function(a,b,c,d,e,f,g){var h,i=new(h||(h=c("URI")))(c("LinkshimHandlerConfig").linkshim_path).setDomain(c("LinkshimHandlerConfig").linkshim_host),j={getShimURI:function(){return new
                                                2024-07-03 13:47:01 UTC1500INData Raw: 61 29 7b 76 61 72 20 63 3d 69 2e 67 65 74 4d 61 79 62 65 4e 6f 6e 46 42 4c 69 6e 6b 52 65 66 65 72 72 65 72 4a 53 4d 6f 64 65 28 61 2e 74 61 72 67 65 74 29 3b 69 66 28 21 63 29 72 65 74 75 72 6e 3b 76 61 72 20 64 3d 63 5b 30 5d 3b 63 3d 63 5b 31 5d 3b 73 77 69 74 63 68 28 64 29 7b 63 61 73 65 22 6f 72 69 67 69 6e 22 3a 69 2e 6f 72 69 67 69 6e 52 65 66 65 72 72 65 72 50 6f 6c 69 63 79 43 6c 69 63 6b 57 69 74 68 6f 75 74 4c 6f 67 28 63 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 69 65 22 3a 64 3d 6e 65 77 28 67 7c 7c 28 67 3d 62 28 22 55 52 49 22 29 29 29 28 63 2e 68 72 65 66 29 3b 61 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 68 28 64 2c 77 69 6e 64 6f 77 2e 6f 70 65 6e 28 22 22 2c 63 2e 74 61 72 67 65 74 29 2c 21 30 29 3b 62 72 65 61 6b 7d 7d 3b 62
                                                Data Ascii: a){var c=i.getMaybeNonFBLinkReferrerJSMode(a.target);if(!c)return;var d=c[0];c=c[1];switch(d){case"origin":i.originReferrerPolicyClickWithoutLog(c);break;case"ie":d=new(g||(g=b("URI")))(c.href);a.preventDefault();h(d,window.open("",c.target),!0);break}};b
                                                2024-07-03 13:47:01 UTC1500INData Raw: 29 28 6a 29 3f 6a 2b 22 20 6e 6f 66 6f 6c 6c 6f 77 22 3a 22 6e 6f 66 6f 6c 6c 6f 77 22 29 3b 68 26 26 28 6a 3d 63 28 22 69 73 54 72 75 74 68 79 22 29 28 6a 29 3f 6a 2b 22 20 6e 6f 72 65 66 65 72 72 65 72 22 3a 22 6e 6f 72 65 66 65 72 72 65 72 22 29 3b 63 28 22 69 73 54 72 75 74 68 79 22 29 28 6c 29 26 26 28 70 3d 6c 29 3b 72 65 74 75 72 6e 20 69 2e 6a 73 78 28 22 61 22 2c 62 61 62 65 6c 48 65 6c 70 65 72 73 5b 22 65 78 74 65 6e 64 73 22 5d 28 7b 7d 2c 61 2c 7b 68 72 65 66 3a 6d 2e 74 6f 53 74 72 69 6e 67 28 29 7c 7c 6e 75 6c 6c 2c 72 65 6c 3a 6a 2c 72 65 66 3a 65 2c 22 64 61 74 61 2d 73 69 67 69 6c 22 3a 6e 2c 22 64 61 74 61 2d 6c 79 6e 78 2d 6d 6f 64 65 22 3a 6f 2c 22 64 61 74 61 2d 6c 6e 66 62 2d 6d 6f 64 65 22 3a 70 7d 29 29 7d 3b 72 65 74 75 72 6e 20
                                                Data Ascii: )(j)?j+" nofollow":"nofollow");h&&(j=c("isTruthy")(j)?j+" noreferrer":"noreferrer");c("isTruthy")(l)&&(p=l);return i.jsx("a",babelHelpers["extends"]({},a,{href:m.toString()||null,rel:j,ref:e,"data-sigil":n,"data-lynx-mode":o,"data-lnfb-mode":p}))};return
                                                2024-07-03 13:47:01 UTC1194INData Raw: 22 65 78 74 65 6e 64 73 22 5d 28 7b 7d 2c 61 29 3b 76 61 72 20 64 3d 61 2e 63 68 69 6c 64 72 65 6e 2c 65 3d 61 2e 78 73 74 79 6c 65 3b 61 3d 62 61 62 65 6c 48 65 6c 70 65 72 73 2e 6f 62 6a 65 63 74 57 69 74 68 6f 75 74 50 72 6f 70 65 72 74 69 65 73 4c 6f 6f 73 65 28 61 2c 5b 22 63 68 69 6c 64 72 65 6e 22 2c 22 78 73 74 79 6c 65 22 5d 29 3b 72 65 74 75 72 6e 20 6a 2e 6a 73 78 28 22 64 69 76 22 2c 62 61 62 65 6c 48 65 6c 70 65 72 73 5b 22 65 78 74 65 6e 64 73 22 5d 28 7b 7d 2c 61 2c 7b 63 6c 61 73 73 4e 61 6d 65 3a 28 68 7c 7c 28 68 3d 63 28 22 73 74 79 6c 65 78 22 29 29 29 28 65 29 2c 72 65 66 3a 62 2c 63 68 69 6c 64 72 65 6e 3a 64 7d 29 29 7d 61 2e 64 69 73 70 6c 61 79 4e 61 6d 65 3d 61 2e 6e 61 6d 65 2b 22 20 5b 66 72 6f 6d 20 22 2b 66 2e 69 64 2b 22 5d
                                                Data Ascii: "extends"]({},a);var d=a.children,e=a.xstyle;a=babelHelpers.objectWithoutPropertiesLoose(a,["children","xstyle"]);return j.jsx("div",babelHelpers["extends"]({},a,{className:(h||(h=c("stylex")))(e),ref:b,children:d}))}a.displayName=a.name+" [from "+f.id+"]
                                                2024-07-03 13:47:01 UTC1500INData Raw: 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 3b 61 3d 61 2e 69 6e 69 74 69 61 6c 53 74 61 74 65 3b 61 3d 6c 28 64 28 22 42 61 73 65 43 61 6c 6c 6f 75 74 52 65 64 75 63 65 72 22 29 2e 42 61 73 65 43 61 6c 6c 6f 75 74 52 65 64 75 63 65 72 2c 61 29 3b 76 61 72 20 67 3d 61 5b 30 5d 2c 68 3d 61 5b 31 5d 2c 6e 3d 6d 28 6e 75 6c 6c 29 2c 6f 3d 6a 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 68 28 7b 70 61 79 6c 6f 61 64 3a 61 2c 74 79 70 65 3a 22 61 64 64 43 61 6c 6c 6f 75 74 22 7d 29 7d 2c 5b 5d 29 2c 70 3d 6a 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 68 28 7b 70 61 79 6c 6f 61 64 3a 61 2c 74 79 70 65 3a 22 72 65 6d 6f 76 65 43 61 6c 6c 6f 75 74 22 7d 29 7d 2c 5b 5d 29 2c 71 3d 6a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3b 28 61 3d 6e 2e 63 75 72 72 65 6e 74 29 3d 3d
                                                Data Ascii: plementation;a=a.initialState;a=l(d("BaseCalloutReducer").BaseCalloutReducer,a);var g=a[0],h=a[1],n=m(null),o=j(function(a){h({payload:a,type:"addCallout"})},[]),p=j(function(a){h({payload:a,type:"removeCallout"})},[]),q=j(function(){var a;(a=n.current)==
                                                2024-07-03 13:47:01 UTC1500INData Raw: 22 78 31 30 6c 36 74 71 6b 22 2c 74 6f 70 3a 22 78 31 33 76 69 66 76 79 22 2c 77 69 64 74 68 3a 22 78 31 77 6b 72 39 32 69 22 2c 24 24 63 73 73 3a 21 30 7d 2c 72 6f 6f 74 3a 7b 64 69 73 70 6c 61 79 3a 22 78 31 72 67 35 6f 68 75 22 2c 70 6f 73 69 74 69 6f 6e 3a 22 78 31 6e 32 6f 6e 72 36 22 2c 24 24 63 73 73 3a 21 30 7d 7d 3b 66 75 6e 63 74 69 6f 6e 20 61 28 61 29 7b 76 61 72 20 62 3d 61 2e 63 68 69 6c 64 72 65 6e 2c 64 3d 61 2e 64 69 73 61 62 6c 65 64 3b 64 3d 64 3d 3d 3d 76 6f 69 64 20 30 3f 21 31 3a 64 3b 76 61 72 20 65 3d 61 2e 68 65 69 67 68 74 2c 66 3d 61 2e 70 75 6c 73 65 43 6f 6c 6f 72 2c 67 3d 61 2e 72 61 64 69 69 2c 69 3d 61 2e 76 69 73 69 62 6c 65 3b 69 3d 69 3d 3d 3d 76 6f 69 64 20 30 3f 21 30 3a 69 3b 76 61 72 20 6b 3d 61 2e 77 69 64 74 68 3b
                                                Data Ascii: "x10l6tqk",top:"x13vifvy",width:"x1wkr92i",$$css:!0},root:{display:"x1rg5ohu",position:"x1n2onr6",$$css:!0}};function a(a){var b=a.children,d=a.disabled;d=d===void 0?!1:d;var e=a.height,f=a.pulseColor,g=a.radii,i=a.visible;i=i===void 0?!0:i;var k=a.width;
                                                2024-07-03 13:47:01 UTC1500INData Raw: 6c 73 65 45 66 66 65 63 74 5f 68 65 69 67 68 74 22 3a 62 2b 22 70 78 22 2c 22 2d 2d 42 61 73 65 50 75 6c 73 65 45 66 66 65 63 74 5f 70 75 6c 73 65 43 6f 6c 6f 72 22 3a 22 22 2b 63 2c 22 2d 2d 42 61 73 65 50 75 6c 73 65 45 66 66 65 63 74 5f 77 69 64 74 68 22 3a 61 2b 22 70 78 22 7d 7d 67 5b 22 64 65 66 61 75 6c 74 22 5d 3d 61 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 42 61 73 65 54 6f 61 73 74 65 72 53 74 61 74 65 4d 61 6e 61 67 65 72 50 72 6f 76 69 64 65 72 2e 72 65 61 63 74 22 2c 5b 22 42 61 73 65 54 6f 61 73 74 65 72 53 74 61 74 65 4d 61 6e 61 67 65 72 22 2c 22 42 61 73 65 54 6f 61 73 74 65 72 53 74 61 74 65 4d 61 6e 61 67 65 72 43 6f 6e 74 65 78 74 2e 72 65 61 63 74 22 2c 22 72 65 61 63 74 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65
                                                Data Ascii: lseEffect_height":b+"px","--BasePulseEffect_pulseColor":""+c,"--BasePulseEffect_width":a+"px"}}g["default"]=a}),98);__d("BaseToasterStateManagerProvider.react",["BaseToasterStateManager","BaseToasterStateManagerContext.react","react"],(function(a,b,c,d,e
                                                2024-07-03 13:47:01 UTC1500INData Raw: 22 5d 29 3b 66 75 6e 63 74 69 6f 6e 20 6a 28 61 29 7b 72 65 74 75 72 6e 20 69 2e 68 61 73 28 61 2e 67 65 74 50 72 6f 74 6f 63 6f 6c 28 29 29 7d 76 61 72 20 6b 3d 22 66 62 63 6c 69 64 22 3b 62 3d 22 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 22 3b 76 61 72 20 6c 3d 28 64 3d 7b 7d 2c 64 5b 62 5d 3d 5b 7b 65 78 74 72 61 63 74 6f 72 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 67 65 74 51 75 65 72 79 53 74 72 69 6e 67 28 29 3b 72 65 74 75 72 6e 20 61 21 3d 6e 75 6c 6c 26 26 61 2e 73 74 61 72 74 73 57 69 74 68 28 22 68 74 74 70 22 29 3f 6e 65 77 28 68 7c 7c 28 68 3d 63 28 22 55 52 49 22 29 29 29 28 61 29 3a 6e 75 6c 6c 7d 2c 69 6e 6a 65 63 74 6f 72 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 62 3d 62 2e 61 64 64 51 75 65 72 79 44 61 74 61 28 6b
                                                Data Ascii: "]);function j(a){return i.has(a.getProtocol())}var k="fbclid";b="doubleclick.net";var l=(d={},d[b]=[{extractor:function(a){a=a.getQueryString();return a!=null&&a.startsWith("http")?new(h||(h=c("URI")))(a):null},injector:function(a,b,c){b=b.addQueryData(k
                                                2024-07-03 13:47:01 UTC910INData Raw: 3d 61 2e 63 68 69 6c 64 72 65 6e 3b 64 3d 64 3d 3d 3d 76 6f 69 64 20 30 3f 6e 75 6c 6c 3a 64 3b 76 61 72 20 65 3d 61 2e 69 73 56 69 73 69 62 6c 65 3b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 21 31 3a 65 3b 61 3d 61 2e 72 6f 6c 65 3b 61 3d 61 3d 3d 3d 76 6f 69 64 20 30 3f 22 61 6c 65 72 74 22 3a 61 3b 72 65 74 75 72 6e 20 6a 2e 6a 73 78 28 22 64 69 76 22 2c 7b 22 61 72 69 61 2d 61 74 6f 6d 69 63 22 3a 21 30 2c 22 61 72 69 61 2d 6c 69 76 65 22 3a 62 3f 22 61 73 73 65 72 74 69 76 65 22 3a 22 70 6f 6c 69 74 65 22 2c 63 6c 61 73 73 4e 61 6d 65 3a 28 68 7c 7c 28 68 3d 63 28 22 73 74 79 6c 65 78 22 29 29 29 28 65 3d 3d 3d 21 31 26 26 6b 2e 6f 66 66 73 63 72 65 65 6e 41 63 63 65 73 73 69 62 69 6c 69 74 79 45 6c 65 6d 65 6e 74 29 2c 72 6f 6c 65 3a 61 2c 63 68 69 6c
                                                Data Ascii: =a.children;d=d===void 0?null:d;var e=a.isVisible;e=e===void 0?!1:e;a=a.role;a=a===void 0?"alert":a;return j.jsx("div",{"aria-atomic":!0,"aria-live":b?"assertive":"polite",className:(h||(h=c("stylex")))(e===!1&&k.offscreenAccessibilityElement),role:a,chil
                                                2024-07-03 13:47:01 UTC1500INData Raw: 28 68 7c 7c 28 68 3d 63 28 22 45 6e 76 22 29 29 29 2e 69 73 43 6f 6d 65 74 4f 6e 4d 6f 62 69 6c 65 3a 61 3d 63 28 22 67 6b 78 22 29 28 22 32 32 38 30 39 22 29 3f 62 3a 64 3b 62 72 65 61 6b 3b 63 61 73 65 28 68 7c 7c 63 28 22 45 6e 76 22 29 29 2e 69 73 4d 65 73 73 65 6e 67 65 72 44 6f 74 43 6f 6d 4f 6e 43 6f 6d 65 74 3a 61 3d 30 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 61 3d 62 7d 65 3d 61 3b 66 3d 31 30 39 39 3b 64 3d 22 67 6c 6f 62 61 6c 5f 73 65 72 70 22 3b 67 2e 48 45 41 44 45 52 5f 48 45 49 47 48 54 3d 65 3b 67 2e 4d 41 58 5f 56 49 45 57 50 4f 52 54 5f 57 49 44 54 48 5f 47 4c 4f 42 41 4c 5f 50 41 4e 45 4c 5f 45 58 50 41 4e 44 45 44 3d 66 3b 67 2e 47 4c 4f 42 41 4c 5f 53 45 52 50 5f 50 41 47 45 3d 64 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 43 6f 6d
                                                Data Ascii: (h||(h=c("Env"))).isCometOnMobile:a=c("gkx")("22809")?b:d;break;case(h||c("Env")).isMessengerDotComOnComet:a=0;break;default:a=b}e=a;f=1099;d="global_serp";g.HEADER_HEIGHT=e;g.MAX_VIEWPORT_WIDTH_GLOBAL_PANEL_EXPANDED=f;g.GLOBAL_SERP_PAGE=d}),98);__d("Com


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                6192.168.2.549724157.240.0.64432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:02 UTC610OUTGET /rsrc.php/v3iwLy4/yE/l/en_GB/ZpztLkU6jDd.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                Host: static.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                Origin: https://www.facebook.com
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: script
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:03 UTC1989INHTTP/1.1 200 OK
                                                Content-Type: application/x-javascript; charset=utf-8
                                                Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                content-md5: t3SNrbK4BcKa3+2qST/r8w==
                                                Expires: Thu, 03 Jul 2025 13:47:03 GMT
                                                Cache-Control: public,max-age=31536000,immutable
                                                reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                timing-allow-origin: *
                                                document-policy: force-load-at-top
                                                permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                cross-origin-resource-policy: cross-origin
                                                X-Content-Type-Options: nosniff
                                                report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                origin-agent-cluster: ?0
                                                X-FB-Debug: 9aOQOXWrpHeZVt9Nn1hEHGkhmq5CdvKHLXhrTZ2AtP4+mTlMfYnUKX3PUtJxTtMb3tPSfKPwJTkgTNqvQi0ouQ==
                                                Date: Wed, 03 Jul 2024 13:47:03 GMT
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: MODERATE; q=0.3, rtt=174, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=133, ullat=0
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 1085377
                                                2024-07-03 13:47:03 UTC1500INData Raw: 3b 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 41 52 49 41 5f 4c 41 42 45 4c 5f 50 4c 41 43 45 48 4f 4c 44 45 52 5f 46 49 58 4d 45 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 61 3d 6e 75 6c 6c 3b 66 5b 22 64 65 66 61 75 6c 74 22 5d 3d 61 7d 29 2c 36 36 29 3b 0a 5f 5f 64 28 22 41 63 74 69 76 65 46 6f 63 75 73 52 65 67 69 6f 6e 55 74 69 6c 73 43 6f 6e 74 65 78 74 22 2c 5b 22 72 65 61 63 74 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 68 3b 61 3d 68 7c 7c 64 28 22 72 65 61 63 74 22 29 3b 62 3d 61 2e 63 72 65 61 74 65 43 6f 6e 74 65 78 74 28 6e 75 6c 6c 29 3b 63 3d 62
                                                Data Ascii: ;/*FB_PKG_DELIM*/__d("ARIA_LABEL_PLACEHOLDER_FIXME",[],(function(a,b,c,d,e,f){"use strict";a=null;f["default"]=a}),66);__d("ActiveFocusRegionUtilsContext",["react"],(function(a,b,c,d,e,f,g){"use strict";var h;a=h||d("react");b=a.createContext(null);c=b
                                                2024-07-03 13:47:03 UTC1500INData Raw: 79 4e 61 6d 65 3d 22 48 65 72 6f 43 6f 6d 70 6f 6e 65 6e 74 22 3b 65 3d 62 2e 6d 65 6d 6f 28 61 29 3b 67 5b 22 64 65 66 61 75 6c 74 22 5d 3d 65 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 48 65 72 6f 43 75 72 72 65 6e 74 49 6e 74 65 72 61 63 74 69 6f 6e 46 6f 72 4c 6f 67 67 69 6e 67 43 6f 6e 74 65 78 74 22 2c 5b 22 72 65 61 63 74 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 68 3b 61 3d 68 7c 7c 64 28 22 72 65 61 63 74 22 29 3b 62 3d 61 2e 63 72 65 61 74 65 43 6f 6e 74 65 78 74 28 7b 63 75 72 72 65 6e 74 3a 6e 75 6c 6c 7d 29 3b 67 5b 22 64 65 66 61 75 6c 74 22 5d 3d 62 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 48 65 72 6f 48 6f 6c 64 54 72 69 67 67 65 72 2e 72 65 61 63 74 22
                                                Data Ascii: yName="HeroComponent";e=b.memo(a);g["default"]=e}),98);__d("HeroCurrentInteractionForLoggingContext",["react"],(function(a,b,c,d,e,f,g){"use strict";var h;a=h||d("react");b=a.createContext({current:null});g["default"]=b}),98);__d("HeroHoldTrigger.react"
                                                2024-07-03 13:47:03 UTC1500INData Raw: 62 3a 69 2e 6a 73 78 28 64 28 22 48 65 72 6f 49 6e 74 65 72 61 63 74 69 6f 6e 43 6f 6e 74 65 78 74 22 29 2e 43 6f 6e 74 65 78 74 2e 50 72 6f 76 69 64 65 72 2c 7b 76 61 6c 75 65 3a 64 28 22 48 65 72 6f 49 6e 74 65 72 61 63 74 69 6f 6e 43 6f 6e 74 65 78 74 22 29 2e 44 45 46 41 55 4c 54 5f 43 4f 4e 54 45 58 54 5f 56 41 4c 55 45 2c 63 68 69 6c 64 72 65 6e 3a 69 2e 6a 73 78 28 63 28 22 48 65 72 6f 43 75 72 72 65 6e 74 49 6e 74 65 72 61 63 74 69 6f 6e 46 6f 72 4c 6f 67 67 69 6e 67 43 6f 6e 74 65 78 74 22 29 2e 50 72 6f 76 69 64 65 72 2c 7b 76 61 6c 75 65 3a 6a 2c 63 68 69 6c 64 72 65 6e 3a 69 2e 6a 73 78 28 63 28 22 48 65 72 6f 49 6e 74 65 72 61 63 74 69 6f 6e 49 44 43 6f 6e 74 65 78 74 22 29 2e 50 72 6f 76 69 64 65 72 2c 7b 76 61 6c 75 65 3a 6e 75 6c 6c 2c 63
                                                Data Ascii: b:i.jsx(d("HeroInteractionContext").Context.Provider,{value:d("HeroInteractionContext").DEFAULT_CONTEXT_VALUE,children:i.jsx(c("HeroCurrentInteractionForLoggingContext").Provider,{value:j,children:i.jsx(c("HeroInteractionIDContext").Provider,{value:null,c
                                                2024-07-03 13:47:03 UTC1500INData Raw: 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 68 2c 69 3d 30 3b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 72 65 74 75 72 6e 20 53 74 72 69 6e 67 28 69 2b 2b 29 7d 66 75 6e 63 74 69 6f 6e 20 62 28 61 29 7b 69 66 28 61 21 3d 6e 75 6c 6c 26 26 61 2e 73 69 7a 65 3e 30 29 72 65 74 75 72 6e 20 41 72 72 61 79 2e 66 72 6f 6d 28 61 29 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 28 68 7c 7c 28 68 3d 64 28 22 50 72 6f 6d 69 73 65 41 6e 6e 6f 74 61 74 65 22 29 29 29 2e 67 65 74 44 69 73 70 6c 61 79 4e 61 6d 65 28 61 29 3b 69 66 28 61 21 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 3b 65 6c 73 65 20 72 65 74 75 72 6e 22 50 72 6f 6d 69 73 65 22 7d 29 2e 6a 6f 69 6e 28 22 2c 22 29 3b 65 6c 73 65 20 72 65 74 75 72 6e 20 6e
                                                Data Ascii: ,c,d,e,f,g){"use strict";var h,i=0;function a(){return String(i++)}function b(a){if(a!=null&&a.size>0)return Array.from(a).map(function(a){a=(h||(h=d("PromiseAnnotate"))).getDisplayName(a);if(a!=null)return a;else return"Promise"}).join(",");else return n
                                                2024-07-03 13:47:03 UTC420INData Raw: 2c 70 2c 66 2c 71 2c 68 5d 29 3b 6c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 73 2e 63 75 72 72 65 6e 74 3d 3d 3d 21 31 26 26 70 21 3d 6e 75 6c 6c 26 26 70 21 3d 6e 75 6c 6c 29 7b 6f 2e 68 6f 6c 64 28 70 2c 6f 2e 70 61 67 65 6c 65 74 53 74 61 63 6b 2c 22 48 79 64 72 61 74 69 6f 6e 22 2c 72 2c 66 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 2e 75 6e 68 6f 6c 64 28 70 2c 72 29 7d 7d 7d 2c 5b 6f 2c 70 2c 66 2c 72 5d 29 3b 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 73 2e 63 75 72 72 65 6e 74 3d 21 30 2c 70 21 3d 6e 75 6c 6c 26 26 6f 2e 75 6e 68 6f 6c 64 28 70 2c 72 29 7d 3b 72 65 74 75 72 6e 20 69 2e 6a 73 78 73 28 69 2e 53 75 73 70 65 6e 73 65 2c 7b 66 61 6c 6c 62 61 63 6b 3a 69 2e 6a 73 78 73 28 69 2e 46 72
                                                Data Ascii: ,p,f,q,h]);l(function(){if(s.current===!1&&p!=null&&p!=null){o.hold(p,o.pageletStack,"Hydration",r,f);return function(){return o.unhold(p,r)}}},[o,p,f,r]);var t=function(){s.current=!0,p!=null&&o.unhold(p,r)};return i.jsxs(i.Suspense,{fallback:i.jsxs(i.Fr
                                                2024-07-03 13:47:03 UTC1500INData Raw: 61 2e 64 69 73 70 6c 61 79 4e 61 6d 65 3d 61 2e 6e 61 6d 65 2b 22 20 5b 66 72 6f 6d 20 22 2b 66 2e 69 64 2b 22 5d 22 3b 61 2e 64 69 73 70 6c 61 79 4e 61 6d 65 3d 22 48 65 72 6f 50 6c 61 63 65 68 6f 6c 64 65 72 22 3b 67 5b 22 64 65 66 61 75 6c 74 22 5d 3d 61 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 68 65 72 6f 2d 74 72 61 63 69 6e 67 2d 70 6c 61 63 65 68 6f 6c 64 65 72 22 2c 5b 22 48 65 72 6f 43 6f 6d 70 6f 6e 65 6e 74 2e 72 65 61 63 74 22 2c 22 48 65 72 6f 43 75 72 72 65 6e 74 49 6e 74 65 72 61 63 74 69 6f 6e 46 6f 72 4c 6f 67 67 69 6e 67 43 6f 6e 74 65 78 74 22 2c 22 48 65 72 6f 48 6f 6c 64 54 72 69 67 67 65 72 2e 72 65 61 63 74 22 2c 22 48 65 72 6f 49 6e 74 65 72 61 63 74 69 6f 6e 43 6f 6e 74 65 78 74 22 2c 22 48 65 72 6f 49 6e 74 65 72 61 63 74 69 6f 6e
                                                Data Ascii: a.displayName=a.name+" [from "+f.id+"]";a.displayName="HeroPlaceholder";g["default"]=a}),98);__d("hero-tracing-placeholder",["HeroComponent.react","HeroCurrentInteractionForLoggingContext","HeroHoldTrigger.react","HeroInteractionContext","HeroInteraction
                                                2024-07-03 13:47:03 UTC1500INData Raw: 63 74 69 6f 6e 28 62 29 7b 61 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 62 28 61 29 7d 29 7d 2c 64 3d 7b 61 64 64 47 6c 6f 62 61 6c 4d 65 74 61 64 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 29 7b 76 61 72 20 65 3b 63 28 22 61 64 64 41 6e 6e 6f 74 61 74 69 6f 6e 73 22 29 28 6b 2c 7b 22 69 6e 74 22 3a 28 65 3d 7b 7d 2c 65 5b 61 5d 3d 62 2c 65 29 7d 29 7d 65 6c 73 65 20 69 66 28 74 79 70 65 6f 66 20 62 3d 3d 3d 22 73 74 72 69 6e 67 22 29 7b 63 28 22 61 64 64 41 6e 6e 6f 74 61 74 69 6f 6e 73 22 29 28 6b 2c 7b 73 74 72 69 6e 67 3a 28 65 3d 7b 7d 2c 65 5b 61 5d 3d 62 2c 65 29 7d 29 7d 65 6c 73 65 20 69 66 28 74 79 70 65 6f 66 20 62 3d 3d 3d 22 62 6f 6f 6c 65 61 6e
                                                Data Ascii: ction(b){a.forEach(function(a){b(a)})},d={addGlobalMetadata:function(a,b){if(typeof b==="number"){var e;c("addAnnotations")(k,{"int":(e={},e[a]=b,e)})}else if(typeof b==="string"){c("addAnnotations")(k,{string:(e={},e[a]=b,e)})}else if(typeof b==="boolean
                                                2024-07-03 13:47:03 UTC1500INData Raw: 73 68 28 62 29 7d 2c 61 64 64 48 65 72 6f 50 65 6e 64 69 6e 67 50 6c 61 63 65 68 6f 6c 64 65 72 73 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 3d 69 2e 67 65 74 28 61 29 3b 69 66 28 21 61 29 72 65 74 75 72 6e 3b 61 2e 70 65 6e 64 69 6e 67 50 6c 61 63 65 68 6f 6c 64 65 72 73 3d 61 2e 70 65 6e 64 69 6e 67 50 6c 61 63 65 68 6f 6c 64 65 72 73 2e 63 6f 6e 63 61 74 28 62 29 7d 2c 61 64 64 48 69 64 64 65 6e 54 69 6d 69 6e 67 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 3d 69 2e 67 65 74 28 61 29 3b 69 66 28 21 61 29 72 65 74 75 72 6e 3b 61 2e 68 69 64 64 65 6e 54 69 6d 69 6e 67 73 3d 62 7d 2c 61 64 64 49 6d 61 67 65 50 72 65 6c 6f 61 64 65 72 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 61 3d 69 2e 67 65 74 28 61 29 3b 69 66 28 21 61 29 72 65 74 75
                                                Data Ascii: sh(b)},addHeroPendingPlaceholders:function(a,b){a=i.get(a);if(!a)return;a.pendingPlaceholders=a.pendingPlaceholders.concat(b)},addHiddenTiming:function(a,b){a=i.get(a);if(!a)return;a.hiddenTimings=b},addImagePreloader:function(a,b,c){a=i.get(a);if(!a)retu
                                                2024-07-03 13:47:03 UTC1500INData Raw: 2c 62 2c 64 29 7b 61 3d 69 2e 67 65 74 28 61 29 3b 69 66 28 61 29 7b 63 28 22 61 64 64 41 6e 6e 6f 74 61 74 69 6f 6e 73 22 29 28 61 2e 61 6e 6e 6f 74 61 74 69 6f 6e 73 2c 7b 73 74 72 69 6e 67 5f 61 72 72 61 79 3a 28 61 3d 7b 7d 2c 61 5b 62 5d 3d 64 2c 61 29 7d 29 7d 7d 2c 61 64 64 41 6e 6e 6f 74 61 74 69 6f 6e 49 6e 74 41 72 72 61 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 29 7b 61 3d 69 2e 67 65 74 28 61 29 3b 69 66 28 61 29 7b 63 28 22 61 64 64 41 6e 6e 6f 74 61 74 69 6f 6e 73 22 29 28 61 2e 61 6e 6e 6f 74 61 74 69 6f 6e 73 2c 7b 69 6e 74 5f 61 72 72 61 79 3a 28 61 3d 7b 7d 2c 61 5b 62 5d 3d 64 2c 61 29 7d 29 7d 7d 2c 61 64 64 41 6e 6e 6f 74 61 74 69 6f 6e 44 6f 75 62 6c 65 41 72 72 61 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 29 7b 61 3d 69
                                                Data Ascii: ,b,d){a=i.get(a);if(a){c("addAnnotations")(a.annotations,{string_array:(a={},a[b]=d,a)})}},addAnnotationIntArray:function(a,b,d){a=i.get(a);if(a){c("addAnnotations")(a.annotations,{int_array:(a={},a[b]=d,a)})}},addAnnotationDoubleArray:function(a,b,d){a=i
                                                2024-07-03 13:47:03 UTC905INData Raw: 61 6e 6e 6f 74 61 74 69 6f 6e 73 3a 7b 73 74 72 69 6e 67 3a 7b 7d 2c 22 69 6e 74 22 3a 7b 7d 2c 22 64 6f 75 62 6c 65 22 3a 7b 7d 2c 62 6f 6f 6c 3a 7b 7d 2c 73 74 72 69 6e 67 5f 61 72 72 61 79 3a 7b 7d 2c 69 6e 74 5f 61 72 72 61 79 3a 7b 7d 2c 64 6f 75 62 6c 65 5f 61 72 72 61 79 3a 7b 7d 2c 62 6f 6f 6c 5f 61 72 72 61 79 3a 7b 7d 7d 2c 63 6f 6d 6d 69 74 53 65 74 3a 6e 65 77 20 53 65 74 28 29 2c 66 61 63 74 6f 72 79 54 69 6d 69 6e 67 73 3a 5b 5d 2c 68 61 73 56 63 52 65 70 6f 72 74 3a 21 31 2c 68 65 72 6f 42 6f 6f 74 6c 6f 61 64 73 3a 5b 5d 2c 68 65 72 6f 52 65 6c 61 79 3a 5b 5d 2c 68 69 64 64 65 6e 54 69 6d 69 6e 67 73 3a 5b 5d 2c 69 6d 61 67 65 50 72 65 6c 6f 61 64 65 72 54 69 6d 69 6e 67 73 3a 7b 7d 2c 6c 61 74 65 4d 75 74 61 74 69 6f 6e 49 67 6e 6f 72 65
                                                Data Ascii: annotations:{string:{},"int":{},"double":{},bool:{},string_array:{},int_array:{},double_array:{},bool_array:{}},commitSet:new Set(),factoryTimings:[],hasVcReport:!1,heroBootloads:[],heroRelay:[],hiddenTimings:[],imagePreloaderTimings:{},lateMutationIgnore


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                7192.168.2.549726157.240.0.64432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:03 UTC610OUTGET /rsrc.php/v3iPlJ4/yd/l/en_GB/hZ5gcIcWbl3.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                Host: static.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                Origin: https://www.facebook.com
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: script
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:03 UTC1984INHTTP/1.1 200 OK
                                                Content-Type: application/x-javascript; charset=utf-8
                                                Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                content-md5: ZhU1jtQ1W6UOUHT8SsK5dw==
                                                Expires: Thu, 03 Jul 2025 13:47:03 GMT
                                                Cache-Control: public,max-age=31536000,immutable
                                                reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                timing-allow-origin: *
                                                document-policy: force-load-at-top
                                                permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                cross-origin-resource-policy: cross-origin
                                                X-Content-Type-Options: nosniff
                                                report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                origin-agent-cluster: ?0
                                                X-FB-Debug: bKcIZbj8eodeDU46EStBA82C83BvcLXsLut+wiNmMsuvu1TgaNiKWkzHsOzymAEKXtyl4vWCw741eVdrkFvF1A==
                                                Date: Wed, 03 Jul 2024 13:47:03 GMT
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: GOOD; q=0.7, rtt=111, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=109, ullat=1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 397976
                                                2024-07-03 13:47:03 UTC1500INData Raw: 3b 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 24 49 6e 74 65 72 6e 61 6c 45 6e 75 6d 55 74 69 6c 73 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 67 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 3b 66 75 6e 63 74 69 6f 6e 20 61 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 3d 3d 6e 75 6c 6c 7c 7c 21 67 2e 63 61 6c 6c 28 61 2c 62 29 3f 6e 75 6c 6c 3a 61 5b 62 5d 7d 7d 76 61 72 20 68 3d 74 79 70 65 6f 66 20 57 65 61 6b 4d 61 70 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 6e 65 77 20 57 65 61 6b 4d 61 70 28 29 3a 6e 65 77 20 4d 61 70 28 29 3b 66 75 6e
                                                Data Ascii: ;/*FB_PKG_DELIM*/__d("$InternalEnumUtils",[],(function(a,b,c,d,e,f){"use strict";var g=Object.prototype.hasOwnProperty;function a(a){return function(b){return b==null||!g.call(a,b)?null:a[b]}}var h=typeof WeakMap==="function"?new WeakMap():new Map();fun
                                                2024-07-03 13:47:03 UTC1500INData Raw: 6f 32 22 2c 66 6c 65 78 53 68 72 69 6e 6b 3a 22 78 73 38 33 6d 30 6b 22 2c 65 6e 64 3a 22 78 64 73 36 38 37 63 22 2c 6c 65 66 74 3a 6e 75 6c 6c 2c 72 69 67 68 74 3a 6e 75 6c 6c 2c 73 74 61 72 74 3a 22 78 31 37 71 6f 70 68 65 22 2c 6a 75 73 74 69 66 79 43 6f 6e 74 65 6e 74 3a 22 78 31 71 75 67 68 69 62 22 2c 6d 61 72 67 69 6e 42 6f 74 74 6f 6d 3a 22 78 61 74 32 34 63 72 22 2c 6d 61 72 67 69 6e 45 6e 64 3a 22 78 31 31 69 35 72 6e 6d 22 2c 6d 61 72 67 69 6e 53 74 61 72 74 3a 22 78 31 6d 68 38 67 30 72 22 2c 6d 61 72 67 69 6e 54 6f 70 3a 22 78 64 6a 32 36 36 72 22 2c 6d 69 6e 48 65 69 67 68 74 3a 22 78 32 6c 77 6e 31 6a 22 2c 6d 69 6e 57 69 64 74 68 3a 22 78 65 75 75 67 6c 69 22 2c 70 61 64 64 69 6e 67 42 6f 74 74 6f 6d 3a 22 78 31 38 64 39 69 36 39 22 2c 70
                                                Data Ascii: o2",flexShrink:"xs83m0k",end:"xds687c",left:null,right:null,start:"x17qophe",justifyContent:"x1qughib",marginBottom:"xat24cr",marginEnd:"x11i5rnm",marginStart:"x1mh8g0r",marginTop:"xdj266r",minHeight:"x2lwn1j",minWidth:"xeuugli",paddingBottom:"x18d9i69",p
                                                2024-07-03 13:47:03 UTC1500INData Raw: 2c 65 3d 64 3d 3d 3d 76 6f 69 64 20 30 3f 6e 75 6c 6c 3a 64 3b 64 3d 62 2e 64 65 74 61 63 68 65 64 3b 64 3d 64 3d 3d 3d 76 6f 69 64 20 30 3f 21 31 3a 64 3b 76 61 72 20 66 3d 62 2e 64 65 74 61 63 68 65 64 44 65 66 61 75 6c 74 56 61 6c 75 65 3b 66 3d 66 3d 3d 3d 76 6f 69 64 20 30 3f 21 31 3a 66 3b 62 2e 64 65 74 61 63 68 65 64 50 61 67 65 4f 66 66 73 65 74 73 3b 76 61 72 20 67 3d 62 2e 64 69 73 61 62 6c 65 4e 61 76 69 67 61 74 69 6f 6e 53 63 72 6f 6c 6c 52 65 73 65 74 2c 68 3d 67 3d 3d 3d 76 6f 69 64 20 30 3f 21 31 3a 67 3b 67 3d 62 2e 68 69 64 64 65 6e 57 68 65 6e 44 65 74 61 63 68 65 64 3b 67 3d 67 3d 3d 3d 76 6f 69 64 20 30 3f 21 31 3a 67 3b 76 61 72 20 73 3d 62 2e 6d 61 69 6e 74 61 69 6e 53 63 72 6f 6c 6c 46 6f 72 43 6f 6e 74 65 78 74 2c 76 3d 73 3d 3d
                                                Data Ascii: ,e=d===void 0?null:d;d=b.detached;d=d===void 0?!1:d;var f=b.detachedDefaultValue;f=f===void 0?!1:f;b.detachedPageOffsets;var g=b.disableNavigationScrollReset,h=g===void 0?!1:g;g=b.hiddenWhenDetached;g=g===void 0?!1:g;var s=b.maintainScrollForContext,v=s==
                                                2024-07-03 13:47:03 UTC1188INData Raw: 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 73 63 72 6f 6c 6c 22 2c 62 2c 7b 70 61 73 73 69 76 65 3a 21 30 7d 29 7d 7d 7d 2c 5b 43 2c 65 2c 41 5d 29 3b 6c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 79 2e 63 75 72 72 65 6e 74 3b 69 66 28 61 21 3d 6e 75 6c 6c 29 69 66 28 48 29 7b 71 2e 61 64 64 28 61 29 3b 69 66 28 21 43 29 7b 44 28 21 30 29 3b 72 3d 74 28 29 3b 69 66 28 72 21 3d 6e 75 6c 6c 29 7b 76 61 72 20 62 3d 70 2e 67 65 74 28 72 29 3b 62 26 26 62 28 21 30 29 7d 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 71 5b 22 64 65 6c 65 74 65 22 5d 28 61 29 7d 7d 65 6c 73 65 20 69 66 28 43 26 26 61 21 3d 3d 72 26 26 61 3d 3d 3d 74 28 29 29 7b 69 66 28 72
                                                Data Ascii: ction(){return window.removeEventListener("scroll",b,{passive:!0})}}},[C,e,A]);l(function(){var a=y.current;if(a!=null)if(H){q.add(a);if(!C){D(!0);r=t();if(r!=null){var b=p.get(r);b&&b(!0)}}return function(){q["delete"](a)}}else if(C&&a!==r&&a===t()){if(r
                                                2024-07-03 13:47:03 UTC1500INData Raw: 66 3a 62 2c 63 68 69 6c 64 72 65 6e 3a 64 7d 29 7d 3b 66 3d 28 65 3d 62 28 22 63 72 3a 31 30 31 31 37 38 33 22 29 29 21 3d 6e 75 6c 6c 3f 65 3a 6a 2e 66 6f 72 77 61 72 64 52 65 66 28 61 29 3b 67 5b 22 64 65 66 61 75 6c 74 22 5d 3d 66 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 67 65 74 47 65 6f 41 6e 64 43 6f 6d 65 74 4d 6f 64 61 6c 43 6f 6d 70 61 74 69 62 6c 65 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 72 65 74 75 72 6e 21 30 7d 66 5b 22 64 65 66 61 75 6c 74 22 5d 3d 61 7d 29 2c 36 36 29 3b 0a 5f 5f 64 28 22 43 6f 6d 65 74 56 69 73 75 61 6c 43 6f 6d 70 6c 65 74 69 6f 6e 22 2c 5b 22 70 65 72 66 6f 72 6d 61 6e 63 65 4e 6f 77 53 69 6e 63 65 41
                                                Data Ascii: f:b,children:d})};f=(e=b("cr:1011783"))!=null?e:j.forwardRef(a);g["default"]=f}),98);__d("getGeoAndCometModalCompatible",[],(function(a,b,c,d,e,f){"use strict";function a(){return!0}f["default"]=a}),66);__d("CometVisualCompletion",["performanceNowSinceA
                                                2024-07-03 13:47:03 UTC1500INData Raw: 63 6c 75 64 65 45 6c 65 6d 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 63 28 22 76 63 2d 74 72 61 63 6b 65 72 22 29 2e 67 65 74 43 75 72 72 65 6e 74 4e 61 76 69 67 61 74 69 6f 6e 56 43 54 72 61 63 65 28 29 3b 62 21 3d 6e 75 6c 6c 26 26 63 28 22 76 63 2d 74 72 61 63 6b 65 72 22 29 2e 67 65 74 4c 61 73 74 4e 61 76 69 67 61 74 69 6f 6e 56 43 52 65 70 6f 72 74 28 29 3d 3d 6e 75 6c 6c 26 26 62 2e 65 78 63 6c 75 64 65 45 6c 65 6d 65 6e 74 28 61 29 7d 2c 67 65 74 43 75 72 72 65 6e 74 4e 61 76 69 67 61 74 69 6f 6e 54 72 61 63 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 63 28 22 76 63 2d 74 72 61 63 6b 65 72 22 29 2e 67 65 74 43 75 72 72 65 6e 74 4e 61 76 69 67 61 74 69 6f 6e 56 43 54 72 61 63 65 28 29 3b 72 65 74 75 72 6e 20 61
                                                Data Ascii: cludeElement:function(a){var b=c("vc-tracker").getCurrentNavigationVCTrace();b!=null&&c("vc-tracker").getLastNavigationVCReport()==null&&b.excludeElement(a)},getCurrentNavigationTrace:function(){var a=c("vc-tracker").getCurrentNavigationVCTrace();return a
                                                2024-07-03 13:47:03 UTC1500INData Raw: 74 3d 6e 75 6c 6c 29 3b 61 2e 63 75 72 72 65 6e 74 3d 64 3b 69 66 28 64 29 7b 76 61 72 20 65 3d 63 28 22 43 6f 6d 65 74 56 69 73 75 61 6c 43 6f 6d 70 6c 65 74 69 6f 6e 22 29 2e 67 65 74 43 75 72 72 65 6e 74 4e 61 76 69 67 61 74 69 6f 6e 54 72 61 63 65 28 29 3b 65 26 26 28 62 2e 63 75 72 72 65 6e 74 3d 65 2e 61 64 64 4d 75 74 61 74 69 6f 6e 52 6f 6f 74 28 64 29 29 7d 7d 7d 2c 5b 5d 29 7d 67 5b 22 64 65 66 61 75 6c 74 22 5d 3d 61 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 42 61 73 65 43 6f 6d 65 74 4d 6f 64 61 6c 2e 72 65 61 63 74 22 2c 5b 22 42 61 73 65 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 41 6e 63 68 6f 72 52 6f 6f 74 2e 72 65 61 63 74 22 2c 22 42 61 73 65 44 6f 63 75 6d 65 6e 74 53 63 72 6f 6c 6c 56 69 65 77 2e 72 65 61 63 74 22 2c 22 42 61 73 65 48
                                                Data Ascii: t=null);a.current=d;if(d){var e=c("CometVisualCompletion").getCurrentNavigationTrace();e&&(b.current=e.addMutationRoot(d))}}},[])}g["default"]=a}),98);__d("BaseCometModal.react",["BaseContextualLayerAnchorRoot.react","BaseDocumentScrollView.react","BaseH
                                                2024-07-03 13:47:03 UTC1500INData Raw: 3d 3d 76 6f 69 64 20 30 3f 21 31 3a 72 3b 61 3d 61 2e 73 74 61 63 6b 69 6e 67 42 65 68 61 76 69 6f 72 3b 61 3d 61 3d 3d 3d 76 6f 69 64 20 30 3f 22 61 75 74 6f 22 3a 61 3b 76 61 72 20 73 3d 6b 28 63 28 22 48 69 64 64 65 6e 53 75 62 74 72 65 65 43 6f 6e 74 65 78 74 22 29 29 3b 73 3d 73 2e 68 69 64 64 65 6e 3b 76 61 72 20 74 3d 63 28 22 75 73 65 53 74 61 62 6c 65 22 29 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 70 21 3d 3d 76 6f 69 64 20 30 7d 29 2c 75 3d 63 28 22 75 73 65 43 6f 6d 65 74 56 69 73 75 61 6c 43 68 61 6e 67 65 54 72 61 63 6b 65 72 22 29 28 29 3b 71 3d 6a 2e 6a 73 78 73 28 6a 2e 46 72 61 67 6d 65 6e 74 2c 7b 63 68 69 6c 64 72 65 6e 3a 5b 6a 2e 6a 73 78 28 22 64 69 76 22 2c 7b 63 6c 61 73 73 4e 61 6d 65 3a 28 68 7c 7c 28 68 3d 63 28
                                                Data Ascii: ==void 0?!1:r;a=a.stackingBehavior;a=a===void 0?"auto":a;var s=k(c("HiddenSubtreeContext"));s=s.hidden;var t=c("useStable")(function(){return p!==void 0}),u=c("useCometVisualChangeTracker")();q=j.jsxs(j.Fragment,{children:[j.jsx("div",{className:(h||(h=c(
                                                2024-07-03 13:47:03 UTC910INData Raw: 63 28 22 73 74 79 6c 65 78 22 29 29 29 28 61 2c 76 29 2c 73 74 79 6c 65 3a 62 2c 63 68 69 6c 64 72 65 6e 3a 77 7d 29 7d 7d 29 3a 6a 2e 6a 73 78 28 63 28 22 42 61 73 65 50 6f 72 74 61 6c 2e 72 65 61 63 74 22 29 2c 7b 68 69 64 64 65 6e 3a 73 2c 78 73 74 79 6c 65 3a 76 2c 63 68 69 6c 64 72 65 6e 3a 77 7d 29 7d 61 2e 64 69 73 70 6c 61 79 4e 61 6d 65 3d 61 2e 6e 61 6d 65 2b 22 20 5b 66 72 6f 6d 20 22 2b 66 2e 69 64 2b 22 5d 22 3b 67 5b 22 64 65 66 61 75 6c 74 22 5d 3d 61 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 42 61 73 65 45 6e 74 72 79 50 6f 69 6e 74 50 6f 70 6f 76 65 72 43 6f 6e 74 61 69 6e 65 72 2e 72 65 61 63 74 22 2c 5b 22 43 6f 6d 65 74 52 65 6c 61 79 22 2c 22 72 65 61 63 74 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29
                                                Data Ascii: c("stylex")))(a,v),style:b,children:w})}}):j.jsx(c("BasePortal.react"),{hidden:s,xstyle:v,children:w})}a.displayName=a.name+" [from "+f.id+"]";g["default"]=a}),98);__d("BaseEntryPointPopoverContainer.react",["CometRelay","react"],(function(a,b,c,d,e,f,g)
                                                2024-07-03 13:47:03 UTC1500INData Raw: 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 42 61 73 65 50 6f 70 6f 76 65 72 4c 61 79 65 72 56 69 73 69 62 69 6c 69 74 79 2e 72 65 61 63 74 22 2c 5b 22 48 69 64 64 65 6e 53 75 62 74 72 65 65 50 61 73 73 69 76 65 43 6f 6e 74 65 78 74 22 2c 22 65 6d 70 74 79 46 75 6e 63 74 69 6f 6e 22 2c 22 72 65 61 63 74 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 68 3b 68 7c 7c 28 68 3d 64 28 22 72 65 61 63 74 22 29 29 3b 62 3d 68 3b 76 61 72 20 69 3d 62 2e 75 73 65 43 6f 6e 74 65 78 74 2c 6a 3d 62 2e 75 73 65 45 66 66 65 63 74 2c 6b 3d 62 2e 75 73 65 52 65 66 3b 66 75 6e 63 74 69 6f 6e 20 61 28 61 29 7b 76 61 72 20 62 3d 61 2e 63 68 69 6c 64 72 65 6e 3b 61 3d 61 2e 6f 6e 4c 61 79 65 72 44
                                                Data Ascii: ),98);__d("BasePopoverLayerVisibility.react",["HiddenSubtreePassiveContext","emptyFunction","react"],(function(a,b,c,d,e,f,g){"use strict";var h;h||(h=d("react"));b=h;var i=b.useContext,j=b.useEffect,k=b.useRef;function a(a){var b=a.children;a=a.onLayerD


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                8192.168.2.54972823.43.61.160443
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:04 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                Connection: Keep-Alive
                                                Accept: */*
                                                Accept-Encoding: identity
                                                User-Agent: Microsoft BITS/7.8
                                                Host: fs.microsoft.com
                                                2024-07-03 13:47:04 UTC466INHTTP/1.1 200 OK
                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                Content-Type: application/octet-stream
                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                Server: ECAcc (lpl/EF06)
                                                X-CID: 11
                                                X-Ms-ApiVersion: Distribute 1.2
                                                X-Ms-Region: prod-neu-z1
                                                Cache-Control: public, max-age=94932
                                                Date: Wed, 03 Jul 2024 13:47:04 GMT
                                                Connection: close
                                                X-CID: 2


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                9192.168.2.549731157.240.0.64432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:04 UTC610OUTGET /rsrc.php/v3iXK94/yt/l/en_GB/gfOaPYbADeK.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                Host: static.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                Origin: https://www.facebook.com
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: script
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:05 UTC1986INHTTP/1.1 200 OK
                                                Content-Type: application/x-javascript; charset=utf-8
                                                Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                content-md5: YJz0JNVTirCKzmOHhzi6aA==
                                                Expires: Wed, 02 Jul 2025 07:52:30 GMT
                                                Cache-Control: public,max-age=31536000,immutable
                                                reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                timing-allow-origin: *
                                                document-policy: force-load-at-top
                                                permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                cross-origin-resource-policy: cross-origin
                                                X-Content-Type-Options: nosniff
                                                report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                origin-agent-cluster: ?0
                                                X-FB-Debug: k691HX9DvEKNopf8GFtboqsoSadWkL6oDRqETgXq9Zma06ALbWoV4ztJ4oispAHAo6UK6qSnY11TpKgzY7eK8w==
                                                Date: Wed, 03 Jul 2024 13:47:05 GMT
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: MODERATE; q=0.3, rtt=205, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 71541
                                                2024-07-03 13:47:05 UTC1INData Raw: 3b
                                                Data Ascii: ;
                                                2024-07-03 13:47:05 UTC15823INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 42 61 64 67 65 43 68 65 63 6b 6d 61 72 6b 46 69 6c 6c 65 64 31 32 2e 73 76 67 2e 72 65 61 63 74 22 2c 5b 22 72 65 61 63 74 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 68 2c 69 3d 68 7c 7c 64 28 22 72 65 61 63 74 22 29 3b 66 75 6e 63 74 69 6f 6e 20 61 28 61 29 7b 72 65 74 75 72 6e 20 69 2e 6a 73 78 73 28 22 73 76 67 22 2c 62 61 62 65 6c 48 65 6c 70 65 72 73 5b 22 65 78 74 65 6e 64 73 22 5d 28 7b 76 69 65 77 42 6f 78 3a 22 30 20 30 20 31 32 20 31 33 22 2c 77 69 64 74 68 3a 22 31 65 6d 22 2c 68 65 69 67 68 74 3a 22 31 65 6d 22 2c 66 69 6c 6c 3a 22 63 75 72 72 65 6e 74 43 6f 6c 6f 72 22 7d 2c 61 2c 7b
                                                Data Ascii: /*FB_PKG_DELIM*/__d("BadgeCheckmarkFilled12.svg.react",["react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||d("react");function a(a){return i.jsxs("svg",babelHelpers["extends"]({viewBox:"0 0 12 13",width:"1em",height:"1em",fill:"currentColor"},a,{
                                                2024-07-03 13:47:05 UTC16384INData Raw: 69 6f 6e 5f 73 74 61 72 74 5f 74 69 6d 65 2b 69 3c 44 61 74 65 2e 6e 6f 77 28 29 3f 6e 75 6c 6c 3a 61 7d 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 76 61 72 20 61 3d 6a 28 29 3b 72 65 74 75 72 6e 21 61 3f 6e 75 6c 6c 3a 7b 64 6f 77 6e 73 74 72 65 61 6d 5f 73 68 61 72 65 5f 73 65 73 73 69 6f 6e 5f 69 64 3a 61 3d 3d 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 61 2e 64 6f 77 6e 73 74 72 65 61 6d 5f 73 68 61 72 65 5f 73 65 73 73 69 6f 6e 5f 69 64 2c 64 6f 77 6e 73 74 72 65 61 6d 5f 73 68 61 72 65 5f 73 65 73 73 69 6f 6e 5f 6f 72 69 67 69 6e 5f 75 72 69 3a 61 3d 3d 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 61 2e 64 6f 77 6e 73 74 72 65 61 6d 5f 73 68 61 72 65 5f 73 65 73 73 69 6f 6e 5f 6f 72 69 67 69 6e 5f 75 72 69 2c 64 6f 77 6e 73 74 72 65 61 6d 5f 73 68 61 72 65 5f 73 65 73
                                                Data Ascii: ion_start_time+i<Date.now()?null:a}function a(){var a=j();return!a?null:{downstream_share_session_id:a==null?void 0:a.downstream_share_session_id,downstream_share_session_origin_uri:a==null?void 0:a.downstream_share_session_origin_uri,downstream_share_ses
                                                2024-07-03 13:47:05 UTC16384INData Raw: 7b 22 61 72 69 61 2d 68 69 64 64 65 6e 22 3a 21 30 2c 63 6c 61 73 73 4e 61 6d 65 3a 28 68 7c 7c 28 68 3d 63 28 22 73 74 79 6c 65 78 22 29 29 29 28 64 29 2c 68 65 69 67 68 74 3a 22 31 32 70 78 22 2c 76 69 65 77 42 6f 78 3a 22 30 20 30 20 32 31 20 31 32 22 2c 77 69 64 74 68 3a 22 32 31 70 78 22 7d 2c 61 2c 7b 63 68 69 6c 64 72 65 6e 3a 5b 61 2e 74 69 74 6c 65 21 3d 6e 75 6c 6c 26 26 6a 2e 6a 73 78 28 22 74 69 74 6c 65 22 2c 7b 63 68 69 6c 64 72 65 6e 3a 61 2e 74 69 74 6c 65 7d 29 2c 62 21 3d 6e 75 6c 6c 26 26 6a 2e 6a 73 78 28 22 64 65 66 73 22 2c 7b 63 68 69 6c 64 72 65 6e 3a 62 7d 29 2c 6a 2e 6a 73 78 28 22 70 61 74 68 22 2c 7b 64 3a 22 4d 32 30 2e 36 38 35 2e 31 32 63 2d 32 2e 32 32 39 2e 34 32 34 2d 34 2e 32 37 38 20 31 2e 39 31 34 2d 36 2e 31 38 31 20
                                                Data Ascii: {"aria-hidden":!0,className:(h||(h=c("stylex")))(d),height:"12px",viewBox:"0 0 21 12",width:"21px"},a,{children:[a.title!=null&&j.jsx("title",{children:a.title}),b!=null&&j.jsx("defs",{children:b}),j.jsx("path",{d:"M20.685.12c-2.229.424-4.278 1.914-6.181
                                                2024-07-03 13:47:05 UTC16384INData Raw: 2c 64 29 2c 53 28 22 65 76 65 6e 74 2e 75 70 6c 6f 61 64 65 64 22 2c 64 29 29 3a 53 28 22 65 76 65 6e 74 2e 6e 6f 6e 5f 63 72 69 74 69 63 61 6c 5f 66 61 69 6c 75 72 65 2e 73 74 72 65 61 6d 69 6e 67 2e 61 63 6b 5f 66 61 69 6c 65 64 22 2c 64 29 2c 62 28 61 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 53 28 22 65 76 65 6e 74 2e 6e 6f 6e 5f 63 72 69 74 69 63 61 6c 5f 66 61 69 6c 75 72 65 2e 73 74 72 65 61 6d 69 6e 67 2e 61 63 6b 5f 72 65 6a 65 63 74 65 64 22 2c 64 29 2c 62 28 21 31 29 7d 29 3a 28 61 2e 61 6d 65 6e 64 57 69 74 68 6f 75 74 41 63 6b 28 65 29 2c 53 28 22 65 76 65 6e 74 2e 73 74 72 65 61 6d 65 64 2e 77 69 74 68 6f 75 74 5f 61 63 6b 22 2c 64 29 2c 53 28 22 65 76 65 6e 74 2e 75 70 6c 6f 61 64 65 64 22 2c 64 29 29 3a 28 53 28 22 65 76 65 6e 74 2e 6e 6f
                                                Data Ascii: ,d),S("event.uploaded",d)):S("event.non_critical_failure.streaming.ack_failed",d),b(a)},function(){S("event.non_critical_failure.streaming.ack_rejected",d),b(!1)}):(a.amendWithoutAck(e),S("event.streamed.without_ack",d),S("event.uploaded",d)):(S("event.no
                                                2024-07-03 13:47:05 UTC1500INData Raw: 44 3a 61 2e 70 6f 72 74 61 62 6c 65 50 6c 61 63 65 49 44 2c 76 69 64 65 6f 50 69 78 65 6c 73 41 73 70 65 63 74 52 61 74 69 6f 3a 28 62 3d 61 2e 63 6f 72 65 56 69 64 65 6f 50 6c 61 79 65 72 4d 65 74 61 44 61 74 61 2e 76 69 64 65 6f 50 69 78 65 6c 73 41 73 70 65 63 74 52 61 74 69 6f 29 21 3d 6e 75 6c 6c 3f 62 3a 6e 75 6c 6c 7d 29 2c 61 2e 70 6f 72 74 61 62 6c 65 50 6c 61 63 65 43 6f 6e 74 61 69 6e 65 72 29 7d 29 5d 7d 29 7d 61 2e 64 69 73 70 6c 61 79 4e 61 6d 65 3d 61 2e 6e 61 6d 65 2b 22 20 5b 66 72 6f 6d 20 22 2b 66 2e 69 64 2b 22 5d 22 3b 67 5b 22 64 65 66 61 75 6c 74 22 5d 3d 61 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 47 6c 6f 62 61 6c 56 69 64 65 6f 50 6f 72 74 73 49 6d 70 6c 2e 72 65 61 63 74 22 2c 5b 22 43 6f 6d 65 74 45 72 72 6f 72 42 6f 75 6e 64 61
                                                Data Ascii: D:a.portablePlaceID,videoPixelsAspectRatio:(b=a.coreVideoPlayerMetaData.videoPixelsAspectRatio)!=null?b:null}),a.portablePlaceContainer)})]})}a.displayName=a.name+" [from "+f.id+"]";g["default"]=a}),98);__d("GlobalVideoPortsImpl.react",["CometErrorBounda
                                                2024-07-03 13:47:05 UTC5065INData Raw: 6f 64 61 6c 51 75 65 72 79 22 2c 6f 70 65 72 61 74 69 6f 6e 4b 69 6e 64 3a 22 71 75 65 72 79 22 2c 74 65 78 74 3a 6e 75 6c 6c 7d 7d 3b 65 2e 65 78 70 6f 72 74 73 3d 61 7d 29 2c 6e 75 6c 6c 29 3b 0a 5f 5f 64 28 22 47 72 6f 75 70 73 43 6f 6d 65 74 41 6e 73 77 65 72 41 67 65 6e 74 45 64 75 63 61 74 69 6f 6e 4d 6f 64 61 6c 2e 65 6e 74 72 79 70 6f 69 6e 74 22 2c 5b 22 47 72 6f 75 70 73 43 6f 6d 65 74 41 6e 73 77 65 72 41 67 65 6e 74 45 64 75 63 61 74 69 6f 6e 4d 6f 64 61 6c 51 75 65 72 79 24 50 61 72 61 6d 65 74 65 72 73 22 2c 22 4a 53 52 65 73 6f 75 72 63 65 46 6f 72 49 6e 74 65 72 61 63 74 69 6f 6e 22 2c 22 57 65 62 50 69 78 65 6c 52 61 74 69 6f 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63
                                                Data Ascii: odalQuery",operationKind:"query",text:null}};e.exports=a}),null);__d("GroupsCometAnswerAgentEducationModal.entrypoint",["GroupsCometAnswerAgentEducationModalQuery$Parameters","JSResourceForInteraction","WebPixelRatio"],(function(a,b,c,d,e,f,g){"use stric


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                10192.168.2.549730157.240.0.64432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:04 UTC599OUTGET /rsrc.php/v3/y0/r/bwjcpfdLfwR.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                Host: static.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                Origin: https://www.facebook.com
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: script
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:05 UTC1956INHTTP/1.1 200 OK
                                                Content-Type: application/x-javascript; charset=utf-8
                                                Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                content-md5: opvk/9B7bUAm5XgkVUEdgQ==
                                                Expires: Mon, 30 Jun 2025 18:01:50 GMT
                                                Cache-Control: public,max-age=31536000,immutable
                                                reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                timing-allow-origin: *
                                                document-policy: force-load-at-top
                                                permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                cross-origin-resource-policy: cross-origin
                                                X-Content-Type-Options: nosniff
                                                report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                X-FB-Debug: SjEXXM+/rKvUcMdpF0P83PDx2wXwb2lca7rS4HOeS4vk1B5YVmLzwlD5lsW1Sajbj0TPCMVdNXlKVoFUGMUNNA==
                                                Date: Wed, 03 Jul 2024 13:47:05 GMT
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: GOOD; q=0.7, rtt=102, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 21776
                                                2024-07-03 13:47:05 UTC1INData Raw: 3b
                                                Data Ascii: ;
                                                2024-07-03 13:47:05 UTC15860INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 46 44 53 55 6e 69 74 48 65 61 64 65 72 2e 72 65 61 63 74 22 2c 5b 22 42 61 73 65 56 69 65 77 2e 72 65 61 63 74 22 2c 22 43 6f 6d 65 74 43 6f 6c 75 6d 6e 2e 72 65 61 63 74 22 2c 22 43 6f 6d 65 74 43 6f 6c 75 6d 6e 49 74 65 6d 2e 72 65 61 63 74 22 2c 22 43 6f 6d 65 74 46 6f 63 75 73 54 61 62 6c 65 43 6f 6e 74 65 78 74 22 2c 22 43 6f 6d 65 74 50 72 65 73 73 61 62 6c 65 2e 72 65 61 63 74 22 2c 22 46 44 53 49 63 6f 6e 2e 72 65 61 63 74 22 2c 22 46 44 53 54 65 78 74 50 61 69 72 69 6e 67 2e 72 65 61 63 74 22 2c 22 49 63 6f 6e 53 6f 75 72 63 65 22 2c 22 53 56 47 49 63 6f 6e 22 2c 22 54 65 74 72 61 54 65 78 74 2e 72 65 61 63 74 22 2c 22 72 65 61 63 74 22 2c 22 72 65 61 63 74 2d 73 74 72 69 63 74
                                                Data Ascii: /*FB_PKG_DELIM*/__d("FDSUnitHeader.react",["BaseView.react","CometColumn.react","CometColumnItem.react","CometFocusTableContext","CometPressable.react","FDSIcon.react","FDSTextPairing.react","IconSource","SVGIcon","TetraText.react","react","react-strict
                                                2024-07-03 13:47:05 UTC5915INData Raw: 6f 6e 74 65 78 74 73 22 29 29 29 2e 4c 6f 6f 70 43 75 72 72 65 6e 74 43 6f 6e 74 65 78 74 29 7d 66 75 6e 63 74 69 6f 6e 20 57 28 29 7b 72 65 74 75 72 6e 20 6b 28 28 69 7c 7c 28 69 3d 64 28 22 56 69 64 65 6f 50 6c 61 79 65 72 43 6f 6e 74 65 78 74 73 22 29 29 29 2e 4c 6f 6f 70 43 6f 75 6e 74 43 6f 6e 74 65 78 74 29 7d 66 75 6e 63 74 69 6f 6e 20 73 61 28 29 7b 72 65 74 75 72 6e 20 6b 28 28 69 7c 7c 28 69 3d 64 28 22 56 69 64 65 6f 50 6c 61 79 65 72 43 6f 6e 74 65 78 74 73 22 29 29 29 2e 49 6e 62 61 6e 64 43 61 70 74 69 6f 6e 73 41 75 74 6f 67 65 6e 65 72 61 74 65 64 43 6f 6e 74 65 78 74 29 7d 66 75 6e 63 74 69 6f 6e 20 74 61 28 29 7b 72 65 74 75 72 6e 20 6b 28 28 69 7c 7c 28 69 3d 64 28 22 56 69 64 65 6f 50 6c 61 79 65 72 43 6f 6e 74 65 78 74 73 22 29 29 29
                                                Data Ascii: ontexts"))).LoopCurrentContext)}function W(){return k((i||(i=d("VideoPlayerContexts"))).LoopCountContext)}function sa(){return k((i||(i=d("VideoPlayerContexts"))).InbandCaptionsAutogeneratedContext)}function ta(){return k((i||(i=d("VideoPlayerContexts")))


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                11192.168.2.549732157.240.0.64432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:05 UTC665OUTGET /rsrc.php/v3/y1/r/VVfVcgNse_k7OBycsxKTmL-41uF-jEkcBzg4GbaorIyr8O0FwF42MYvlh6jit1ncqcXDV2hji4yzQ.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                Host: static.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                Origin: https://www.facebook.com
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: script
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:05 UTC1960INHTTP/1.1 200 OK
                                                Content-Type: application/x-javascript; charset=utf-8
                                                Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                content-md5: qhrsqfntexXoE8hiZQnPew==
                                                Expires: Thu, 03 Jul 2025 08:29:02 GMT
                                                Cache-Control: public,max-age=31536000,immutable
                                                reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                timing-allow-origin: *
                                                document-policy: force-load-at-top
                                                permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                cross-origin-resource-policy: cross-origin
                                                X-Content-Type-Options: nosniff
                                                report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                X-FB-Debug: d5gdFoWKhaGamO08hfoHWrt+DvagnvdgNO1ViMT2RngheD7eb+NNp8RMMOsc/DdHb7NEyfZfxNh3OYDXMcBBnA==
                                                Date: Wed, 03 Jul 2024 13:47:05 GMT
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: MODERATE; q=0.3, rtt=162, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 36762
                                                2024-07-03 13:47:05 UTC1INData Raw: 3b
                                                Data Ascii: ;
                                                2024-07-03 13:47:05 UTC15794INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 43 6f 6d 65 74 48 6f 76 65 72 63 61 72 64 51 75 65 72 79 52 65 6e 64 65 72 65 72 51 75 65 72 79 24 50 61 72 61 6d 65 74 65 72 73 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 61 3d 7b 6b 69 6e 64 3a 22 50 72 65 6c 6f 61 64 61 62 6c 65 43 6f 6e 63 72 65 74 65 52 65 71 75 65 73 74 22 2c 70 61 72 61 6d 73 3a 7b 69 64 3a 22 37 32 35 37 37 39 33 34 32 30 39 39 31 38 30 32 22 2c 6d 65 74 61 64 61 74 61 3a 7b 7d 2c 6e 61 6d 65 3a 22 43 6f 6d 65 74 48 6f 76 65 72 63 61 72 64 51 75 65 72 79 52 65 6e 64 65 72 65 72 51 75 65 72 79 22 2c 6f 70 65 72 61 74 69 6f 6e 4b 69 6e 64 3a 22 71 75 65 72 79 22 2c 74 65 78 74 3a 6e 75
                                                Data Ascii: /*FB_PKG_DELIM*/__d("CometHovercardQueryRendererQuery$Parameters",[],(function(a,b,c,d,e,f){"use strict";a={kind:"PreloadableConcreteRequest",params:{id:"7257793420991802",metadata:{},name:"CometHovercardQueryRendererQuery",operationKind:"query",text:nu
                                                2024-07-03 13:47:05 UTC16384INData Raw: 7c 61 3e 3d 39 32 30 38 26 26 61 3c 3d 39 32 31 30 7c 7c 61 3d 3d 3d 39 34 31 30 7c 7c 61 3e 3d 39 36 34 32 26 26 61 3c 3d 39 36 34 33 7c 7c 61 3d 3d 3d 39 36 35 34 7c 7c 61 3d 3d 3d 39 36 36 34 7c 7c 61 3e 3d 39 37 32 33 26 26 61 3c 3d 39 37 32 36 7c 7c 61 3e 3d 39 37 32 38 26 26 61 3c 3d 39 37 33 32 7c 7c 61 3d 3d 3d 39 37 34 32 7c 7c 61 3d 3d 3d 39 37 34 35 7c 7c 61 3e 3d 39 37 34 38 26 26 61 3c 3d 39 37 34 39 7c 7c 61 3d 3d 3d 39 37 35 32 7c 7c 61 3d 3d 3d 39 37 36 30 7c 7c 61 3e 3d 39 37 36 32 26 26 61 3c 3d 39 37 36 33 7c 7c 61 3d 3d 3d 39 37 36 36 7c 7c 61 3d 3d 3d 39 37 37 30 7c 7c 61 3e 3d 39 37 37 34 26 26 61 3c 3d 39 37 37 35 7c 7c 61 3e 3d 39 37 38 34 26 26 61 3c 3d 39 37 38 36 7c 7c 61 3d 3d 3d 39 37 39 32 7c 7c 61 3d 3d 3d 39 37 39 34 7c 7c
                                                Data Ascii: |a>=9208&&a<=9210||a===9410||a>=9642&&a<=9643||a===9654||a===9664||a>=9723&&a<=9726||a>=9728&&a<=9732||a===9742||a===9745||a>=9748&&a<=9749||a===9752||a===9760||a>=9762&&a<=9763||a===9766||a===9770||a>=9774&&a<=9775||a>=9784&&a<=9786||a===9792||a===9794||
                                                2024-07-03 13:47:05 UTC4583INData Raw: 2e 63 75 72 72 65 6e 74 3d 6e 75 6c 6c 7d 7d 65 6c 73 65 20 66 2e 63 75 72 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 28 68 28 21 31 29 2c 63 28 22 63 6c 65 61 72 54 69 6d 65 6f 75 74 22 29 28 66 2e 63 75 72 72 65 6e 74 29 2c 66 2e 63 75 72 72 65 6e 74 3d 6e 75 6c 6c 29 3b 65 2e 63 75 72 72 65 6e 74 3d 64 7d 2c 5b 62 2c 64 2c 65 5d 29 3b 72 65 74 75 72 6e 7b 69 73 50 65 6e 64 69 6e 67 3a 67 7d 7d 67 5b 22 64 65 66 61 75 6c 74 22 5d 3d 61 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 42 61 73 65 54 6f 6f 6c 74 69 70 49 6d 70 6c 2e 72 65 61 63 74 22 2c 5b 22 42 61 73 65 43 6f 6e 74 65 78 74 75 61 6c 4c 61 79 65 72 2e 72 65 61 63 74 22 2c 22 42 61 73 65 54 6f 6f 6c 74 69 70 43 6f 6e 74 61 69 6e 65 72 2e 72 65 61 63 74 22 2c 22 43 6f 6d 65 74 48 65 72 6f 49 6e 74 65 72 61
                                                Data Ascii: .current=null}}else f.current!=null&&(h(!1),c("clearTimeout")(f.current),f.current=null);e.current=d},[b,d,e]);return{isPending:g}}g["default"]=a}),98);__d("BaseTooltipImpl.react",["BaseContextualLayer.react","BaseTooltipContainer.react","CometHeroIntera


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                12192.168.2.549733157.240.0.64432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:05 UTC610OUTGET /rsrc.php/v3i19e4/y7/l/en_GB/g25nMFNsm6P.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                Host: static.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                Origin: https://www.facebook.com
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: script
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:05 UTC1957INHTTP/1.1 200 OK
                                                Content-Type: application/x-javascript; charset=utf-8
                                                Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                content-md5: 5GMUuw4bxgXsxLEJiE3Few==
                                                Expires: Tue, 01 Jul 2025 21:55:42 GMT
                                                Cache-Control: public,max-age=31536000,immutable
                                                reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                timing-allow-origin: *
                                                document-policy: force-load-at-top
                                                permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                cross-origin-resource-policy: cross-origin
                                                X-Content-Type-Options: nosniff
                                                report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                X-FB-Debug: cFRTm8scy0f9YlsDlE5xoq64UTXN/LIRvOHFHsha/XLdFmcqu/fVNKBvwjd2mEviLwCZRIVTAUiQHdETWdTKOQ==
                                                Date: Wed, 03 Jul 2024 13:47:05 GMT
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: GOOD; q=0.7, rtt=99, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=11, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 133457
                                                2024-07-03 13:47:05 UTC1INData Raw: 3b
                                                Data Ascii: ;
                                                2024-07-03 13:47:05 UTC15849INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 42 61 73 65 54 65 78 74 57 69 74 68 49 63 6f 6e 2e 72 65 61 63 74 22 2c 5b 22 42 61 73 65 4e 6f 6e 42 72 65 61 6b 69 6e 67 53 70 61 63 65 2e 72 65 61 63 74 22 2c 22 42 61 73 65 56 69 65 77 2e 72 65 61 63 74 22 2c 22 72 65 61 63 74 22 2c 22 72 65 61 63 74 2d 73 74 72 69 63 74 2d 64 6f 6d 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 68 2c 69 3d 68 7c 7c 64 28 22 72 65 61 63 74 22 29 2c 6a 3d 7b 69 63 6f 6e 3a 7b 61 6c 69 67 6e 49 74 65 6d 73 3a 22 78 36 73 30 64 6e 34 22 2c 64 69 73 70 6c 61 79 3a 22 78 33 6e 66 76 70 32 22 2c 76 65 72 74 69 63 61 6c 41 6c 69 67 6e 3a 22 78 78 79 6d 76 70 7a 22 2c 24
                                                Data Ascii: /*FB_PKG_DELIM*/__d("BaseTextWithIcon.react",["BaseNonBreakingSpace.react","BaseView.react","react","react-strict-dom"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||d("react"),j={icon:{alignItems:"x6s0dn4",display:"x3nfvp2",verticalAlign:"xxymvpz",$
                                                2024-07-03 13:47:05 UTC16384INData Raw: 33 66 64 22 3a 31 2c 22 31 66 34 34 61 5f 31 66 33 66 65 22 3a 31 2c 22 31 66 34 34 61 5f 31 66 33 66 66 22 3a 31 2c 22 31 66 34 34 62 22 3a 31 2c 22 31 66 34 34 62 5f 31 66 33 66 62 22 3a 31 2c 22 31 66 34 34 62 5f 31 66 33 66 63 22 3a 31 2c 22 31 66 34 34 62 5f 31 66 33 66 64 22 3a 31 2c 22 31 66 34 34 62 5f 31 66 33 66 65 22 3a 31 2c 22 31 66 34 34 62 5f 31 66 33 66 66 22 3a 31 2c 22 31 66 34 34 63 22 3a 31 2c 22 31 66 34 34 63 5f 31 66 33 66 62 22 3a 31 2c 22 31 66 34 34 63 5f 31 66 33 66 63 22 3a 31 2c 22 31 66 34 34 63 5f 31 66 33 66 64 22 3a 31 2c 22 31 66 34 34 63 5f 31 66 33 66 65 22 3a 31 2c 22 31 66 34 34 63 5f 31 66 33 66 66 22 3a 31 2c 22 31 66 34 34 64 22 3a 31 2c 22 31 66 34 34 64 5f 31 66 33 66 62 22 3a 31 2c 22 31 66 34 34 64 5f 31 66 33
                                                Data Ascii: 3fd":1,"1f44a_1f3fe":1,"1f44a_1f3ff":1,"1f44b":1,"1f44b_1f3fb":1,"1f44b_1f3fc":1,"1f44b_1f3fd":1,"1f44b_1f3fe":1,"1f44b_1f3ff":1,"1f44c":1,"1f44c_1f3fb":1,"1f44c_1f3fc":1,"1f44c_1f3fd":1,"1f44c_1f3fe":1,"1f44c_1f3ff":1,"1f44d":1,"1f44d_1f3fb":1,"1f44d_1f3
                                                2024-07-03 13:47:06 UTC16384INData Raw: 22 31 66 34 37 66 22 3a 31 2c 22 31 66 34 38 30 22 3a 31 2c 22 31 66 34 38 31 5f 31 66 33 66 62 5f 32 30 30 64 5f 32 36 34 30 22 3a 31 2c 22 31 66 34 38 31 5f 31 66 33 66 62 5f 32 30 30 64 5f 32 36 34 32 22 3a 31 2c 22 31 66 34 38 31 5f 31 66 33 66 63 5f 32 30 30 64 5f 32 36 34 30 22 3a 31 2c 22 31 66 34 38 31 5f 31 66 33 66 63 5f 32 30 30 64 5f 32 36 34 32 22 3a 31 2c 22 31 66 34 38 31 5f 31 66 33 66 64 5f 32 30 30 64 5f 32 36 34 30 22 3a 31 2c 22 31 66 34 38 31 5f 31 66 33 66 64 5f 32 30 30 64 5f 32 36 34 32 22 3a 31 2c 22 31 66 34 38 31 5f 31 66 33 66 65 5f 32 30 30 64 5f 32 36 34 30 22 3a 31 2c 22 31 66 34 38 31 5f 31 66 33 66 65 5f 32 30 30 64 5f 32 36 34 32 22 3a 31 2c 22 31 66 34 38 31 5f 31 66 33 66 66 5f 32 30 30 64 5f 32 36 34 30 22 3a 31 2c 22
                                                Data Ascii: "1f47f":1,"1f480":1,"1f481_1f3fb_200d_2640":1,"1f481_1f3fb_200d_2642":1,"1f481_1f3fc_200d_2640":1,"1f481_1f3fc_200d_2642":1,"1f481_1f3fd_200d_2640":1,"1f481_1f3fd_200d_2642":1,"1f481_1f3fe_200d_2640":1,"1f481_1f3fe_200d_2642":1,"1f481_1f3ff_200d_2640":1,"
                                                2024-07-03 13:47:06 UTC16384INData Raw: 64 5f 32 36 34 30 22 3a 31 2c 22 31 66 39 64 63 5f 31 66 33 66 66 5f 32 30 30 64 5f 32 36 34 32 22 3a 31 2c 22 31 66 39 64 63 5f 32 30 30 64 5f 32 36 34 30 22 3a 31 2c 22 31 66 39 64 63 5f 32 30 30 64 5f 32 36 34 32 22 3a 31 2c 22 31 66 39 64 64 22 3a 31 2c 22 31 66 39 64 64 5f 31 66 33 66 62 22 3a 31 2c 22 31 66 39 64 64 5f 31 66 33 66 62 5f 32 30 30 64 5f 32 36 34 30 22 3a 31 2c 22 31 66 39 64 64 5f 31 66 33 66 62 5f 32 30 30 64 5f 32 36 34 32 22 3a 31 2c 22 31 66 39 64 64 5f 31 66 33 66 63 22 3a 31 2c 22 31 66 39 64 64 5f 31 66 33 66 63 5f 32 30 30 64 5f 32 36 34 30 22 3a 31 2c 22 31 66 39 64 64 5f 31 66 33 66 63 5f 32 30 30 64 5f 32 36 34 32 22 3a 31 2c 22 31 66 39 64 64 5f 31 66 33 66 64 22 3a 31 2c 22 31 66 39 64 64 5f 31 66 33 66 64 5f 32 30 30 64
                                                Data Ascii: d_2640":1,"1f9dc_1f3ff_200d_2642":1,"1f9dc_200d_2640":1,"1f9dc_200d_2642":1,"1f9dd":1,"1f9dd_1f3fb":1,"1f9dd_1f3fb_200d_2640":1,"1f9dd_1f3fb_200d_2642":1,"1f9dd_1f3fc":1,"1f9dd_1f3fc_200d_2640":1,"1f9dd_1f3fc_200d_2642":1,"1f9dd_1f3fd":1,"1f9dd_1f3fd_200d
                                                2024-07-03 13:47:06 UTC1500INData Raw: 66 34 36 39 5f 31 66 33 66 66 5f 32 30 30 64 5f 32 37 36 34 5f 32 30 30 64 5f 31 66 34 36 39 5f 31 66 33 66 63 22 3a 31 2c 22 31 66 34 36 39 5f 31 66 33 66 66 5f 32 30 30 64 5f 32 37 36 34 5f 32 30 30 64 5f 31 66 34 36 39 5f 31 66 33 66 64 22 3a 31 2c 22 31 66 34 36 39 5f 31 66 33 66 66 5f 32 30 30 64 5f 32 37 36 34 5f 32 30 30 64 5f 31 66 34 36 39 5f 31 66 33 66 65 22 3a 31 2c 22 31 66 34 36 39 5f 31 66 33 66 66 5f 32 30 30 64 5f 32 37 36 34 5f 32 30 30 64 5f 31 66 34 36 39 5f 31 66 33 66 66 22 3a 31 2c 22 31 66 34 36 39 5f 31 66 33 66 66 5f 32 30 30 64 5f 32 37 36 34 5f 32 30 30 64 5f 31 66 34 38 62 5f 32 30 30 64 5f 31 66 33 66 66 5f 31 66 34 36 38 22 3a 31 2c 22 31 66 34 36 39 5f 31 66 33 66 66 5f 32 30 30 64 5f 32 37 36 34 5f 32 30 30 64 5f 31 66 34
                                                Data Ascii: f469_1f3ff_200d_2764_200d_1f469_1f3fc":1,"1f469_1f3ff_200d_2764_200d_1f469_1f3fd":1,"1f469_1f3ff_200d_2764_200d_1f469_1f3fe":1,"1f469_1f3ff_200d_2764_200d_1f469_1f3ff":1,"1f469_1f3ff_200d_2764_200d_1f48b_200d_1f3ff_1f468":1,"1f469_1f3ff_200d_2764_200d_1f4
                                                2024-07-03 13:47:06 UTC14884INData Raw: 31 2c 22 31 66 34 37 31 5f 31 66 33 66 63 22 3a 31 2c 22 31 66 34 37 31 5f 31 66 33 66 64 22 3a 31 2c 22 31 66 34 37 31 5f 31 66 33 66 65 22 3a 31 2c 22 31 66 34 37 31 5f 31 66 33 66 66 22 3a 31 2c 22 31 66 34 37 33 22 3a 31 2c 22 31 66 34 37 33 5f 31 66 33 66 62 22 3a 31 2c 22 31 66 34 37 33 5f 31 66 33 66 63 22 3a 31 2c 22 31 66 34 37 33 5f 31 66 33 66 64 22 3a 31 2c 22 31 66 34 37 33 5f 31 66 33 66 65 22 3a 31 2c 22 31 66 34 37 33 5f 31 66 33 66 66 22 3a 31 2c 22 31 66 34 37 37 22 3a 31 2c 22 31 66 34 37 37 5f 31 66 33 66 62 22 3a 31 2c 22 31 66 34 37 37 5f 31 66 33 66 63 22 3a 31 2c 22 31 66 34 37 37 5f 31 66 33 66 64 22 3a 31 2c 22 31 66 34 37 37 5f 31 66 33 66 65 22 3a 31 2c 22 31 66 34 37 37 5f 31 66 33 66 66 22 3a 31 2c 22 31 66 34 38 31 22 3a 31
                                                Data Ascii: 1,"1f471_1f3fc":1,"1f471_1f3fd":1,"1f471_1f3fe":1,"1f471_1f3ff":1,"1f473":1,"1f473_1f3fb":1,"1f473_1f3fc":1,"1f473_1f3fd":1,"1f473_1f3fe":1,"1f473_1f3ff":1,"1f477":1,"1f477_1f3fb":1,"1f477_1f3fc":1,"1f477_1f3fd":1,"1f477_1f3fe":1,"1f477_1f3ff":1,"1f481":1
                                                2024-07-03 13:47:06 UTC16384INData Raw: 31 66 61 37 63 22 3a 31 2c 22 31 66 61 38 30 22 3a 31 2c 22 31 66 61 38 31 22 3a 31 2c 22 31 66 61 38 32 22 3a 31 2c 22 31 66 61 38 33 22 3a 31 2c 22 31 66 61 38 34 22 3a 31 2c 22 31 66 61 38 35 22 3a 31 2c 22 31 66 61 38 36 22 3a 31 2c 22 31 66 61 38 37 22 3a 31 2c 22 31 66 61 38 38 22 3a 31 2c 22 31 66 61 39 30 22 3a 31 2c 22 31 66 61 39 31 22 3a 31 2c 22 31 66 61 39 32 22 3a 31 2c 22 31 66 61 39 33 22 3a 31 2c 22 31 66 61 39 34 22 3a 31 2c 22 31 66 61 39 35 22 3a 31 2c 22 31 66 61 39 36 22 3a 31 2c 22 31 66 61 39 37 22 3a 31 2c 22 31 66 61 39 38 22 3a 31 2c 22 31 66 61 39 39 22 3a 31 2c 22 31 66 61 39 61 22 3a 31 2c 22 31 66 61 39 62 22 3a 31 2c 22 31 66 61 39 63 22 3a 31 2c 22 31 66 61 39 64 22 3a 31 2c 22 31 66 61 39 65 22 3a 31 2c 22 31 66 61 39 66
                                                Data Ascii: 1fa7c":1,"1fa80":1,"1fa81":1,"1fa82":1,"1fa83":1,"1fa84":1,"1fa85":1,"1fa86":1,"1fa87":1,"1fa88":1,"1fa90":1,"1fa91":1,"1fa92":1,"1fa93":1,"1fa94":1,"1fa95":1,"1fa96":1,"1fa97":1,"1fa98":1,"1fa99":1,"1fa9a":1,"1fa9b":1,"1fa9c":1,"1fa9d":1,"1fa9e":1,"1fa9f
                                                2024-07-03 13:47:06 UTC16384INData Raw: 2c 22 61 72 69 61 2d 6c 61 62 65 6c 22 2c 22 73 69 7a 65 22 5d 29 3b 61 3d 64 28 22 43 6f 6d 65 74 52 65 6c 61 79 22 29 2e 75 73 65 46 72 61 67 6d 65 6e 74 28 69 21 3d 3d 76 6f 69 64 20 30 3f 69 3a 69 3d 62 28 22 46 44 53 50 72 6f 66 69 6c 65 50 68 6f 74 6f 46 6f 72 41 63 74 6f 72 5f 61 63 74 6f 72 2e 67 72 61 70 68 71 6c 22 29 2c 65 29 3b 65 3d 28 65 3d 28 65 3d 61 2e 63 6f 6d 6d 65 72 63 65 5f 70 72 6f 66 69 6c 65 5f 70 69 63 74 75 72 65 29 21 3d 6e 75 6c 6c 3f 65 3a 61 2e 70 72 6f 66 69 6c 65 5f 70 69 63 74 75 72 65 29 21 3d 6e 75 6c 6c 3f 65 3a 7b 7d 3b 76 61 72 20 75 3d 61 2e 70 72 6f 66 69 6c 65 5f 76 69 64 65 6f 21 3d 6e 75 6c 6c 3f 61 2e 70 72 6f 66 69 6c 65 5f 76 69 64 65 6f 3a 76 6f 69 64 20 30 2c 76 3d 65 2e 68 65 69 67 68 74 2c 77 3d 65 2e 73
                                                Data Ascii: ,"aria-label","size"]);a=d("CometRelay").useFragment(i!==void 0?i:i=b("FDSProfilePhotoForActor_actor.graphql"),e);e=(e=(e=a.commerce_profile_picture)!=null?e:a.profile_picture)!=null?e:{};var u=a.profile_video!=null?a.profile_video:void 0,v=e.height,w=e.s
                                                2024-07-03 13:47:06 UTC14884INData Raw: 73 70 6c 61 79 3a 22 78 37 38 7a 75 6d 35 22 2c 66 6c 65 78 42 61 73 69 73 3a 22 78 31 72 38 75 65 72 79 22 2c 66 6c 65 78 44 69 72 65 63 74 69 6f 6e 3a 22 78 64 74 35 79 74 66 22 2c 66 6c 65 78 47 72 6f 77 3a 22 78 31 69 79 6a 71 6f 32 22 2c 66 6c 65 78 53 68 72 69 6e 6b 3a 22 78 73 38 33 6d 30 6b 22 2c 6a 75 73 74 69 66 79 43 6f 6e 74 65 6e 74 3a 22 78 31 71 75 67 68 69 62 22 2c 6d 61 72 67 69 6e 42 6f 74 74 6f 6d 3a 22 78 61 74 32 34 63 72 22 2c 6d 61 72 67 69 6e 45 6e 64 3a 22 78 31 31 69 35 72 6e 6d 22 2c 6d 61 72 67 69 6e 53 74 61 72 74 3a 22 78 31 6d 68 38 67 30 72 22 2c 6d 61 72 67 69 6e 54 6f 70 3a 22 78 64 6a 32 36 36 72 22 2c 6d 69 6e 48 65 69 67 68 74 3a 22 78 32 6c 77 6e 31 6a 22 2c 6d 69 6e 57 69 64 74 68 3a 22 78 65 75 75 67 6c 69 22 2c 70
                                                Data Ascii: splay:"x78zum5",flexBasis:"x1r8uery",flexDirection:"xdt5ytf",flexGrow:"x1iyjqo2",flexShrink:"xs83m0k",justifyContent:"x1qughib",marginBottom:"xat24cr",marginEnd:"x11i5rnm",marginStart:"x1mh8g0r",marginTop:"xdj266r",minHeight:"x2lwn1j",minWidth:"xeuugli",p


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                13192.168.2.549734157.240.0.64432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:05 UTC610OUTGET /rsrc.php/v3i0Wo4/y4/l/en_GB/p2aYR2TDczj.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                Host: static.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                Origin: https://www.facebook.com
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: script
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:06 UTC1960INHTTP/1.1 200 OK
                                                Content-Type: application/x-javascript; charset=utf-8
                                                Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                content-md5: NABHoGWJylA3+B5N10TMcw==
                                                Expires: Sat, 28 Jun 2025 14:21:44 GMT
                                                Cache-Control: public,max-age=31536000,immutable
                                                reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                timing-allow-origin: *
                                                document-policy: force-load-at-top
                                                permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                cross-origin-resource-policy: cross-origin
                                                X-Content-Type-Options: nosniff
                                                report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                X-FB-Debug: 14R0gk8gXUXucpKp9g1ysr7mJ68UDp++ENOfnOkPYi5tQXiU1TYdNsJD1DiL98GvmN6PiBYm0Nh7sdj7UiGpzQ==
                                                Date: Wed, 03 Jul 2024 13:47:06 GMT
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: MODERATE; q=0.3, rtt=175, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 27465
                                                2024-07-03 13:47:06 UTC1INData Raw: 3b
                                                Data Ascii: ;
                                                2024-07-03 13:47:06 UTC15849INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 42 61 73 65 44 61 74 61 45 6e 74 72 79 4b 65 79 42 75 69 6c 64 65 72 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 61 28 61 29 7b 61 3d 61 2e 6b 65 79 3b 72 65 74 75 72 6e 20 61 2e 74 72 69 6d 4c 65 66 74 28 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 66 5b 22 64 65 66 61 75 6c 74 22 5d 3d 61 7d 29 2c 36 36 29 3b 0a 5f 5f 64 28 22 73 65 61 72 63 68 42 61 73 65 54 79 70 65 61 68 65 61 64 54 61 6b 65 4e 45 6e 74 72 69 65 73 46 72 6f 6d 53 65 63 74 69 6f 6e 65 64 45 6e 74 72 69 65 73 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73
                                                Data Ascii: /*FB_PKG_DELIM*/__d("BaseDataEntryKeyBuilder",[],(function(a,b,c,d,e,f){"use strict";function a(a){a=a.key;return a.trimLeft().toLowerCase()}f["default"]=a}),66);__d("searchBaseTypeaheadTakeNEntriesFromSectionedEntries",[],(function(a,b,c,d,e,f){"use s
                                                2024-07-03 13:47:06 UTC11615INData Raw: 39 32 36 5c 75 31 39 32 39 2d 5c 75 31 39 32 62 5c 75 31 39 33 30 5c 75 31 39 33 31 5c 75 31 39 33 33 2d 5c 75 31 39 33 38 5c 75 31 39 34 36 2d 5c 75 31 39 36 64 5c 75 31 39 37 30 2d 5c 75 31 39 37 34 5c 75 31 39 38 30 2d 5c 75 31 39 61 62 5c 75 31 39 62 30 2d 5c 75 31 39 63 39 5c 75 31 39 64 30 2d 5c 75 31 39 64 61 5c 75 31 61 30 30 2d 5c 75 31 61 31 36 5c 75 31 61 31 39 5c 75 31 61 31 61 5c 75 31 61 31 65 2d 5c 75 31 61 35 35 5c 75 31 61 35 37 5c 75 31 61 36 31 5c 75 31 61 36 33 5c 75 31 61 36 34 5c 75 31 61 36 64 2d 5c 75 31 61 37 32 5c 75 31 61 38 30 2d 5c 75 31 61 38 39 5c 75 31 61 39 30 2d 5c 75 31 61 39 39 5c 75 31 61 61 30 2d 5c 75 31 61 61 64 5c 75 31 62 30 34 2d 5c 75 31 62 33 33 5c 75 31 62 33 35 5c 75 31 62 33 62 5c 75 31 62 33 64 2d 5c 75 31
                                                Data Ascii: 926\u1929-\u192b\u1930\u1931\u1933-\u1938\u1946-\u196d\u1970-\u1974\u1980-\u19ab\u19b0-\u19c9\u19d0-\u19da\u1a00-\u1a16\u1a19\u1a1a\u1a1e-\u1a55\u1a57\u1a61\u1a63\u1a64\u1a6d-\u1a72\u1a80-\u1a89\u1a90-\u1a99\u1aa0-\u1aad\u1b04-\u1b33\u1b35\u1b3b\u1b3d-\u1


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                14192.168.2.54973623.43.61.160443
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:05 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                Connection: Keep-Alive
                                                Accept: */*
                                                Accept-Encoding: identity
                                                If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                Range: bytes=0-2147483646
                                                User-Agent: Microsoft BITS/7.8
                                                Host: fs.microsoft.com
                                                2024-07-03 13:47:06 UTC534INHTTP/1.1 200 OK
                                                Content-Type: application/octet-stream
                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                ApiVersion: Distribute 1.1
                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
                                                Cache-Control: public, max-age=94957
                                                Date: Wed, 03 Jul 2024 13:47:06 GMT
                                                Content-Length: 55
                                                Connection: close
                                                X-CID: 2
                                                2024-07-03 13:47:06 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                15192.168.2.549743157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:05 UTC896OUTGET /v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=0&byteend=825 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:06 UTC247INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 20:32:11 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 2203972891
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                2024-07-03 13:47:06 UTC2969INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 73 70 6f 6e 73 65 5f 6f 6b 3b 20 65 5f 70 72 6f 78 79 3d 22 41 63 4a 42 39 79 48 6a 52 54 48 47 61 2d 77 66 5f 46 36 78 79 53 39 6f 33 53 43 47 4e 58 64 4e 37 31 4c 71 35 44 33 68 7a 38 47 46 36 7a 51 41 4d 52 45 58 33 76 65 37 57 62 63 58 70 79 42 42 38 59 73 5a 48 74 74 59 41 72 6c 56 79 57 55 72 46 4c 51 42 22 3b 20 65 5f 66 62 5f 62 69 6e 61 72 79 76 65 72 73 69 6f 6e 3d 22 41 63 4c 35 77 79 71 57 46 67 54 76 43 57 34 72 75 68 5f 36 78 67 51 30 38 67 43 52 7a 55 45 65 43 41 42 76 49 47 39 34 78 6a 6b 6f 73 6a 75 62 68 41 45 38 5a 4f 6a 2d 45 68 4d 74 5a 4f 4a 4e 35 4f 32 47 30 34 6e 67 4c 42 46 54 7a 58 79 59 43 4b 35 75 49 32 6e 35 53 35 47 6f 2d 4f 4c 30 6f 42 38 22 3b 20 65 5f 66 62 5f
                                                Data Ascii: Proxy-Status: http_response_ok; e_proxy="AcJB9yHjRTHGa-wf_F6xyS9o3SCGNXdN71Lq5D3hz8GF6zQAMREX3ve7WbcXpyBB8YsZHttYArlVyWUrFLQB"; e_fb_binaryversion="AcL5wyqWFgTvCW4ruh_6xgQ08gCRzUEeCABvIG94xjkosjubhAE8ZOj-EhMtZOJN5O2G04ngLBFTzXyYCK5uI2n5S5Go-OL0oB8"; e_fb_
                                                2024-07-03 13:47:06 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:06 UTC825INData Raw: 00 00 28 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 61 76 30 31 63 6d 66 63 00 00 03 12 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 aa 14 4b e2 aa 14 4b 00 00 3c 00 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61
                                                Data Ascii: (ftypmp41iso8isommp41dashav01cmfcmoovlmvhdKK<@meta hdlrID32`ID32ID3HPRIV>https://github.com/sha


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                16192.168.2.549740157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:05 UTC898OUTGET /v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=826&byteend=881 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:06 UTC247INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 20:32:11 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 2203972891
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                2024-07-03 13:47:06 UTC2967INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 73 70 6f 6e 73 65 5f 6f 6b 3b 20 65 5f 70 72 6f 78 79 3d 22 41 63 4a 42 39 79 48 6a 52 54 48 47 61 2d 77 66 5f 46 36 78 79 53 39 6f 33 53 43 47 4e 58 64 4e 37 31 4c 71 35 44 33 68 7a 38 47 46 36 7a 51 41 4d 52 45 58 33 76 65 37 57 62 63 58 70 79 42 42 38 59 73 5a 48 74 74 59 41 72 6c 56 79 57 55 72 46 4c 51 42 22 3b 20 65 5f 66 62 5f 62 69 6e 61 72 79 76 65 72 73 69 6f 6e 3d 22 41 63 4c 35 77 79 71 57 46 67 54 76 43 57 34 72 75 68 5f 36 78 67 51 30 38 67 43 52 7a 55 45 65 43 41 42 76 49 47 39 34 78 6a 6b 6f 73 6a 75 62 68 41 45 38 5a 4f 6a 2d 45 68 4d 74 5a 4f 4a 4e 35 4f 32 47 30 34 6e 67 4c 42 46 54 7a 58 79 59 43 4b 35 75 49 32 6e 35 53 35 47 6f 2d 4f 4c 30 6f 42 38 22 3b 20 65 5f 66 62 5f
                                                Data Ascii: Proxy-Status: http_response_ok; e_proxy="AcJB9yHjRTHGa-wf_F6xyS9o3SCGNXdN71Lq5D3hz8GF6zQAMREX3ve7WbcXpyBB8YsZHttYArlVyWUrFLQB"; e_fb_binaryversion="AcL5wyqWFgTvCW4ruh_6xgQ08gCRzUEeCABvIG94xjkosjubhAE8ZOj-EhMtZOJN5O2G04ngLBFTzXyYCK5uI2n5S5Go-OL0oB8"; e_fb_
                                                2024-07-03 13:47:06 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:06 UTC55INData Raw: 00 00 38 73 69 64 78 00 00 00 00 00 00 00 01 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 02 00 01 dc 06 00 01 2c 00 10 00 00 00 00 01 4e df 00 01 0c 00 10 00 00 00
                                                Data Ascii: 8sidx<,N


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                17192.168.2.549741157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:05 UTC901OUTGET /v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=882&byteend=122743 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:06 UTC247INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 20:32:11 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 2203972891
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                2024-07-03 13:47:06 UTC3013INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 73 70 6f 6e 73 65 5f 6f 6b 3b 20 65 5f 70 72 6f 78 79 3d 22 41 63 4a 42 39 79 48 6a 52 54 48 47 61 2d 77 66 5f 46 36 78 79 53 39 6f 33 53 43 47 4e 58 64 4e 37 31 4c 71 35 44 33 68 7a 38 47 46 36 7a 51 41 4d 52 45 58 33 76 65 37 57 62 63 58 70 79 42 42 38 59 73 5a 48 74 74 59 41 72 6c 56 79 57 55 72 46 4c 51 42 22 3b 20 65 5f 66 62 5f 62 69 6e 61 72 79 76 65 72 73 69 6f 6e 3d 22 41 63 4c 35 77 79 71 57 46 67 54 76 43 57 34 72 75 68 5f 36 78 67 51 30 38 67 43 52 7a 55 45 65 43 41 42 76 49 47 39 34 78 6a 6b 6f 73 6a 75 62 68 41 45 38 5a 4f 6a 2d 45 68 4d 74 5a 4f 4a 4e 35 4f 32 47 30 34 6e 67 4c 42 46 54 7a 58 79 59 43 4b 35 75 49 32 6e 35 53 35 47 6f 2d 4f 4c 30 6f 42 38 22 3b 20 65 5f 66 62 5f
                                                Data Ascii: Proxy-Status: http_response_ok; e_proxy="AcJB9yHjRTHGa-wf_F6xyS9o3SCGNXdN71Lq5D3hz8GF6zQAMREX3ve7WbcXpyBB8YsZHttYArlVyWUrFLQB"; e_fb_binaryversion="AcL5wyqWFgTvCW4ruh_6xgQ08gCRzUEeCABvIG94xjkosjubhAE8ZOj-EhMtZOJN5O2G04ngLBFTzXyYCK5uI2n5S5Go-OL0oB8"; e_fb_
                                                2024-07-03 13:47:06 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:06 UTC1500INData Raw: 00 02 bc 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 02 a4 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 02 00 00 01 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 02 70 74 72 75 6e 00 00 02 05 00 00 00 96 00 00 02 c4 00 00 00 00 00 00 43 85 00 00 28 5c 00 00 00 03 00 00 00 a2 00 00 00 03 00 00 02 19 00 00 00 03 00 00 00 99 00 00 00 03 00 00 07 4f 00 00 00 03 00 00 00 d5 00 00 00 03 00 00 02 6a 00 00 00 03 00 00 00 a1 00 00 00 03 00 00 2a 1d 00 00 00 03 00 00 00 b0 00 00 00 03 00 00 01 d8 00 00 00 03 00 00 00 71 00 00 00 03 00 00 06 36 00 00 00 03 00 00 00 a3 00 00 00 03 00 00 02 44 00 00 00 03 00 00 00 95 00 00 00 03 00 00 2b df 00 00 00 03 00 00 00 76 00 00 00 03 00 00 01 ad 00 00 00 03
                                                Data Ascii: moofmfhdtraftfhd*tfdtptrunC(\Oj*q6D+v
                                                2024-07-03 13:47:06 UTC15450INData Raw: 35 92 54 5c d9 49 15 ee 88 e0 ef 15 53 42 14 9e 9c fb 32 c0 b9 a9 75 b2 7a a8 f6 07 e4 2a 6a 70 cd 77 36 0d 51 89 78 cd 6a ac 97 b6 89 c5 73 0e 4d e8 4f 07 6e 0d 43 60 f2 9d 03 76 ac 57 b5 fe a6 6c ba dd f2 65 0f 62 ed 0c 1f a6 25 52 6f fa 1f cf b9 60 c8 3d c7 86 8b 7c 50 3b 66 f6 de 70 40 6b 58 bf 86 09 02 8a a1 18 85 b5 60 00 82 e8 ae 53 73 6f 62 8f 75 34 45 b6 a4 85 a8 94 0f 75 e6 ba 1d 8b 4c ea 2a db b6 4a 2e 6d e0 9d 96 d8 35 bd 24 f3 4e 70 8d 12 5c 3c a2 4a cf fe 87 46 dc ff 32 5a 83 ed 74 71 51 71 1f be 14 fc c7 67 76 18 f1 a7 40 f5 e8 39 a2 d3 25 1c 62 1a 2f dc 8f 34 07 3d bc d8 21 1d 5f 76 e3 75 75 5c 8f 91 a8 61 84 96 30 13 bc 90 dd 7e 50 81 a4 3d 3e 18 e1 34 22 e5 a3 bf 27 fc fa dd fb f9 77 62 d2 79 3d 43 39 dd f2 09 28 dd 03 3c a3 71 2f 50 00
                                                Data Ascii: 5T\ISB2uz*jpw6QxjsMOnC`vWleb%Ro`=|P;fp@kX`Ssobu4EuL*J.m5$Np\<JF2ZtqQqgv@9%b/4=!_vuu\a0~P=>4"'wby=C9(<q/P
                                                2024-07-03 13:47:06 UTC16384INData Raw: 6b ac 9a 1d e9 38 12 2b 61 1a fc 1b fd 9a 32 3e b4 71 d9 8a af 0d 57 d8 09 11 92 88 e2 33 dd e2 fc 34 e2 97 a5 7a 43 2b fe 72 3b 92 42 a6 6f 7d 1d 84 a8 95 05 50 99 de 99 52 5c 02 9a b4 cb 1a 28 82 b2 35 b6 e8 b4 e6 df 3d e3 e3 14 d2 b3 f1 3a b8 5a 1d a1 32 bb b0 94 cb 97 49 a8 21 42 2b e8 2e 08 fd e0 25 6d 51 9b 8f 6a 35 46 f6 b2 02 7e ba 40 47 32 df 9e 1b c5 3f 96 34 ec 92 22 e6 98 b2 e6 1e 6d eb 1b a1 c7 4d ba e9 ae 61 c5 d4 84 05 69 5f 68 30 a7 85 b9 9d 3d 2e 0d cf 02 bb ac db f5 8c 81 d2 a0 79 f8 10 5c 9c 03 70 e2 15 0e a6 45 65 96 ca df 5b 7f 8d ec 2d 78 69 87 e9 8c 71 34 f6 d3 6c fd 21 dc a9 b1 c7 e9 fa ca 30 f8 9d a5 74 11 1e 4c a2 84 26 81 b3 f5 31 15 a9 31 40 19 a6 39 c0 a7 8b 36 3f 28 44 d4 79 3c 7c e5 7b 58 26 04 b5 7f 3d 2c 7d ff 85 80 bc 59
                                                Data Ascii: k8+a2>qW34zC+r;Bo}PR\(5=:Z2I!B+.%mQj5F~@G2?4"mMai_h0=.y\pEe[-xiq4l!0tL&11@96?(Dy<|{X&=,}Y
                                                2024-07-03 13:47:06 UTC16384INData Raw: 42 f1 c2 78 52 ff c0 16 f8 98 ab c1 0f 2d 81 08 58 14 2c ee b3 ac ef 87 d2 ae 3a 92 ee 15 a0 72 f5 10 28 85 b5 54 f2 e0 d8 a7 7d 7e d2 8d 81 0e d2 3c d4 38 51 13 4d b9 eb 8c ac 55 a0 2e fb 12 14 e1 8e c5 38 3f 53 c7 af f0 e1 91 a6 7d c4 75 b9 f3 71 0a 3a 22 30 0c 05 1d 23 58 6f 9a fd 0d 5b 12 ef dc ee f0 95 b2 e0 19 97 49 95 64 db 63 48 a5 25 cf 69 d8 a0 38 ce e0 03 71 ec 47 20 02 35 c9 56 7e e9 0d c4 b7 99 23 8a 80 fc d9 eb 72 6c 9e 0d e7 82 91 37 07 88 da 99 3b a9 51 3b 9b d4 ee 67 44 28 66 3d c4 90 3d b0 b9 ec a4 59 d9 3f 77 00 81 da 25 4c 6f f0 06 bc 4c 3c 2b 9b 10 ef ca fa 85 c5 2d 31 35 9c 00 40 73 9a a1 0a 5e 74 c4 f5 73 1a 2d 2d 09 1d bc af de b1 81 4a 58 6a 45 59 9f f3 7d 64 87 79 2d ec 50 97 21 4e 17 40 45 eb 40 22 4c 4f f9 58 d8 e5 d5 35 64 5e
                                                Data Ascii: BxR-X,:r(T}~<8QMU.8?S}uq:"0#Xo[IdcH%i8qG 5V~#rl7;Q;gD(f==Y?w%LoL<+-15@s^ts--JXjEY}dy-P!N@E@"LOX5d^
                                                2024-07-03 13:47:06 UTC14935INData Raw: 97 3d ec d7 6a 4c d5 e4 7a a4 8b a8 a2 5d 31 38 ac 3a 76 d4 d2 65 2d 12 72 28 4a bc 67 2d ac 40 32 eb 61 f6 3b 84 69 60 94 c5 e3 22 f4 a1 4b ec 3c a0 0c 3a 0b 43 ee f6 b5 7d 0b 10 74 34 a3 d0 50 7b c9 3e 08 af a5 1e 5f d5 31 c2 a5 77 60 69 79 53 f0 38 aa af e5 6e d2 6b 23 d2 44 aa 7a 67 58 48 03 cb 26 5a 13 64 fb d3 98 e2 3b 77 dc b1 3e 0b b1 6c 13 2d 59 c6 0d b1 bf 11 a5 72 c3 a5 b8 7f cd 7a d5 82 c3 b0 5a 2c 36 d0 d6 b8 8d 5b c5 20 b5 9b d0 84 f2 32 ab 7c ab 44 7f e5 42 65 6f 0b 51 f9 79 99 58 4a dd 70 c5 2f e0 7f 9c 17 bd 64 24 44 fe 54 bb fc 35 fc db 23 e0 ab 7b 91 4b 00 6a 24 27 08 9c d4 b4 f5 0e 3a 43 60 ac 29 d0 73 19 12 50 f1 60 ed db 18 ff b4 51 91 73 fa bc 4f f4 7e b2 c5 30 d6 ae 05 59 d3 60 31 9c 8f 4f d7 25 d6 19 f9 04 36 4d 74 87 61 37 54 ef
                                                Data Ascii: =jLz]18:ve-r(Jg-@2a;i`"K<:C}t4P{>_1w`iyS8nk#DzgXH&Zd;w>l-YrzZ,6[ 2|DBeoQyXJp/d$DT5#{Kj$':C`)sP`QsO~0Y`1O%6Mta7T
                                                2024-07-03 13:47:06 UTC1500INData Raw: 97 0e 7e 9a af e0 9e 09 a5 68 36 b9 13 4d ef a3 f8 a8 95 c6 17 5b dd 64 9f b2 fc a2 3d ab 06 0b 47 51 7f 82 af 97 b7 c6 8e 85 76 5d bd 62 bb 7c ab 61 3d 1e db ef 45 b4 8d 1f f9 40 d6 7e cd 07 75 7e 0f a6 9c 40 93 79 01 4a 2d fa f4 b0 3f 59 0c e8 a4 59 13 2e 89 ce 64 46 8d 37 af 45 14 5d bc a7 84 df 5e 51 d7 77 6b b1 85 25 1e aa f4 ff 15 ea 2f 89 2b 22 fc b2 d9 bd e1 64 00 0a b4 c9 c4 4b 07 bc 1d 00 79 45 c3 de ae 37 b3 20 88 6b 89 34 d5 ad 20 3a 0a eb 69 e8 56 13 93 2e ef 04 08 e0 97 41 88 b5 96 14 d5 3a c4 75 57 c7 81 dc f8 6b 09 14 6d 10 8e 99 9d 27 8a c5 18 85 b7 38 73 18 13 48 e4 29 79 3d 75 68 66 4c 6c aa 5b 3c 9d 66 24 26 f8 67 af ed 33 14 e3 67 18 6f d2 09 36 a0 91 09 33 6a 71 08 8d c7 c6 1f 19 e3 53 37 bc 7c e1 be 37 fb 06 04 fe 36 18 60 69 c3 ff
                                                Data Ascii: ~h6M[d=GQv]b|a=E@~u~@yJ-?YY.dF7E]^Qwk%/+"dKyE7 k4 :iV.A:uWkm'8sH)y=uhfLl[<f$&g3go63jqS7|76`i
                                                2024-07-03 13:47:06 UTC16333INData Raw: f7 95 55 84 6c f9 e5 0e 8a ab e2 15 48 3a f1 df 55 85 f3 68 1b 29 eb 40 7b dd 2c 91 99 16 fb d9 2a 18 3a 18 87 f3 9c 5a a2 25 3a 0b 0e a0 3b 68 4d 99 b1 e4 f2 39 e1 79 ee a2 38 2e 95 4a bb 3f b4 3e 9d f7 bc 5b 3b a3 38 9d d1 7f b2 a0 64 39 da 0b a7 3a 6f e1 58 d0 a7 01 1a ec 14 0c 5c 56 93 32 f5 11 db 8f d4 bb 0e 13 aa f2 fe 9c 3d cc 73 7b d2 e4 b4 6c 9a e4 30 ae 4b fc 7c 20 46 1c 6c 71 a8 6a f6 53 3e ec 6a 61 f7 b8 b7 d5 77 58 b5 0d 75 93 44 ae d5 ee 67 63 e9 8f 19 1e 48 15 7e 19 64 19 8a d5 27 94 d4 8d 72 da 92 e6 fb e6 d4 05 4b 9c a2 fa 8b a8 d5 17 b8 5a e5 0b c4 e6 a3 c5 16 68 46 f4 5b e3 f8 da 43 5c 1c c2 3f df b0 b4 23 b8 0c 20 3a 50 30 7b ae fd 40 cb 2a 79 2b 7d 0d 44 71 2c 32 05 cc a2 ec d9 f9 cf ab 65 e1 8c f2 9d f5 4e c1 9f 05 23 39 18 f3 e4 e7
                                                Data Ascii: UlH:Uh)@{,*:Z%:;hM9y8.J?>[;8d9:oX\V2=s{l0K| FlqjS>jawXuDgcH~d'rKZhF[C\?# :P0{@*y+}Dq,2eN#9
                                                2024-07-03 13:47:06 UTC16384INData Raw: 4c e7 02 57 3a 7d 7d 3e 92 7d 31 c6 f2 cc 52 c7 a6 2c 9c 1f 22 7b be c9 95 f9 32 af 08 15 7b 13 e1 89 31 b3 95 f6 23 25 d5 86 24 96 84 cc c5 d5 c9 5e cd 5e cd 1f f9 de 64 25 c3 79 52 8d a4 bc 7b 0f 58 49 28 79 9e be 9c 8e db 35 e6 c6 c3 16 0d 8c fa e4 25 24 ff e4 70 df 66 f5 aa 84 9a 26 d9 03 a4 df 9b 8c 65 2f 4a 26 9d e5 a3 5a 61 a7 d7 4e c5 4d 6b 19 47 b3 49 ab 09 f7 58 23 2c cc d3 b8 2e 19 b6 8f 7b 91 8a 0d a2 6d 4a 23 4d 18 8c 2a 93 5b 64 10 f4 2c 8c cd 5b 6b 78 d1 fb 4c 3a 1d 09 4d d7 55 0f 5c 2c 01 8c b9 b8 43 44 79 a6 77 97 13 20 41 e3 21 16 fa cf f1 b1 bc fd 4b 8c 0d bf a3 0c b9 0c db 14 df 3d 89 52 eb c4 c4 50 a8 d9 29 15 ac 71 37 ae e2 3b 55 26 16 ed bf 88 e4 9e 0f c5 18 b0 e5 d6 1a 92 37 33 54 8d 68 29 dc 8c 43 a3 08 ce b1 fc f2 af 97 3b fd e8
                                                Data Ascii: LW:}}>}1R,"{2{1#%$^^d%yR{XI(y5%$pf&e/J&ZaNMkGIX#,.{mJ#M*[d,[kxL:MU\,CDyw A!K=RP)q7;U&73Th)C;


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                18192.168.2.549739157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:05 UTC914OUTGET /v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=0&byteend=823 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:06 UTC247INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 20:00:43 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 4175100246
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                2024-07-03 13:47:06 UTC2970INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 73 70 6f 6e 73 65 5f 6f 6b 3b 20 65 5f 70 72 6f 78 79 3d 22 41 63 49 48 67 56 6e 6d 6d 55 63 52 65 54 79 77 37 32 2d 48 76 4a 68 48 49 63 64 70 34 61 36 62 71 73 44 4b 42 35 34 69 67 62 66 2d 70 41 5a 67 39 58 46 32 72 49 32 43 65 6c 32 71 52 52 70 44 5f 6a 33 32 34 66 74 51 36 75 6c 6a 48 62 5a 4f 71 47 71 2d 22 3b 20 65 5f 66 62 5f 62 69 6e 61 72 79 76 65 72 73 69 6f 6e 3d 22 41 63 4c 53 58 52 54 4f 65 51 44 47 6d 62 6b 42 63 70 62 69 74 57 64 7a 6b 6c 31 57 39 63 38 65 65 65 43 47 68 6c 38 4c 53 56 64 4b 5f 38 54 35 71 62 5a 72 52 79 37 34 53 74 73 31 41 71 30 4b 44 46 49 75 76 79 61 62 49 31 47 65 50 74 5a 6b 70 75 54 37 50 37 45 74 32 5f 36 51 59 4f 64 52 6f 6d 6b 22 3b 20 65 5f 66 62 5f
                                                Data Ascii: Proxy-Status: http_response_ok; e_proxy="AcIHgVnmmUcReTyw72-HvJhHIcdp4a6bqsDKB54igbf-pAZg9XF2rI2Cel2qRRpD_j324ftQ6uljHbZOqGq-"; e_fb_binaryversion="AcLSXRTOeQDGmbkBcpbitWdzkl1W9c8eeeCGhl8LSVdK_8T5qbZrRy74Sts1Aq0KDFIuvyabI1GePtZkpuT7P7Et2_6QYOdRomk"; e_fb_
                                                2024-07-03 13:47:06 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:06 UTC823INData Raw: 00 00 24 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 63 6d 66 63 00 00 03 14 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 aa 0c ea e2 aa 0c ea 00 00 bb 80 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61 6b 61 2d 70
                                                Data Ascii: $ftypmp41iso8isommp41dashcmfcmoovlmvhd@meta hdlrID32`ID32ID3HPRIV>https://github.com/shaka-p


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                19192.168.2.549737157.240.0.64432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:06 UTC720OUTGET /rsrc.php/v3iBwS4/yw/l/en_GB/56unmhkIrehtInlbCaeLql9s9enP8ua4RYWxmlUS2FbnWfnZ8Xxo1m0k6TrftXaUSlLhKwLpm5VBVuwwDateX8xhraCBbnW2FYj8xP1iPn3AFm3SuHlNAdJkm.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                Host: static.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                Origin: https://www.facebook.com
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: script
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:06 UTC1988INHTTP/1.1 200 OK
                                                Content-Type: application/x-javascript; charset=utf-8
                                                Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                content-md5: UU7aKxN10RLeAmhf1AzFKQ==
                                                Expires: Thu, 03 Jul 2025 13:47:06 GMT
                                                Cache-Control: public,max-age=31536000,immutable
                                                reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                timing-allow-origin: *
                                                document-policy: force-load-at-top
                                                permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                cross-origin-resource-policy: cross-origin
                                                X-Content-Type-Options: nosniff
                                                report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                origin-agent-cluster: ?0
                                                X-FB-Debug: O5lsvMTaYwWQ69N9hp2yT11rWFqy+LWbAYy1wBPbN3KoJssMh/iNIHoN1Dqvd6MtIs3WO3Zj2LuHKo+CLmbrOA==
                                                Date: Wed, 03 Jul 2024 13:47:06 GMT
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: MODERATE; q=0.3, rtt=155, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=111, ullat=0
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 346217
                                                2024-07-03 13:47:06 UTC1500INData Raw: 3b 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 4d 69 6e 47 61 70 54 79 70 65 22 2c 5b 22 24 49 6e 74 65 72 6e 61 6c 45 6e 75 6d 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 61 3d 62 28 22 24 49 6e 74 65 72 6e 61 6c 45 6e 75 6d 22 29 28 7b 55 4e 4b 4e 4f 57 4e 3a 30 2c 4f 52 47 41 4e 49 43 3a 31 2c 45 4e 47 41 47 45 4d 45 4e 54 3a 32 2c 46 49 58 45 44 5f 50 4f 53 49 54 49 4f 4e 3a 33 2c 50 52 4f 4d 4f 54 49 4f 4e 3a 34 2c 53 50 4f 4e 53 4f 52 45 44 3a 35 2c 45 4e 44 5f 4f 46 5f 46 45 45 44 5f 43 4f 4e 54 45 4e 54 3a 36 2c 46 42 5f 53 54 4f 52 49 45 53 3a 37 2c 48 49 47 48 5f 56 41 4c 55 45 5f 50 52 4f 4d 4f 54 49 4f 4e 3a 38 2c 46 42 5f 53 54 4f 52 49 45 53 5f 45 4e 47 41 47 45 4d 45 4e 54 3a 39 2c
                                                Data Ascii: ;/*FB_PKG_DELIM*/__d("MinGapType",["$InternalEnum"],(function(a,b,c,d,e,f){a=b("$InternalEnum")({UNKNOWN:0,ORGANIC:1,ENGAGEMENT:2,FIXED_POSITION:3,PROMOTION:4,SPONSORED:5,END_OF_FEED_CONTENT:6,FB_STORIES:7,HIGH_VALUE_PROMOTION:8,FB_STORIES_ENGAGEMENT:9,
                                                2024-07-03 13:47:06 UTC1500INData Raw: 7b 72 65 74 75 72 6e 20 61 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 73 74 61 74 75 73 3d 3d 3d 22 72 65 63 65 69 76 65 64 22 7c 7c 61 2e 73 74 61 74 75 73 3d 3d 3d 22 70 6f 73 69 74 69 6f 6e 65 64 22 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 67 28 61 29 7b 76 61 72 20 62 3d 61 2e 72 65 64 75 63 65 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 6a 28 62 29 3f 63 3a 61 7d 2c 2d 31 29 3b 72 65 74 75 72 6e 20 61 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 61 2c 63 29 7b 72 65 74 75 72 6e 20 63 3c 3d 62 26 26 21 6a 28 61 29 3f 62 61 62 65 6c 48 65 6c 70 65 72 73 5b 22 65 78 74 65 6e 64 73 22 5d 28 7b 7d 2c 61 2c 7b 73 74 61 74 75 73 3a 22 72 65 6e 64 65 72 65 64 22 7d 29 3a 61 7d 29 7d 66 75 6e 63
                                                Data Ascii: {return a.filter(function(a){return a.status==="received"||a.status==="positioned"})}function g(a){var b=a.reduce(function(a,b,c){return j(b)?c:a},-1);return a.map(function(a,c){return c<=b&&!j(a)?babelHelpers["extends"]({},a,{status:"rendered"}):a})}func
                                                2024-07-03 13:47:06 UTC1500INData Raw: 74 73 2c 67 3d 61 2e 65 6e 64 50 6f 69 6e 74 2c 68 3d 61 2e 67 65 74 46 65 65 64 55 6e 69 74 53 74 61 74 75 73 4c 69 73 74 2c 69 3d 61 2e 68 62 61 2c 6a 3d 61 2e 69 73 76 2c 6b 3d 61 2e 6d 69 6e 47 61 70 52 75 6c 65 2c 6c 3d 61 2e 6d 69 6e 47 61 70 54 79 70 65 2c 6d 3d 61 2e 73 65 73 73 69 6f 6e 4b 65 79 2c 6e 3d 61 2e 74 72 61 63 6b 69 6e 67 2c 6f 3d 61 2e 76 70 3b 69 66 28 68 3d 3d 6e 75 6c 6c 7c 7c 65 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 3b 61 3d 68 28 29 3b 68 3d 64 28 22 43 6f 6d 65 74 46 65 65 64 55 6e 69 74 53 74 61 74 75 73 54 72 61 63 6b 69 6e 67 55 74 69 6c 73 22 29 2e 67 65 74 46 65 65 64 55 6e 69 74 73 57 69 74 68 4f 72 69 67 69 6e 61 6c 50 6f 73 69 74 69 6f 6e 28 61 2c 64 28 22 43 6f 6d 65 74 46 65 65 64 55 6e 69 74 53 74 61 74 75 73 54 72
                                                Data Ascii: ts,g=a.endPoint,h=a.getFeedUnitStatusList,i=a.hba,j=a.isv,k=a.minGapRule,l=a.minGapType,m=a.sessionKey,n=a.tracking,o=a.vp;if(h==null||e==null)return;a=h();h=d("CometFeedUnitStatusTrackingUtils").getFeedUnitsWithOriginalPosition(a,d("CometFeedUnitStatusTr
                                                2024-07-03 13:47:06 UTC1500INData Raw: 68 62 61 3a 21 31 2c 69 73 76 3a 6e 75 6c 6c 2c 6d 69 6e 5f 67 61 70 5f 73 68 61 70 65 3a 7b 6d 69 6e 5f 67 61 70 5f 72 75 6c 65 3a 66 21 3d 6e 75 6c 6c 3f 66 2e 74 6f 53 74 72 69 6e 67 28 29 3a 6e 75 6c 6c 2c 6d 69 6e 5f 67 61 70 5f 74 79 70 65 3a 67 7d 2c 70 72 6f 64 75 63 74 5f 66 65 61 74 75 72 65 73 3a 22 68 69 67 68 65 73 74 5f 70 6f 73 69 74 69 6f 6e 5f 61 64 5f 66 72 6f 6d 5f 6d 75 6c 74 69 66 65 65 64 22 2c 73 65 73 73 69 6f 6e 5f 6b 65 79 3a 64 28 22 57 65 62 53 65 73 73 69 6f 6e 22 29 2e 67 65 74 49 64 28 29 2c 74 69 6d 65 73 74 61 6d 70 3a 68 2e 74 6f 53 74 72 69 6e 67 28 29 2c 74 72 61 63 6b 69 6e 67 3a 6e 75 6c 6c 2c 76 70 3a 6e 75 6c 6c 7d 7d 29 7d 67 2e 6c 6f 67 43 6f 6d 65 74 41 64 73 50 72 6f 64 75 63 74 47 61 70 52 75 6c 65 3d 61 3b 67
                                                Data Ascii: hba:!1,isv:null,min_gap_shape:{min_gap_rule:f!=null?f.toString():null,min_gap_type:g},product_features:"highest_position_ad_from_multifeed",session_key:d("WebSession").getId(),timestamp:h.toString(),tracking:null,vp:null}})}g.logCometAdsProductGapRule=a;g
                                                2024-07-03 13:47:06 UTC1500INData Raw: 65 6c 3a 28 62 3d 61 2e 62 72 73 43 6f 6e 74 65 6e 74 4c 61 62 65 6c 29 3d 3d 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 62 2e 74 6f 53 74 72 69 6e 67 28 29 2c 6f 72 67 61 6e 69 63 5f 74 72 61 63 6b 69 6e 67 3a 61 2e 74 72 61 63 6b 69 6e 67 2c 75 6e 69 74 5f 74 79 70 65 3a 61 2e 75 6e 69 74 54 79 70 65 7d 7d 66 75 6e 63 74 69 6f 6e 20 6a 28 61 2c 62 2c 63 29 7b 61 3d 6b 28 61 2c 62 2c 63 29 3b 72 65 74 75 72 6e 20 61 3d 3d 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 28 62 3d 61 2e 62 72 73 46 69 6c 74 65 72 53 65 74 74 69 6e 67 29 3d 3d 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 62 2e 74 6f 53 74 72 69 6e 67 28 29 7d 66 75 6e 63 74 69 6f 6e 20 6b 28 61 2c 62 2c 64 29 7b 76 61 72 20 65 3d 61 5b 64 5d 3b 69 66 28 65 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 76 61
                                                Data Ascii: el:(b=a.brsContentLabel)==null?void 0:b.toString(),organic_tracking:a.tracking,unit_type:a.unitType}}function j(a,b,c){a=k(a,b,c);return a==null?void 0:(b=a.brsFilterSetting)==null?void 0:b.toString()}function k(a,b,d){var e=a[d];if(e==null)return null;va
                                                2024-07-03 13:47:06 UTC1500INData Raw: 66 65 65 64 5f 69 73 5f 6c 6f 61 64 69 6e 67 22 3b 65 6c 73 65 20 72 65 74 75 72 6e 22 66 65 65 64 5f 75 6e 6b 6e 6f 77 6e 22 7d 67 2e 67 65 74 42 72 61 6e 64 53 61 66 65 74 79 46 69 65 6c 64 46 6f 72 41 64 49 6d 70 72 65 73 73 69 6f 6e 3d 61 3b 67 2e 69 73 53 70 6f 6e 73 6f 72 65 64 3d 68 3b 67 2e 67 65 74 42 72 73 49 6e 66 6f 3d 6b 3b 67 2e 67 65 74 46 65 65 64 53 74 61 74 65 3d 6c 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 43 6f 6d 65 74 46 65 65 64 53 65 73 73 69 6f 6e 49 44 43 6f 6e 74 65 78 74 22 2c 5b 22 72 65 61 63 74 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 68 3b 61 3d 68 7c 7c 64 28 22 72 65 61 63 74 22 29 3b 62 3d 61 2e 63 72 65 61 74 65 43 6f 6e 74 65 78
                                                Data Ascii: feed_is_loading";else return"feed_unknown"}g.getBrandSafetyFieldForAdImpression=a;g.isSponsored=h;g.getBrsInfo=k;g.getFeedState=l}),98);__d("CometFeedSessionIDContext",["react"],(function(a,b,c,d,e,f,g){"use strict";var h;a=h||d("react");b=a.createContex
                                                2024-07-03 13:47:06 UTC174INData Raw: 3d 3d 22 74 72 75 65 22 29 72 65 74 75 72 6e 21 42 6f 6f 6c 65 61 6e 28 61 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 29 7d 72 65 74 75 72 6e 21 31 7d 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 6f 66 66 73 65 74 48 65 69 67 68 74 2b 61 2e 6f 66 66 73 65 74 57 69 64 74 68 3e 30 7d 2c 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 28 29 3b 72 65 74 75 72 6e 20 61 2e 68 65 69 67 68 74 2a 61 2e 77 69 64 74 68 3e 30 7d 3b 67
                                                Data Ascii: =="true")return!Boolean(a.style.display)}return!1},k=function(a){return a.offsetHeight+a.offsetWidth>0},l=function(a){a=a.getBoundingClientRect();return a.height*a.width>0};g
                                                2024-07-03 13:47:06 UTC1500INData Raw: 5b 22 64 65 66 61 75 6c 74 22 5d 3d 61 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 43 6f 6d 65 74 47 48 4c 44 69 73 70 6c 61 79 4d 6f 6e 69 74 6f 72 22 2c 5b 22 44 65 62 75 67 4f 77 6c 22 2c 22 47 48 4c 47 61 74 69 6e 67 22 2c 22 63 6c 65 61 72 54 69 6d 65 6f 75 74 22 2c 22 63 6f 6d 65 74 47 48 4c 43 6f 6e 74 65 6e 74 44 69 73 70 6c 61 79 43 68 65 63 6b 22 2c 22 72 65 63 6f 76 65 72 61 62 6c 65 56 69 6f 6c 61 74 69 6f 6e 22 2c 22 73 65 74 54 69 6d 65 6f 75 74 43 6f 6d 65 74 4c 6f 67 67 69 6e 67 50 72 69 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 68 3d 6e 65 77 20 4d 61 70 28 29 2c 69 3d 31 65 33 2c 6a 3d 6e 75 6c 6c 2c 6b 3d 21 31 2c 6c 3d 6e 65 77 20 53 65 74 28 29 3b
                                                Data Ascii: ["default"]=a}),98);__d("CometGHLDisplayMonitor",["DebugOwl","GHLGating","clearTimeout","cometGHLContentDisplayCheck","recoverableViolation","setTimeoutCometLoggingPri"],(function(a,b,c,d,e,f,g){"use strict";var h=new Map(),i=1e3,j=null,k=!1,l=new Set();
                                                2024-07-03 13:47:06 UTC1500INData Raw: 65 66 61 75 6c 74 22 5d 3d 65 7d 29 2c 39 38 29 3b 0a 5f 5f 64 28 22 43 6f 6d 65 74 47 48 4c 54 72 61 63 6b 65 72 22 2c 5b 22 44 65 62 75 67 4f 77 6c 22 2c 22 47 48 4c 42 6f 78 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 68 3d 6e 65 77 20 53 65 74 28 29 3b 66 75 6e 63 74 69 6f 6e 20 61 28 61 29 7b 63 28 22 44 65 62 75 67 4f 77 6c 22 29 2e 73 77 6f 6f 70 28 61 29 2c 68 2e 61 64 64 28 61 29 2c 68 2e 73 69 7a 65 3e 64 28 22 47 48 4c 42 6f 78 22 29 2e 4d 69 6e 69 6d 75 6d 48 69 64 64 65 6e 41 64 73 54 6f 55 70 64 61 74 65 4c 6f 63 61 6c 53 74 6f 72 61 67 65 26 26 64 28 22 47 48 4c 42 6f 78 22 29 2e 73 28 44 61 74 65 2e 6e 6f 77 28 29 29 7d 66 75 6e 63 74 69 6f 6e 20 62
                                                Data Ascii: efault"]=e}),98);__d("CometGHLTracker",["DebugOwl","GHLBox"],(function(a,b,c,d,e,f,g){"use strict";var h=new Set();function a(a){c("DebugOwl").swoop(a),h.add(a),h.size>d("GHLBox").MinimumHiddenAdsToUpdateLocalStorage&&d("GHLBox").s(Date.now())}function b
                                                2024-07-03 13:47:06 UTC1500INData Raw: 65 74 54 61 69 6c 4c 6f 61 64 4c 6f 67 67 65 72 22 2c 22 52 65 73 75 6d 61 62 6c 65 54 69 6d 65 72 22 2c 22 65 6d 70 74 79 46 75 6e 63 74 69 6f 6e 22 2c 22 69 6e 74 65 72 73 65 63 74 69 6f 6e 4f 62 73 65 72 76 65 72 45 6e 74 72 79 49 73 49 6e 74 65 72 73 65 63 74 69 6e 67 22 2c 22 70 65 72 66 6f 72 6d 61 6e 63 65 4e 6f 77 22 2c 22 72 65 61 63 74 22 2c 22 75 73 65 43 6f 6d 65 74 52 6f 75 74 65 54 72 61 63 65 50 6f 6c 69 63 79 22 2c 22 75 73 65 4f 6e 42 65 66 6f 72 65 55 6e 6c 6f 61 64 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 68 2c 69 3b 62 3d 69 7c 7c 64 28 22 72 65 61 63 74 22 29 3b 76 61 72 20 6a 3d 62 2e 75 73 65 43 61 6c 6c 62 61 63 6b 2c 6b 3d 62 2e 75 73 65
                                                Data Ascii: etTailLoadLogger","ResumableTimer","emptyFunction","intersectionObserverEntryIsIntersecting","performanceNow","react","useCometRouteTracePolicy","useOnBeforeUnload"],(function(a,b,c,d,e,f,g){"use strict";var h,i;b=i||d("react");var j=b.useCallback,k=b.use


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                20192.168.2.549742157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:06 UTC916OUTGET /v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=824&byteend=915 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:06 UTC247INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 20:00:43 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 4175100246
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                2024-07-03 13:47:06 UTC2968INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 73 70 6f 6e 73 65 5f 6f 6b 3b 20 65 5f 70 72 6f 78 79 3d 22 41 63 49 48 67 56 6e 6d 6d 55 63 52 65 54 79 77 37 32 2d 48 76 4a 68 48 49 63 64 70 34 61 36 62 71 73 44 4b 42 35 34 69 67 62 66 2d 70 41 5a 67 39 58 46 32 72 49 32 43 65 6c 32 71 52 52 70 44 5f 6a 33 32 34 66 74 51 36 75 6c 6a 48 62 5a 4f 71 47 71 2d 22 3b 20 65 5f 66 62 5f 62 69 6e 61 72 79 76 65 72 73 69 6f 6e 3d 22 41 63 4c 53 58 52 54 4f 65 51 44 47 6d 62 6b 42 63 70 62 69 74 57 64 7a 6b 6c 31 57 39 63 38 65 65 65 43 47 68 6c 38 4c 53 56 64 4b 5f 38 54 35 71 62 5a 72 52 79 37 34 53 74 73 31 41 71 30 4b 44 46 49 75 76 79 61 62 49 31 47 65 50 74 5a 6b 70 75 54 37 50 37 45 74 32 5f 36 51 59 4f 64 52 6f 6d 6b 22 3b 20 65 5f 66 62 5f
                                                Data Ascii: Proxy-Status: http_response_ok; e_proxy="AcIHgVnmmUcReTyw72-HvJhHIcdp4a6bqsDKB54igbf-pAZg9XF2rI2Cel2qRRpD_j324ftQ6uljHbZOqGq-"; e_fb_binaryversion="AcLSXRTOeQDGmbkBcpbitWdzkl1W9c8eeeCGhl8LSVdK_8T5qbZrRy74Sts1Aq0KDFIuvyabI1GePtZkpuT7P7Et2_6QYOdRomk"; e_fb_
                                                2024-07-03 13:47:06 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:06 UTC91INData Raw: 00 00 5c 73 69 64 78 00 00 00 00 00 00 00 01 00 00 bb 80 00 00 00 00 00 00 00 00 00 00 00 05 00 00 45 d4 00 01 7c 3e 90 00 00 00 00 00 3f c2 00 01 78 00 90 00 00 00 00 00 3f 73 00 01 78 00 90 00 00 00 00 00 3f 85 00 01 70 00 90 00 00 00 00 00 2e a6 00 01 13 c2 90 00 00 00
                                                Data Ascii: \sidxE|>?x?sx?p.


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                21192.168.2.549745157.240.0.64432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:06 UTC610OUTGET /rsrc.php/v3iWd-4/yP/l/en_GB/M-AHdbpN8xr.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                Host: static.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                Origin: https://www.facebook.com
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: script
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:07 UTC1987INHTTP/1.1 200 OK
                                                Content-Type: application/x-javascript; charset=utf-8
                                                Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                content-md5: L2PmnjR09j31KKxT61G6Lg==
                                                Expires: Thu, 03 Jul 2025 13:47:06 GMT
                                                Cache-Control: public,max-age=31536000,immutable
                                                reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                timing-allow-origin: *
                                                document-policy: force-load-at-top
                                                permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                cross-origin-resource-policy: cross-origin
                                                X-Content-Type-Options: nosniff
                                                report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                origin-agent-cluster: ?0
                                                X-FB-Debug: TDfistdC28ZArHMYnlH0NvgMOLTRZZnHwzuE+Ovu4zDCJksW3sWLS2wUCuOuPl/2dLDI3aYZZzo65jwh9XKpTA==
                                                Date: Wed, 03 Jul 2024 13:47:06 GMT
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: MODERATE; q=0.3, rtt=187, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=108, ullat=0
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 61963
                                                2024-07-03 13:47:07 UTC1500INData Raw: 3b 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 41 63 74 69 76 69 74 79 4c 6f 67 4d 65 6e 75 4f 70 74 69 6f 6e 22 2c 5b 22 24 49 6e 74 65 72 6e 61 6c 45 6e 75 6d 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 61 3d 62 28 22 24 49 6e 74 65 72 6e 61 6c 45 6e 75 6d 22 29 28 7b 41 52 43 48 49 56 45 3a 22 61 72 63 68 69 76 65 22 2c 41 55 54 4f 5f 41 43 54 49 56 49 54 59 5f 54 49 4d 45 5f 57 49 4e 44 4f 57 3a 22 61 75 74 6f 5f 61 63 74 69 76 69 74 79 5f 74 69 6d 65 5f 77 69 6e 64 6f 77 22 2c 41 55 54 4f 5f 41 43 54 49 56 49 54 59 5f 4f 50 54 5f 49 4e 3a 22 61 75 74 6f 5f 61 63 74 69 76 69 74 79 5f 6f 70 74 5f 69 6e 22 2c 41 55 54 4f 5f 41 43 54 49 56 49 54 59 5f 4f 50 54 5f 4f 55 54 3a 22 61 75 74 6f 5f 61
                                                Data Ascii: ;/*FB_PKG_DELIM*/__d("ActivityLogMenuOption",["$InternalEnum"],(function(a,b,c,d,e,f){a=b("$InternalEnum")({ARCHIVE:"archive",AUTO_ACTIVITY_TIME_WINDOW:"auto_activity_time_window",AUTO_ACTIVITY_OPT_IN:"auto_activity_opt_in",AUTO_ACTIVITY_OPT_OUT:"auto_a
                                                2024-07-03 13:47:07 UTC1500INData Raw: 4f 4e 53 45 3a 22 72 65 6d 6f 76 65 5f 70 72 61 79 65 72 5f 72 65 73 70 6f 6e 73 65 22 2c 52 45 4d 4f 56 45 5f 50 52 41 59 45 52 5f 52 45 53 50 4f 4e 53 45 5f 54 48 41 4e 4b 53 3a 22 72 65 6d 6f 76 65 5f 70 72 61 79 65 72 5f 72 65 73 70 6f 6e 73 65 5f 74 68 61 6e 6b 73 22 2c 52 45 4d 4f 56 45 5f 52 45 41 43 54 49 4f 4e 3a 22 72 65 6d 6f 76 65 5f 72 65 61 63 74 69 6f 6e 22 2c 52 45 4d 4f 56 45 5f 52 45 50 4f 52 54 5f 54 41 47 3a 22 72 65 6d 6f 76 65 5f 61 6e 64 5f 72 65 70 6f 72 74 5f 74 61 67 22 2c 52 45 4d 4f 56 45 5f 53 41 56 45 3a 22 72 65 6d 6f 76 65 5f 73 61 76 65 22 2c 52 45 4d 4f 56 45 5f 54 41 47 3a 22 72 65 6d 6f 76 65 5f 74 61 67 22 2c 52 45 50 4f 52 54 5f 54 41 47 3a 22 72 65 70 6f 72 74 5f 74 61 67 22 2c 52 45 4d 4f 56 45 5f 56 49 44 45 4f 5f
                                                Data Ascii: ONSE:"remove_prayer_response",REMOVE_PRAYER_RESPONSE_THANKS:"remove_prayer_response_thanks",REMOVE_REACTION:"remove_reaction",REMOVE_REPORT_TAG:"remove_and_report_tag",REMOVE_SAVE:"remove_save",REMOVE_TAG:"remove_tag",REPORT_TAG:"report_tag",REMOVE_VIDEO_
                                                2024-07-03 13:47:07 UTC1500INData Raw: 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 2e 73 6f 6d 65 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 66 69 6c 74 65 72 5f 6b 65 79 3d 3d 3d 62 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 6a 28 61 29 7b 73 77 69 74 63 68 28 61 29 7b 63 61 73 65 20 75 28 29 3a 72 65 74 75 72 6e 20 68 2e 41 52 43 48 49 56 45 3b 63 61 73 65 20 41 28 29 3a 72 65 74 75 72 6e 20 68 2e 54 52 41 53 48 3b 64 65 66 61 75 6c 74 3a 72 65 74 75 72 6e 20 68 2e 4c 4f 47 7d 7d 66 75 6e 63 74 69 6f 6e 20 6b 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 61 3e 30 26 26 62 21 3d 6e 75 6c 6c 26 26 62 2e 63 61 6e 63 65 6c 5f 6c 61 62 65 6c 21 3d 6e 75 6c 6c 26 26 62 2e 63 6f 6e 66 69 72 6d 5f 6c 61 62 65 6c 21 3d 6e 75 6c 6c 26 26 62 2e 74 69 74
                                                Data Ascii: a,b){return a.some(function(a){return a.filter_key===b})}function j(a){switch(a){case u():return h.ARCHIVE;case A():return h.TRASH;default:return h.LOG}}function k(a,b,c,d){return function(){a>0&&b!=null&&b.cancel_label!=null&&b.confirm_label!=null&&b.tit
                                                2024-07-03 13:47:07 UTC1500INData Raw: 75 72 6e 20 61 3d 3d 3d 4b 28 29 3f 22 70 6f 73 74 5f 63 68 65 76 72 6f 6e 5f 6d 65 6e 75 5f 74 69 6d 65 6c 69 6e 65 22 3a 22 70 6f 73 74 5f 63 68 65 76 72 6f 6e 5f 6d 65 6e 75 5f 6e 65 77 73 5f 66 65 65 64 22 7d 66 75 6e 63 74 69 6f 6e 20 51 28 61 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 75 28 29 7d 66 75 6e 63 74 69 6f 6e 20 52 28 61 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 41 28 29 7d 66 75 6e 63 74 69 6f 6e 20 53 28 61 29 7b 73 77 69 74 63 68 28 61 29 7b 63 61 73 65 22 44 45 4c 45 54 45 22 3a 72 65 74 75 72 6e 22 64 65 6c 65 74 65 22 3b 63 61 73 65 22 45 44 49 54 5f 50 52 49 56 41 43 59 22 3a 72 65 74 75 72 6e 22 65 64 69 74 5f 70 72 69 76 61 63 79 22 3b 63 61 73 65 22 4d 4f 56 45 5f 54 4f 5f 41 52 43 48 49 56 45 22 3a 72 65 74 75 72 6e 22 61 72 63 68 69
                                                Data Ascii: urn a===K()?"post_chevron_menu_timeline":"post_chevron_menu_news_feed"}function Q(a){return a===u()}function R(a){return a===A()}function S(a){switch(a){case"DELETE":return"delete";case"EDIT_PRIVACY":return"edit_privacy";case"MOVE_TO_ARCHIVE":return"archi
                                                2024-07-03 13:47:07 UTC1500INData Raw: 3b 67 2e 67 65 74 46 69 6c 74 65 72 4b 65 79 46 6f 72 50 65 72 73 6f 6e 3d 6d 3b 67 2e 67 65 74 46 69 6c 74 65 72 4b 65 79 46 6f 72 44 61 74 65 3d 6e 3b 67 2e 67 65 74 46 69 6c 74 65 72 4b 65 79 46 6f 72 4d 65 64 69 61 43 6f 6e 74 65 6e 74 3d 6f 3b 67 2e 67 65 74 46 69 6c 74 65 72 4b 65 79 46 6f 72 41 75 64 69 65 6e 63 65 3d 70 3b 67 2e 67 65 74 53 74 6f 72 65 4b 65 79 46 6f 72 41 72 63 68 69 76 65 3d 71 3b 67 2e 67 65 74 53 74 6f 72 65 4b 65 79 46 6f 72 54 72 61 73 68 3d 72 3b 67 2e 67 65 74 53 74 6f 72 65 4b 65 79 46 6f 72 4c 6f 67 3d 73 3b 67 2e 67 65 74 53 74 6f 72 65 4b 65 79 46 6f 72 4d 61 6e 61 67 65 3d 74 3b 67 2e 67 65 74 43 61 74 65 67 6f 72 79 4b 65 79 46 6f 72 41 72 63 68 69 76 65 3d 75 3b 67 2e 67 65 74 43 61 74 65 67 6f 72 79 4b 65 79 46 6f
                                                Data Ascii: ;g.getFilterKeyForPerson=m;g.getFilterKeyForDate=n;g.getFilterKeyForMediaContent=o;g.getFilterKeyForAudience=p;g.getStoreKeyForArchive=q;g.getStoreKeyForTrash=r;g.getStoreKeyForLog=s;g.getStoreKeyForManage=t;g.getCategoryKeyForArchive=u;g.getCategoryKeyFo
                                                2024-07-03 13:47:07 UTC1500INData Raw: 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 27 20 76 69 65 77 42 6f 78 3d 27 30 20 30 20 31 36 20 31 36 27 25 33 65 25 33 63 64 65 66 73 25 33 65 25 33 63 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 20 69 64 3d 27 61 27 20 78 31 3d 27 35 30 25 32 35 27 20 78 32 3d 27 35 30 25 32 35 27 20 79 31 3d 27 30 25 32 35 27 20 79 32 3d 27 36 37 2e 31 39 34 25 32 35 27 25 33 65 25 33 63 73 74 6f 70 20 6f 66 66 73 65 74 3d 27 30 25 32 35 27 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 27 25 32 33 45 30 34 33 30 30 27 2f 25 33 65 25 33 63 73 74 6f 70 20 6f 66 66 73 65 74 3d 27 31 30 30 25 32 35 27 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 27 25 32 33 46 46 41 33 32 30 27 2f 25 33 65 25 33 63 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 25
                                                Data Ascii: ='http://www.w3.org/1999/xlink' viewBox='0 0 16 16'%3e%3cdefs%3e%3clinearGradient id='a' x1='50%25' x2='50%25' y1='0%25' y2='67.194%25'%3e%3cstop offset='0%25' stop-color='%23E04300'/%3e%3cstop offset='100%25' stop-color='%23FFA320'/%3e%3c/linearGradient%
                                                2024-07-03 13:47:07 UTC1500INData Raw: 66 66 73 65 74 20 64 79 3d 27 31 27 20 69 6e 3d 27 53 6f 75 72 63 65 41 6c 70 68 61 27 20 72 65 73 75 6c 74 3d 27 73 68 61 64 6f 77 4f 66 66 73 65 74 4f 75 74 65 72 31 27 2f 25 33 65 25 33 63 66 65 47 61 75 73 73 69 61 6e 42 6c 75 72 20 69 6e 3d 27 73 68 61 64 6f 77 4f 66 66 73 65 74 4f 75 74 65 72 31 27 20 72 65 73 75 6c 74 3d 27 73 68 61 64 6f 77 42 6c 75 72 4f 75 74 65 72 31 27 20 73 74 64 44 65 76 69 61 74 69 6f 6e 3d 27 2e 35 27 2f 25 33 65 25 33 63 66 65 43 6f 6c 6f 72 4d 61 74 72 69 78 20 69 6e 3d 27 73 68 61 64 6f 77 42 6c 75 72 4f 75 74 65 72 31 27 20 76 61 6c 75 65 73 3d 27 30 20 30 20 30 20 30 20 31 20 30 20 30 20 30 20 30 20 30 2e 35 30 39 36 38 30 37 30 37 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 2e 33 37 31 32 30 36 39 37 35 20
                                                Data Ascii: ffset dy='1' in='SourceAlpha' result='shadowOffsetOuter1'/%3e%3cfeGaussianBlur in='shadowOffsetOuter1' result='shadowBlurOuter1' stdDeviation='.5'/%3e%3cfeColorMatrix in='shadowBlurOuter1' values='0 0 0 0 1 0 0 0 0 0.509680707 0 0 0 0 0 0 0 0 0.371206975
                                                2024-07-03 13:47:07 UTC1500INData Raw: 37 20 30 20 30 31 2d 2e 33 31 38 2e 32 32 63 2d 2e 31 35 2e 30 33 36 2d 2e 33 37 33 2e 30 37 35 2d 2e 36 33 2e 30 37 35 73 2d 2e 34 38 31 2d 2e 30 33 39 2d 2e 36 33 2d 2e 30 37 35 61 2e 35 32 34 2e 35 32 34 20 30 20 30 31 2d 2e 33 31 38 2d 2e 32 32 20 31 2e 35 38 38 20 31 2e 35 38 38 20 30 20 30 31 2d 2e 32 35 32 2d 2e 38 37 34 7a 6d 36 2e 34 20 30 63 30 2d 2e 37 39 31 2e 35 33 37 2d 31 2e 34 33 31 20 31 2e 32 2d 31 2e 34 33 31 2e 36 36 32 20 30 20 31 2e 32 2e 36 34 20 31 2e 32 20 31 2e 34 33 31 20 30 20 2e 33 32 39 2d 2e 30 39 34 2e 36 33 33 2d 2e 32 35 32 2e 38 37 34 61 2e 35 32 34 2e 35 32 34 20 30 20 30 31 2d 2e 33 31 38 2e 32 32 20 32 2e 37 33 34 20 32 2e 37 33 34 20 30 20 30 31 2d 2e 36 33 2e 30 37 35 63 2d 2e 32 35 37 20 30 2d 2e 34 38 2d 2e 30 33
                                                Data Ascii: 7 0 01-.318.22c-.15.036-.373.075-.63.075s-.481-.039-.63-.075a.524.524 0 01-.318-.22 1.588 1.588 0 01-.252-.874zm6.4 0c0-.791.537-1.431 1.2-1.431.662 0 1.2.64 1.2 1.431 0 .329-.094.633-.252.874a.524.524 0 01-.318.22 2.734 2.734 0 01-.63.075c-.257 0-.48-.03
                                                2024-07-03 13:47:07 UTC1500INData Raw: 28 22 43 6f 6d 65 74 43 6f 6d 70 6f 73 65 72 4d 69 6e 75 74 69 61 65 42 61 72 4c 6f 61 64 69 6e 67 2e 72 65 61 63 74 22 2c 5b 22 46 44 53 47 6c 69 6d 6d 65 72 2e 72 65 61 63 74 22 2c 22 72 65 61 63 74 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 68 2c 69 3d 68 7c 7c 64 28 22 72 65 61 63 74 22 29 2c 6a 3d 7b 69 6d 61 67 65 47 6c 69 6d 6d 65 72 3a 7b 62 6f 72 64 65 72 54 6f 70 53 74 61 72 74 52 61 64 69 75 73 3a 22 78 31 34 79 6a 6c 39 68 22 2c 62 6f 72 64 65 72 54 6f 70 45 6e 64 52 61 64 69 75 73 3a 22 78 75 64 68 6a 39 31 22 2c 62 6f 72 64 65 72 42 6f 74 74 6f 6d 45 6e 64 52 61 64 69 75 73 3a 22 78 31 38 6e 79 6b 74 39 22 2c 62 6f 72 64 65 72 42 6f 74 74 6f 6d 53 74
                                                Data Ascii: ("CometComposerMinutiaeBarLoading.react",["FDSGlimmer.react","react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||d("react"),j={imageGlimmer:{borderTopStartRadius:"x14yjl9h",borderTopEndRadius:"xudhj91",borderBottomEndRadius:"x18nykt9",borderBottomSt
                                                2024-07-03 13:47:07 UTC1500INData Raw: 65 62 50 69 78 65 6c 52 61 74 69 6f 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 61 3d 7b 67 65 74 50 72 65 6c 6f 61 64 50 72 6f 70 73 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 61 2e 66 65 65 64 4c 6f 63 61 74 69 6f 6e 2c 65 3d 61 2e 69 64 2c 66 3d 61 2e 72 65 6e 64 65 72 4c 6f 63 61 74 69 6f 6e 2c 67 3d 61 2e 73 65 72 69 61 6c 69 7a 65 64 46 52 54 50 49 64 65 6e 74 69 66 69 65 72 73 3b 61 3d 61 2e 73 74 6f 72 79 44 65 62 75 67 49 6e 66 6f 3b 72 65 74 75 72 6e 7b 65 78 74 72 61 50 72 6f 70 73 3a 7b 6f 72 69 67 69 6e 61 6c 53 74 6f 72 79 49 44 3a 65 7d 2c 71 75 65 72 69 65 73 3a 7b 6d 65 6e 75 51 75 65 72 79 52 65 66 65 72 65 6e 63 65 3a 7b 70 61 72 61 6d 65 74 65
                                                Data Ascii: ebPixelRatio"],(function(a,b,c,d,e,f,g){"use strict";a={getPreloadProps:function(a){var c=a.feedLocation,e=a.id,f=a.renderLocation,g=a.serializedFRTPIdentifiers;a=a.storyDebugInfo;return{extraProps:{originalStoryID:e},queries:{menuQueryReference:{paramete


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                22192.168.2.549744157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:06 UTC918OUTGET /v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=916&byteend=18791 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:06 UTC247INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 20:00:43 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 4175100246
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                2024-07-03 13:47:06 UTC2975INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 73 70 6f 6e 73 65 5f 6f 6b 3b 20 65 5f 70 72 6f 78 79 3d 22 41 63 49 48 67 56 6e 6d 6d 55 63 52 65 54 79 77 37 32 2d 48 76 4a 68 48 49 63 64 70 34 61 36 62 71 73 44 4b 42 35 34 69 67 62 66 2d 70 41 5a 67 39 58 46 32 72 49 32 43 65 6c 32 71 52 52 70 44 5f 6a 33 32 34 66 74 51 36 75 6c 6a 48 62 5a 4f 71 47 71 2d 22 3b 20 65 5f 66 62 5f 62 69 6e 61 72 79 76 65 72 73 69 6f 6e 3d 22 41 63 4c 53 58 52 54 4f 65 51 44 47 6d 62 6b 42 63 70 62 69 74 57 64 7a 6b 6c 31 57 39 63 38 65 65 65 43 47 68 6c 38 4c 53 56 64 4b 5f 38 54 35 71 62 5a 72 52 79 37 34 53 74 73 31 41 71 30 4b 44 46 49 75 76 79 61 62 49 31 47 65 50 74 5a 6b 70 75 54 37 50 37 45 74 32 5f 36 51 59 4f 64 52 6f 6d 6b 22 3b 20 65 5f 66 62 5f
                                                Data Ascii: Proxy-Status: http_response_ok; e_proxy="AcIHgVnmmUcReTyw72-HvJhHIcdp4a6bqsDKB54igbf-pAZg9XF2rI2Cel2qRRpD_j324ftQ6uljHbZOqGq-"; e_fb_binaryversion="AcLSXRTOeQDGmbkBcpbitWdzkl1W9c8eeeCGhl8LSVdK_8T5qbZrRy74Sts1Aq0KDFIuvyabI1GePtZkpuT7P7Et2_6QYOdRomk"; e_fb_
                                                2024-07-03 13:47:06 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:06 UTC1500INData Raw: 00 01 44 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 01 2c 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 08 00 00 00 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 00 dc 74 72 75 6e 00 00 02 01 00 00 00 32 00 00 01 4c 00 00 01 55 00 00 01 55 00 00 02 1d 00 00 01 ab 00 00 01 85 00 00 01 8e 00 00 01 b1 00 00 01 74 00 00 01 56 00 00 01 40 00 00 01 5a 00 00 01 90 00 00 01 32 00 00 01 2d 00 00 01 32 00 00 01 a1 00 00 01 55 00 00 01 3f 00 00 01 22 00 00 01 54 00 00 01 49 00 00 01 2c 00 00 01 38 00 00 01 3e 00 00 01 48 00 00 01 3f 00 00 01 48 00 00 01 3d 00 00 01 c7 00 00 01 6a 00 00 01 79 00 00 01 5c 00 00 01 5d 00 00 01 54 00 00 01 28 00 00 01 2f 00 00 01 90 00 00 01 8e 00 00 01 56 00 00 01 4b
                                                Data Ascii: Dmoofmfhd,traftfhd*tfdttrun2LUUtV@Z2-2U?"TI,8>H?H=jy\]T(/VK
                                                2024-07-03 13:47:07 UTC15416INData Raw: a8 97 ba 50 82 44 2f aa 75 7d b8 bc ec 0a 5f 77 c7 6a 31 aa ed c4 45 80 65 2a 9d d6 ee e6 e6 7b 37 82 e8 08 41 a2 89 95 ba 62 f3 ec 09 4b 69 b5 79 f6 0a 8a 80 70 21 7b 55 45 8a 9d 63 a2 41 11 02 a4 94 22 86 aa ae 12 05 0b 20 40 60 2a 3b ba 87 c7 cc db 75 42 d6 bc 68 d9 6f e6 6d cd 4a 7d 63 6d 08 23 89 4a fc 1c cd 22 c3 f0 d1 c3 31 28 f8 a6 c4 70 d8 cc ee 08 33 33 a9 9b 48 1d db 0d 84 e8 05 00 b0 27 8c 9d d6 e9 0d 0a 89 e7 2e 4d 09 d8 c0 5e a5 da 49 c7 12 40 08 6a f5 12 68 55 b4 67 24 27 18 6c 59 e7 9a 33 25 4d 2e e6 ae fe e6 93 65 71 f8 7c e4 f5 30 99 72 c3 f8 db d4 99 67 96 7c ae 6b ad 3c 4f 48 d8 23 29 69 d8 6c 8d 19 5c db 19 2e 37 cb 87 f6 13 95 2b d7 0c 63 ec 3f 6a 88 dc 87 d6 49 9c 60 f7 2b 8b 62 5d d9 76 3d 52 9c e2 77 85 44 a8 a1 6c 49 41 60 a8 30
                                                Data Ascii: PD/u}_wj1Ee*{7AbKiyp!{UEcA" @`*;uBhomJ}cm#J"1(p33H'.M^I@jhUg$'lY3%M.eq|0rg|k<OH#)il\.7+c?jI`+b]v=RwDlIA`0
                                                2024-07-03 13:47:07 UTC959INData Raw: 02 f9 e9 b6 4a eb 97 96 2e 52 99 29 34 e7 ee fd ee 99 6a 8b 32 d6 fe 43 d4 7c 54 80 18 74 2e a7 46 a4 50 6b 70 71 ae 61 4a 0d fd c9 a1 9e 88 03 3b cb 57 44 a0 a2 55 4e d3 6a 49 68 c8 03 8d a3 12 77 fb aa ab e2 62 aa 95 d6 0a 4b 34 60 54 62 b1 31 3b 38 d7 30 aa 65 cd f1 0a 50 34 b4 aa 29 00 56 5b dc 20 96 d8 04 0e 57 7b eb ac 2c 28 ac 23 30 27 0a a1 2c 42 40 05 39 95 8d 2c 3b 3a 04 29 9b e9 40 05 9a bd 96 25 2b 56 1e ae 14 c8 fa a6 9a 44 b6 b1 2f 18 ad 4d 3e 62 17 81 15 9c fc 8f b5 f1 76 00 25 ad a5 c9 e6 56 52 03 0d bd 08 1f 7a fd fc 06 b6 d0 25 a1 41 19 6c 6d 82 31 02 60 a7 aa 80 13 22 a9 4a 45 8e e0 05 a2 04 4b 15 fb 72 33 bd ed 38 d8 44 0b dc 06 50 01 2c de a4 00 cb 09 44 02 b0 cb 8a f4 04 c0 37 88 68 86 3a 53 33 51 44 db eb 5a a5 c9 5e fd b5 49 7c a5
                                                Data Ascii: J.R)4j2C|Tt.FPkpqaJ;WDUNjIhwbK4`Tb1;80eP4)V[ W{,(#0',B@9,;:)@%+VD/M>bv%VRz%Alm1`"JEKr38DP,D7h:S3QDZ^I|


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                23192.168.2.549753157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:06 UTC900OUTGET /v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=0&byteend=817 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:06 UTC588INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 17:04:14 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 118353545
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:06 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 818
                                                2024-07-03 13:47:06 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:06 UTC817INData Raw: 00 00 28 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 76 70 30 39 63 6d 66 63 00 00 03 0a 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 a8 92 0e e2 a8 92 0e 00 00 3c 00 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61
                                                Data Ascii: (ftypmp41iso8isommp41dashvp09cmfcmoovlmvhd<@meta hdlrID32`ID32ID3HPRIV>https://github.com/sha


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                24192.168.2.549752157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:06 UTC902OUTGET /v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=818&byteend=873 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:06 UTC587INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 17:04:14 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 118353545
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:06 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 56
                                                2024-07-03 13:47:06 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:06 UTC55INData Raw: 00 00 38 73 69 64 78 00 00 00 00 00 00 00 01 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 b9 dc 00 01 2c 00 10 00 00 00 00 00 4d dd 00 00 50 00 10 00 00 00
                                                Data Ascii: 8sidx<,MP


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                25192.168.2.549754157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:06 UTC904OUTGET /v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=874&byteend=48453 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:06 UTC590INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 17:04:14 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 118353545
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:06 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 47580
                                                2024-07-03 13:47:06 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:06 UTC1500INData Raw: 00 02 bc 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 02 a4 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 02 00 00 01 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 02 70 74 72 75 6e 00 00 02 05 00 00 00 96 00 00 02 c4 00 00 00 00 00 00 1f 60 00 00 06 00 00 00 00 e2 00 00 00 20 00 00 01 23 00 00 01 17 00 00 01 2d 00 00 00 e6 00 00 00 e5 00 00 00 1b 00 00 01 0e 00 00 00 cc 00 00 00 d8 00 00 00 1c 00 00 00 b7 00 00 00 1b 00 00 00 1d 00 00 08 23 00 00 00 1a 00 00 01 1a 00 00 00 f7 00 00 01 11 00 00 00 f3 00 00 00 ef 00 00 00 1d 00 00 00 dc 00 00 01 24 00 00 00 f2 00 00 00 1e 00 00 01 15 00 00 01 50 00 00 00 4a 00 00 00 1d 00 00 01 bb 00 00 00 3b 00 00 00 4b 00 00 00 4d 00 00 00 45 00 00 00 1c
                                                Data Ascii: moofmfhdtraftfhd*tfdtptrun` #-#$PJ;KME
                                                2024-07-03 13:47:06 UTC15458INData Raw: 2f 8b 64 9d bf 14 34 12 35 f7 cb b0 84 45 42 d4 00 6e db ef 95 d4 85 7d 12 b4 83 42 68 19 04 02 40 a6 30 1f 58 36 a5 98 eb 28 93 70 77 1c 2a 72 d9 8f e3 5e ec 87 33 e1 4e 8a 01 fd ef ef d6 9d 71 14 0e e5 cf 44 96 22 da ca 3b 16 68 35 d2 d2 e0 f3 73 1f 0d aa f3 53 5c f9 0f 9f c5 fa 10 a0 1d 3b c8 d2 54 cc 0d a1 9b aa 70 cc d4 ab c5 7a 8e 36 85 c9 d6 f4 01 f0 a4 3f c6 3d c8 1e 1c 67 d9 b0 a7 5a 5e f3 b3 6f 24 84 d8 e5 cd e6 10 17 60 64 8c 60 5c 04 2e 6f 5b f5 12 ab 0f 36 39 43 7a ba 1a bd 40 db 45 d3 25 16 2d 9d a2 e0 b5 5b 8d ee fc 4d dc fa 06 63 62 20 04 76 72 f3 19 25 96 48 e8 41 5f c8 01 b6 03 e6 24 02 c0 d3 f6 59 1d 76 83 40 43 97 c9 78 b3 56 2b 8a 98 9e 69 aa 1b b0 7a c6 81 d4 a3 a6 65 fd 0a c1 cf a6 0b e5 b3 f8 ea a9 f2 59 b8 ab 36 17 9a 34 b4 65 0f
                                                Data Ascii: /d45EBn}Bh@0X6(pw*r^3NqD";h5sS\;Tpz6?=gZ^o$`d`\.o[69Cz@E%-[Mcb vr%HA_$Yv@CxV+izeY64e
                                                2024-07-03 13:47:06 UTC16384INData Raw: fd a4 a6 76 e3 5d e7 0f 67 5d 24 4e dd 28 47 5a 4e 14 e1 3e cd c3 92 84 18 ae 24 75 a7 fb 7f 3a 83 da b7 78 d7 f8 bb 78 98 d7 ad c6 42 9e be e2 cf 46 de 40 75 58 4c 9e f3 4c 1b 78 d4 2f dc 0e 96 86 3f 10 46 e7 51 7a 80 00 0a 70 ab 6b 58 00 5e 66 87 08 0e 0d 9b 7c 55 73 dd 2e 13 78 30 86 3f 10 46 e7 61 7a 80 00 0a 70 c8 cc f0 00 61 3e 1e c6 77 b1 c6 32 06 03 f1 49 4f d2 31 2d 19 43 57 8e 5d 11 0a 54 40 45 04 3a 26 12 ce 60 54 49 72 1c 30 e2 7e 35 f9 56 2b 2b bf 71 0a 89 e5 30 19 10 19 30 87 53 15 0b 1c 56 12 d6 08 13 a1 2a 8e 38 c3 ad 46 45 80 64 17 93 85 03 50 44 c0 36 03 e0 87 65 5f 52 a7 85 db e7 da 55 0b b4 f3 92 12 83 7f cd 91 6e 70 9b 52 a1 b1 e0 67 4c ea 20 7e 34 ea 17 00 2b 37 96 9b dc a0 42 b6 d2 0c 33 89 00 9f 5f d8 1d c6 fe 73 16 10 61 ec b3 74
                                                Data Ascii: v]g]$N(GZN>$u:xxBF@uXLLx/?FQzpkX^f|Us.x0?Fazpa>w2IO1-CW]T@E:&`TIr0~5V++q00SV*8FEdPD6e_RUnpRgL ~4+7B3_sat
                                                2024-07-03 13:47:06 UTC14237INData Raw: 88 2f 3c af be bd 3b 0b d7 2a da 79 06 ee fa ee d3 8c cf ad d7 9d 73 b4 e7 13 94 d1 a8 ad 08 c7 39 d7 97 04 2d 19 54 c5 7f be a5 f3 eb 45 46 9d 19 08 4f a2 6c 92 18 a1 07 c4 77 d5 5f c2 f8 9f 51 dd 20 60 72 c5 08 9a 47 e0 2b 2a 7c 79 c7 30 e3 a2 08 2d d6 e9 c5 15 d3 35 bd 98 e2 fa b8 ef 95 6f f8 82 29 23 4d d8 ce 1d 97 2c 6b ba fd 78 02 24 23 bb 4f 5c b4 55 84 37 ef ab 66 30 e7 b5 21 6f 09 87 ad 36 6b 96 42 6d 66 77 d3 51 9f ed 6d 57 4b 22 8b ab fa 41 e8 61 66 9b a2 9e b6 d4 77 b2 e0 61 3d 42 60 fc ae 37 a9 61 4f 9c 35 22 0f 81 4c 59 60 41 6e 04 38 d4 c4 01 a3 22 11 a0 92 06 46 a7 67 9a ed 50 c9 03 82 aa ab 06 04 a7 a2 d8 04 c2 8b 6e ae 55 96 c8 c6 60 5a 38 53 3d b6 4f 86 af b1 5a 30 29 85 91 38 e9 2f bd ad 3c e1 e1 63 23 eb 12 88 55 f7 52 f4 68 b6 46 4a
                                                Data Ascii: /<;*ys9-TEFOlw_Q `rG+*|y0-5o)#M,kx$#O\U7f0!o6kBmfwQmWK"Aafwa=B`7aO5"LY`An8"FgPnU`Z8S=OZ0)8/<c#URhFJ


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                26192.168.2.549756157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:06 UTC690OUTGET /v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=0&byteend=825 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:07 UTC674INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=0&byteend=825
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:06 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                27192.168.2.549757157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:06 UTC692OUTGET /v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=826&byteend=881 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:07 UTC676INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=826&byteend=881
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:06 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                28192.168.2.549751157.240.0.64432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:06 UTC610OUTGET /rsrc.php/v3i-dF4/yB/l/en_GB/LQS7_eNXB7L.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                Host: static.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                Origin: https://www.facebook.com
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: script
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:07 UTC1988INHTTP/1.1 200 OK
                                                Content-Type: application/x-javascript; charset=utf-8
                                                Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                content-md5: Zf9DmSt9+//aiGyjW0Zk8Q==
                                                Expires: Thu, 03 Jul 2025 13:47:07 GMT
                                                Cache-Control: public,max-age=31536000,immutable
                                                reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                timing-allow-origin: *
                                                document-policy: force-load-at-top
                                                permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                cross-origin-resource-policy: cross-origin
                                                X-Content-Type-Options: nosniff
                                                report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                origin-agent-cluster: ?0
                                                X-FB-Debug: eRKwcmL8SRW+cBBgWhDUwDRZoE28ezet1XDaZ7hZ3pgfhXy7PNWEgj8DuApbZ2vrHN6HgYxrr8Phx2TAlzwczA==
                                                Date: Wed, 03 Jul 2024 13:47:07 GMT
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: MODERATE; q=0.3, rtt=239, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=102, ullat=0
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 107611
                                                2024-07-03 13:47:07 UTC1500INData Raw: 3b 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 41 63 74 6f 72 53 65 63 74 69 6f 6e 50 72 65 66 69 78 5f 61 63 74 6f 72 2e 67 72 61 70 68 71 6c 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 61 3d 7b 61 72 67 75 6d 65 6e 74 44 65 66 69 6e 69 74 69 6f 6e 73 3a 5b 5d 2c 6b 69 6e 64 3a 22 46 72 61 67 6d 65 6e 74 22 2c 6d 65 74 61 64 61 74 61 3a 6e 75 6c 6c 2c 6e 61 6d 65 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 41 63 74 6f 72 53 65 63 74 69 6f 6e 50 72 65 66 69 78 5f 61 63 74 6f 72 22 2c 73 65 6c 65 63 74 69 6f 6e 73 3a 5b 7b 61 6c 69 61 73 3a 6e 75 6c 6c 2c 61 72 67 73 3a 6e 75 6c 6c 2c 6b 69 6e 64 3a 22 53 63
                                                Data Ascii: ;/*FB_PKG_DELIM*/__d("CometVideoHomeActorSectionPrefix_actor.graphql",[],(function(a,b,c,d,e,f){"use strict";a={argumentDefinitions:[],kind:"Fragment",metadata:null,name:"CometVideoHomeActorSectionPrefix_actor",selections:[{alias:null,args:null,kind:"Sc
                                                2024-07-03 13:47:07 UTC1500INData Raw: 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 61 3d 61 3f 63 28 22 58 43 6f 6d 65 74 56 61 6e 69 74 79 4c 69 76 65 56 69 64 65 6f 73 43 6f 6e 74 72 6f 6c 6c 65 72 52 6f 75 74 65 42 75 69 6c 64 65 72 22 29 2e 62 75 69 6c 64 55 52 4c 28 7b 76 61 6e 69 74 79 3a 65 7d 29 3a 63 28 22 58 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 50 6c 61 79 6c 69 73 74 43 6f 6e 74 72 6f 6c 6c 65 72 52 6f 75 74 65 42 75 69 6c 64 65 72 22 29 2e 62 75 69 6c 64 55 52 4c 28 7b 69 64 6f 72 76 61 6e 69 74 79 3a 65 7d 29 3b 66 3d 28 66 3d 66 2e 70 72 6f 66 69 6c 65 5f 70 69 63 74 75 72 65 29 3d 3d 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 66 2e 75 72 69 3b 72 65 74 75 72 6e 20 66 3d 3d 6e 75 6c 6c 3f 6e 75 6c 6c 3a 6b 2e 6a 73 78 28 63 28 22 43 6f 6d 65 74 4c 69 6e 6b 2e 72 65 61 63
                                                Data Ascii: =null)return null;a=a?c("XCometVanityLiveVideosControllerRouteBuilder").buildURL({vanity:e}):c("XCometVideoHomePlaylistControllerRouteBuilder").buildURL({idorvanity:e});f=(f=f.profile_picture)==null?void 0:f.uri;return f==null?null:k.jsx(c("CometLink.reac
                                                2024-07-03 13:47:07 UTC1500INData Raw: 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 61 3d 7b 61 72 67 75 6d 65 6e 74 44 65 66 69 6e 69 74 69 6f 6e 73 3a 5b 5d 2c 6b 69 6e 64 3a 22 46 72 61 67 6d 65 6e 74 22 2c 6d 65 74 61 64 61 74 61 3a 6e 75 6c 6c 2c 6e 61 6d 65 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 47 65 6e 65 72 69 63 48 73 63 72 6f 6c 6c 43 61 72 64 5f 76 69 64 65 6f 73 22 2c 73 65 6c 65 63 74 69 6f 6e 73 3a 5b 7b 61 72 67 73 3a 6e 75 6c 6c 2c 6b 69 6e 64 3a 22 46 72 61 67 6d 65 6e 74 53 70 72 65 61 64 22 2c 6e 61 6d 65 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 47 65 6e 65 72 69 63 56 69 64 65 6f 48 73 63 72 6f 6c 6c 5f 76 69 64 65 6f 73 22 7d 5d 2c 74 79 70 65 3a 22 56 69 64 65 6f 48 6f 6d 65 53 65 63 74 69 6f 6e 22 2c 61 62 73
                                                Data Ascii: ion(a,b,c,d,e,f){"use strict";a={argumentDefinitions:[],kind:"Fragment",metadata:null,name:"CometVideoHomeGenericHscrollCard_videos",selections:[{args:null,kind:"FragmentSpread",name:"CometVideoHomeGenericVideoHscroll_videos"}],type:"VideoHomeSection",abs
                                                2024-07-03 13:47:07 UTC624INData Raw: 6c 2c 6b 69 6e 64 3a 22 53 63 61 6c 61 72 46 69 65 6c 64 22 2c 6e 61 6d 65 3a 22 70 6c 61 79 5f 63 6f 75 6e 74 5f 72 65 64 75 63 65 64 22 2c 73 74 6f 72 61 67 65 4b 65 79 3a 6e 75 6c 6c 7d 2c 7b 61 6c 69 61 73 3a 6e 75 6c 6c 2c 61 72 67 73 3a 6e 75 6c 6c 2c 63 6f 6e 63 72 65 74 65 54 79 70 65 3a 22 56 69 64 65 6f 22 2c 6b 69 6e 64 3a 22 4c 69 6e 6b 65 64 46 69 65 6c 64 22 2c 6e 61 6d 65 3a 22 70 6c 61 79 62 61 63 6b 5f 76 69 64 65 6f 22 2c 70 6c 75 72 61 6c 3a 21 31 2c 73 65 6c 65 63 74 69 6f 6e 73 3a 5b 7b 61 72 67 73 3a 6e 75 6c 6c 2c 6b 69 6e 64 3a 22 46 72 61 67 6d 65 6e 74 53 70 72 65 61 64 22 2c 6e 61 6d 65 3a 22 46 42 52 65 65 6c 73 49 46 55 54 69 6c 65 43 6f 6e 74 65 6e 74 5f 76 69 64 65 6f 22 7d 2c 7b 61 6c 69 61 73 3a 6e 75 6c 6c 2c 61 72 67 73
                                                Data Ascii: l,kind:"ScalarField",name:"play_count_reduced",storageKey:null},{alias:null,args:null,concreteType:"Video",kind:"LinkedField",name:"playback_video",plural:!1,selections:[{args:null,kind:"FragmentSpread",name:"FBReelsIFUTileContent_video"},{alias:null,args
                                                2024-07-03 13:47:07 UTC1500INData Raw: 78 70 6f 72 74 73 3d 61 7d 29 2c 6e 75 6c 6c 29 3b 0a 5f 5f 64 28 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 47 65 6e 65 72 69 63 48 73 63 72 6f 6c 6c 52 65 65 6c 49 74 65 6d 2e 72 65 61 63 74 22 2c 5b 22 66 62 74 22 2c 22 43 6f 6d 65 74 50 72 65 73 73 61 62 6c 65 2e 72 65 61 63 74 22 2c 22 43 6f 6d 65 74 52 65 6c 61 79 22 2c 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 47 65 6e 65 72 69 63 48 73 63 72 6f 6c 6c 52 65 65 6c 49 74 65 6d 5f 76 69 64 65 6f 52 65 6e 64 65 72 65 72 2e 67 72 61 70 68 71 6c 22 2c 22 46 42 52 65 65 6c 73 49 46 55 4e 61 6d 65 2e 72 65 61 63 74 22 2c 22 46 42 52 65 65 6c 73 49 46 55 54 69 6c 65 43 6f 6e 74 65 6e 74 2e 72 65 61 63 74 22 2c 22 46 42 52 65 65 6c 73 55 52 4c 55 74 69 6c 73 22 2c 22 72 65 61 63 74 22 5d 2c 28 66 75 6e
                                                Data Ascii: xports=a}),null);__d("CometVideoHomeGenericHscrollReelItem.react",["fbt","CometPressable.react","CometRelay","CometVideoHomeGenericHscrollReelItem_videoRenderer.graphql","FBReelsIFUName.react","FBReelsIFUTileContent.react","FBReelsURLUtils","react"],(fun
                                                2024-07-03 13:47:07 UTC1500INData Raw: 72 69 61 2d 6c 61 62 65 6c 22 3a 68 2e 5f 28 22 72 65 65 6c 22 29 2c 64 69 73 70 6c 61 79 3a 22 69 6e 6c 69 6e 65 22 2c 6c 69 6e 6b 50 72 6f 70 73 3a 7b 75 72 6c 3a 64 28 22 46 42 52 65 65 6c 73 55 52 4c 55 74 69 6c 73 22 29 2e 67 65 74 52 65 65 6c 73 55 52 4c 28 66 3d 3d 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 66 2e 69 64 2c 22 69 66 75 22 29 7d 2c 6f 76 65 72 6c 61 79 44 69 73 61 62 6c 65 64 3a 21 30 2c 78 73 74 79 6c 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 66 6f 63 75 73 65 64 2c 63 3d 61 2e 66 6f 63 75 73 56 69 73 69 62 6c 65 3b 61 3d 61 2e 68 6f 76 65 72 65 64 3b 72 65 74 75 72 6e 5b 6c 2e 74 69 6c 65 2c 6c 2e 62 75 74 74 6f 6e 2c 28 61 7c 7c 62 26 26 63 29 26 26 6c 2e 62 75 74 74 6f 6e 46 6f 63 75 73 65 64 2c 6c 2e 62 6f 78 53
                                                Data Ascii: ria-label":h._("reel"),display:"inline",linkProps:{url:d("FBReelsURLUtils").getReelsURL(f==null?void 0:f.id,"ifu")},overlayDisabled:!0,xstyle:function(a){var b=a.focused,c=a.focusVisible;a=a.hovered;return[l.tile,l.button,(a||b&&c)&&l.buttonFocused,l.boxS
                                                2024-07-03 13:47:07 UTC1500INData Raw: 64 46 69 65 6c 64 22 2c 6e 61 6d 65 3a 22 73 61 76 61 62 6c 65 5f 74 69 74 6c 65 22 2c 70 6c 75 72 61 6c 3a 21 31 2c 73 65 6c 65 63 74 69 6f 6e 73 3a 5b 7b 61 6c 69 61 73 3a 6e 75 6c 6c 2c 61 72 67 73 3a 6e 75 6c 6c 2c 6b 69 6e 64 3a 22 53 63 61 6c 61 72 46 69 65 6c 64 22 2c 6e 61 6d 65 3a 22 74 65 78 74 22 2c 73 74 6f 72 61 67 65 4b 65 79 3a 6e 75 6c 6c 7d 5d 2c 73 74 6f 72 61 67 65 4b 65 79 3a 6e 75 6c 6c 7d 2c 7b 61 6c 69 61 73 3a 6e 75 6c 6c 2c 61 72 67 73 3a 6e 75 6c 6c 2c 63 6f 6e 63 72 65 74 65 54 79 70 65 3a 6e 75 6c 6c 2c 6b 69 6e 64 3a 22 4c 69 6e 6b 65 64 46 69 65 6c 64 22 2c 6e 61 6d 65 3a 22 6f 77 6e 65 72 22 2c 70 6c 75 72 61 6c 3a 21 31 2c 73 65 6c 65 63 74 69 6f 6e 73 3a 5b 7b 61 6c 69 61 73 3a 6e 75 6c 6c 2c 61 72 67 73 3a 6e 75 6c 6c 2c
                                                Data Ascii: dField",name:"savable_title",plural:!1,selections:[{alias:null,args:null,kind:"ScalarField",name:"text",storageKey:null}],storageKey:null},{alias:null,args:null,concreteType:null,kind:"LinkedField",name:"owner",plural:!1,selections:[{alias:null,args:null,
                                                2024-07-03 13:47:07 UTC1500INData Raw: 2c 61 72 67 73 3a 6e 75 6c 6c 2c 6b 69 6e 64 3a 22 53 63 61 6c 61 72 46 69 65 6c 64 22 2c 6e 61 6d 65 3a 22 69 73 5f 6c 69 76 65 5f 73 74 72 65 61 6d 69 6e 67 22 2c 73 74 6f 72 61 67 65 4b 65 79 3a 6e 75 6c 6c 7d 2c 7b 61 6c 69 61 73 3a 6e 75 6c 6c 2c 61 72 67 73 3a 6e 75 6c 6c 2c 6b 69 6e 64 3a 22 53 63 61 6c 61 72 46 69 65 6c 64 22 2c 6e 61 6d 65 3a 22 69 73 5f 76 69 64 65 6f 5f 62 72 6f 61 64 63 61 73 74 22 2c 73 74 6f 72 61 67 65 4b 65 79 3a 6e 75 6c 6c 7d 2c 7b 61 6c 69 61 73 3a 6e 75 6c 6c 2c 61 72 67 73 3a 6e 75 6c 6c 2c 6b 69 6e 64 3a 22 53 63 61 6c 61 72 46 69 65 6c 64 22 2c 6e 61 6d 65 3a 22 70 6c 61 79 5f 63 6f 75 6e 74 22 2c 73 74 6f 72 61 67 65 4b 65 79 3a 6e 75 6c 6c 7d 2c 7b 61 6c 69 61 73 3a 6e 75 6c 6c 2c 61 72 67 73 3a 6e 75 6c 6c 2c 6b
                                                Data Ascii: ,args:null,kind:"ScalarField",name:"is_live_streaming",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"is_video_broadcast",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"play_count",storageKey:null},{alias:null,args:null,k
                                                2024-07-03 13:47:07 UTC1500INData Raw: 61 62 73 74 72 61 63 74 4b 65 79 3a 6e 75 6c 6c 7d 7d 28 29 3b 65 2e 65 78 70 6f 72 74 73 3d 61 7d 29 2c 6e 75 6c 6c 29 3b 0a 5f 5f 64 28 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 56 69 64 65 6f 4f 77 6e 65 72 4c 69 6e 6b 2e 72 65 61 63 74 22 2c 5b 22 43 6f 6d 65 74 46 65 65 64 53 74 6f 72 79 43 6c 69 63 6b 4c 6f 67 67 65 72 49 6d 70 6c 2e 72 65 61 63 74 22 2c 22 43 6f 6d 65 74 4c 69 6e 6b 2e 72 65 61 63 74 22 2c 22 43 6f 6d 65 74 52 65 6c 61 79 22 2c 22 43 6f 6d 65 74 54 72 61 63 6b 69 6e 67 43 6f 64 65 50 72 6f 76 69 64 65 72 2e 72 65 61 63 74 22 2c 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 56 69 64 65 6f 4f 77 6e 65 72 4c 69 6e 6b 5f 76 69 64 65 6f 2e 67 72 61 70 68 71 6c 22 2c 22 56 69 64 65 6f 48 6f 6d 65 4c 6f 67 67 69 6e 67 52 65 61 63 74 69
                                                Data Ascii: abstractKey:null}}();e.exports=a}),null);__d("CometVideoHomeVideoOwnerLink.react",["CometFeedStoryClickLoggerImpl.react","CometLink.react","CometRelay","CometTrackingCodeProvider.react","CometVideoHomeVideoOwnerLink_video.graphql","VideoHomeLoggingReacti
                                                2024-07-03 13:47:07 UTC1500INData Raw: 6e 67 43 6f 64 65 3a 65 2c 63 68 69 6c 64 72 65 6e 3a 6a 2e 6a 73 78 28 63 28 22 43 6f 6d 65 74 46 65 65 64 53 74 6f 72 79 43 6c 69 63 6b 4c 6f 67 67 65 72 49 6d 70 6c 2e 72 65 61 63 74 22 29 2c 7b 63 68 69 6c 64 72 65 6e 3a 6a 2e 6a 73 78 28 63 28 22 43 6f 6d 65 74 4c 69 6e 6b 2e 72 65 61 63 74 22 29 2c 62 61 62 65 6c 48 65 6c 70 65 72 73 5b 22 65 78 74 65 6e 64 73 22 5d 28 7b 7d 2c 61 2c 7b 68 72 65 66 3a 66 2c 6f 6e 43 6c 69 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3b 63 28 22 56 69 64 65 6f 48 6f 6d 65 54 79 70 65 64 4c 69 74 65 4c 6f 67 67 65 72 22 29 2e 6c 6f 67 28 7b 61 74 74 72 69 62 75 74 69 6f 6e 5f 69 64 5f 76 32 3a 6d 2c 63 6c 69 63 6b 5f 70 6f 69 6e 74 3a 22 70 72 6f 66 69 6c 65 5f 69 6e 66 6f 22 2c 65 76 65 6e 74 3a 22 63 6c
                                                Data Ascii: ngCode:e,children:j.jsx(c("CometFeedStoryClickLoggerImpl.react"),{children:j.jsx(c("CometLink.react"),babelHelpers["extends"]({},a,{href:f,onClick:function(){var a;c("VideoHomeTypedLiteLogger").log({attribution_id_v2:m,click_point:"profile_info",event:"cl


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                29192.168.2.549750157.240.0.64432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:07 UTC599OUTGET /rsrc.php/v3/yU/r/0RsSa8KyPzr.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                Host: static.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                Origin: https://www.facebook.com
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: script
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:07 UTC1986INHTTP/1.1 200 OK
                                                Content-Type: application/x-javascript; charset=utf-8
                                                Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                content-md5: 75ONkgM0PuAgE5SzfrbjiQ==
                                                Expires: Fri, 27 Jun 2025 15:07:05 GMT
                                                Cache-Control: public,max-age=31536000,immutable
                                                reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
                                                timing-allow-origin: *
                                                document-policy: force-load-at-top
                                                permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                cross-origin-resource-policy: cross-origin
                                                X-Content-Type-Options: nosniff
                                                report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                origin-agent-cluster: ?0
                                                X-FB-Debug: IDG7BC9fG6rVYAveiRLhGpUAYYYSCG4GNMApo+XyHvVBsuOkc4xM+TOJ41sPHViJX8f3bGQztoWqLVi5Dqu8JA==
                                                Date: Wed, 03 Jul 2024 13:47:07 GMT
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: MODERATE; q=0.3, rtt=166, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 36902
                                                2024-07-03 13:47:07 UTC1INData Raw: 3b
                                                Data Ascii: ;
                                                2024-07-03 13:47:07 UTC15835INData Raw: 2f 2a 46 42 5f 50 4b 47 5f 44 45 4c 49 4d 2a 2f 0a 0a 5f 5f 64 28 22 42 61 73 65 42 61 64 67 65 41 6c 69 67 6e 65 72 2e 72 65 61 63 74 22 2c 5b 22 42 61 73 65 56 69 65 77 2e 72 65 61 63 74 22 2c 22 72 65 61 63 74 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 68 2c 69 3d 68 7c 7c 64 28 22 72 65 61 63 74 22 29 2c 6a 3d 7b 63 65 6e 74 65 72 3a 7b 61 6c 69 67 6e 49 74 65 6d 73 3a 22 78 36 73 30 64 6e 34 22 2c 65 6e 64 3a 22 78 6f 6f 34 76 73 70 22 2c 6c 65 66 74 3a 6e 75 6c 6c 2c 72 69 67 68 74 3a 6e 75 6c 6c 2c 73 74 61 72 74 3a 22 78 31 6d 62 38 6d 70 68 22 2c 6a 75 73 74 69 66 79 43 6f 6e 74 65 6e 74 3a 22 78 31 33 61 36 62 76 6c 22 2c 24 24 63 73 73 3a 21 30 7d 2c 6c
                                                Data Ascii: /*FB_PKG_DELIM*/__d("BaseBadgeAligner.react",["BaseView.react","react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||d("react"),j={center:{alignItems:"x6s0dn4",end:"xoo4vsp",left:null,right:null,start:"x1mb8mph",justifyContent:"x13a6bvl",$$css:!0},l
                                                2024-07-03 13:47:08 UTC16384INData Raw: 70 45 6e 64 52 61 64 69 75 73 3a 22 78 31 33 6c 67 78 70 32 22 2c 62 6f 72 64 65 72 42 6f 74 74 6f 6d 45 6e 64 52 61 64 69 75 73 3a 22 78 35 70 66 39 6a 72 22 2c 62 6f 72 64 65 72 42 6f 74 74 6f 6d 53 74 61 72 74 52 61 64 69 75 73 3a 22 78 6f 37 31 76 6a 68 22 2c 24 24 63 73 73 3a 21 30 7d 7d 3b 66 75 6e 63 74 69 6f 6e 20 61 28 61 29 7b 76 61 72 20 62 3d 61 2e 61 72 69 61 48 69 64 64 65 6e 2c 64 3d 61 2e 62 61 64 67 65 2c 65 3d 61 2e 62 61 64 67 65 41 6c 69 67 6e 2c 66 3d 61 2e 65 78 70 61 6e 64 69 6e 67 3b 66 3d 66 3d 3d 3d 76 6f 69 64 20 30 3f 21 31 3a 66 3b 76 61 72 20 67 3d 61 2e 6c 61 62 65 6c 2c 69 3d 61 2e 6f 72 69 65 6e 74 61 74 69 6f 6e 2c 74 3d 69 3d 3d 3d 76 6f 69 64 20 30 3f 22 61 73 63 65 6e 64 69 6e 67 22 3a 69 3b 69 3d 61 2e 73 68 61 70 65
                                                Data Ascii: pEndRadius:"x13lgxp2",borderBottomEndRadius:"x5pf9jr",borderBottomStartRadius:"xo71vjh",$$css:!0}};function a(a){var b=a.ariaHidden,d=a.badge,e=a.badgeAlign,f=a.expanding;f=f===void 0?!1:f;var g=a.label,i=a.orientation,t=i===void 0?"ascending":i;i=a.shape
                                                2024-07-03 13:47:08 UTC4682INData Raw: 21 30 29 7d 2c 61 63 72 6f 73 73 54 72 61 6e 73 69 74 69 6f 6e 73 57 69 74 68 42 6c 6f 63 6b 69 6e 67 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 29 7b 72 65 74 75 72 6e 20 68 28 61 2c 62 2c 64 2c 63 28 22 73 65 74 54 69 6d 65 6f 75 74 41 63 72 6f 73 73 54 72 61 6e 73 69 74 69 6f 6e 73 22 29 2c 21 30 29 7d 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 68 28 61 2c 62 2c 64 2c 65 2c 66 29 7b 76 61 72 20 67 3d 62 3d 3d 6e 75 6c 6c 3f 31 30 30 3a 62 2c 68 2c 69 3d 6e 75 6c 6c 2c 6a 3d 30 2c 6b 3d 6e 75 6c 6c 2c 6c 3d 5b 5d 2c 6d 3d 63 28 22 54 69 6d 65 53 6c 69 63 65 22 29 2e 67 75 61 72 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6a 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 69 66 28 69 29 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 62 29 7b 61 2e 61 70 70 6c 79 28 68 2c 62
                                                Data Ascii: !0)},acrossTransitionsWithBlocking:function(a,b,d){return h(a,b,d,c("setTimeoutAcrossTransitions"),!0)}});function h(a,b,d,e,f){var g=b==null?100:b,h,i=null,j=0,k=null,l=[],m=c("TimeSlice").guard(function(){j=Date.now();if(i){var b=function(b){a.apply(h,b


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                30192.168.2.549755157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:07 UTC708OUTGET /v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=0&byteend=823 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:07 UTC692INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=0&byteend=823
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:07 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                31192.168.2.549762157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:07 UTC914OUTGET /v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=0&byteend=823 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:07 UTC589INHTTP/1.1 200 OK
                                                Last-Modified: Wed, 26 Jun 2024 02:11:05 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 2554065408
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:07 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 824
                                                2024-07-03 13:47:07 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:07 UTC823INData Raw: 00 00 24 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 63 6d 66 63 00 00 03 14 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 a1 29 38 e2 a1 29 38 00 00 ac 44 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61 6b 61 2d 70
                                                Data Ascii: $ftypmp41iso8isommp41dashcmfcmoovlmvhd)8)8D@meta hdlrID32`ID32ID3HPRIV>https://github.com/shaka-p


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                32192.168.2.549761157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:07 UTC916OUTGET /v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=824&byteend=903 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:07 UTC588INHTTP/1.1 200 OK
                                                Last-Modified: Wed, 26 Jun 2024 02:11:05 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 2554065408
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:07 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 80
                                                2024-07-03 13:47:07 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:07 UTC79INData Raw: 00 00 50 73 69 64 78 00 00 00 00 00 00 00 01 00 00 ac 44 00 00 00 00 00 00 00 00 00 00 00 04 00 00 45 25 00 01 5c 3e 90 00 00 00 00 00 3f 9d 00 01 58 00 90 00 00 00 00 00 3f b0 00 01 58 00 90 00 00 00 00 00 0a c9 00 00 37 82 90 00 00 00
                                                Data Ascii: PsidxDE%\>?X?X7


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                33192.168.2.549763157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:07 UTC918OUTGET /v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=904&byteend=18604 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:07 UTC591INHTTP/1.1 200 OK
                                                Last-Modified: Wed, 26 Jun 2024 02:11:05 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 2554065408
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:07 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 17701
                                                2024-07-03 13:47:07 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:07 UTC1500INData Raw: 00 01 34 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 01 1c 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 08 00 00 00 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 00 cc 74 72 75 6e 00 00 02 01 00 00 00 2e 00 00 01 3c 00 00 01 73 00 00 01 74 00 00 01 73 00 00 01 ef 00 00 01 e5 00 00 01 d6 00 00 01 c3 00 00 01 b0 00 00 01 a3 00 00 01 90 00 00 01 8b 00 00 01 88 00 00 01 81 00 00 01 72 00 00 01 62 00 00 01 4d 00 00 01 56 00 00 01 7a 00 00 01 85 00 00 01 79 00 00 01 79 00 00 01 68 00 00 01 73 00 00 01 5d 00 00 01 69 00 00 01 94 00 00 01 6c 00 00 01 6f 00 00 01 5a 00 00 01 52 00 00 01 65 00 00 01 57 00 00 01 63 00 00 01 5a 00 00 01 79 00 00 01 65 00 00 01 9e 00 00 01 9d 00 00 01 6a 00 00 01 54
                                                Data Ascii: 4moofmfhdtraftfhd*tfdttrun.<stsrbMVzyyhs]iloZReWcZyejT
                                                2024-07-03 13:47:07 UTC15428INData Raw: 98 a4 28 fb bb a8 d8 e5 a6 04 a5 13 62 85 c2 f3 0e 0b 1c 94 fc 41 22 9f da b5 37 c5 31 4a e0 48 73 90 b9 9e 58 5a 61 b0 14 2f 13 c9 09 84 ac c5 8e d8 d2 31 1e 83 39 78 67 2b be d1 bc 02 b2 93 17 89 4e b0 79 fe 39 59 5e 95 2f 4a 48 95 87 8a 75 77 be 77 7b 52 48 90 7c 5c e1 97 1f 2e 36 31 5a e7 26 80 fe 0e 69 b1 73 5f 41 4a ac 40 a0 f3 88 8e 8a 28 88 2c 6d 27 95 57 39 95 42 b1 24 6c 2c 0d ef a9 51 13 80 da 9e dc b7 66 4a a5 0a 56 b4 a5 de 6f fa ad 73 52 11 5b 88 a0 a1 0f 70 82 f7 56 5d 26 8f 4a e8 56 83 54 e3 ae b7 53 aa 49 3d 0d 1c ca 1e f5 5b da ef 45 44 88 28 22 28 a5 96 f3 6e ce 24 60 33 b5 ef f1 22 09 40 1c a5 17 21 8e 1f f3 77 54 89 07 01 21 3a 2e 23 d8 c4 36 51 b2 cc 82 0b 96 ab 8e 77 61 26 1e 19 e8 ec e8 d0 10 d6 7a 17 04 6f bf 07 8f 34 ad 4c fd 9e
                                                Data Ascii: (bA"71JHsXZa/19xg+Ny9Y^/JHuww{RH|\.61Z&is_AJ@(,m'W9B$l,QfJVosR[pV]&JVTSI=[ED("(n$`3"@!wT!:.#6Qwa&zo4L
                                                2024-07-03 13:47:07 UTC772INData Raw: 19 a7 ba c7 f2 a2 ca 2c 16 43 b1 60 07 dc 37 8d 68 7e 49 2f c9 27 ff d0 42 94 bb f8 6b 7a 36 bf 93 6d b6 ff 0a 52 ef e1 ad e8 da fe 4d b6 db fc 0e 7d 8e 7d a0 41 02 00 70 21 1b 55 3c 39 26 c3 80 b1 60 2c 23 2a 54 61 a1 76 d8 6f 51 51 32 0b 54 20 12 48 bd 2b 2f 25 30 03 9b 60 72 d5 8a 18 8a 60 ee 2c 46 b1 1a b5 44 75 2b 4e af c7 7f 8a 87 f6 01 07 8b d3 f0 82 a0 4b 91 a0 30 d0 d2 bb 15 ad 1a 7d 7d 91 90 8c 6d e4 4c fd aa 77 f6 91 b7 a7 fd 0a 94 fa fc 3c 75 9f 14 e6 c3 a1 0e ff 51 4f 6e a1 9f cb e6 dc 66 fc 7c 38 c0 aa dc 73 5d 03 15 c5 83 9d 68 4f ba 79 6c 63 10 b2 5a f0 9e fc c4 66 b5 42 3b 2d 49 48 37 d9 32 54 60 a6 9f 42 b7 93 96 7c 92 67 6e ad 56 a3 0d 0a cc 14 0a c2 cd 11 0a c6 31 44 52 dd 97 97 d1 14 17 d7 db 35 55 30 d8 f7 4e 48 32 10 78 1c 90 5e d7
                                                Data Ascii: ,C`7h~I/'Bkz6mRM}}Ap!U<9&`,#*TavoQQ2T H+/%0`r`,FDu+NK0}}mLw<uQOnf|8s]hOylcZfB;-IH72T`B|gnV1DR5U0NH2x^


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                34192.168.2.549758157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:07 UTC896OUTGET /v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=0&byteend=825 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:07 UTC588INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 15:30:05 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 147437747
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:07 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 826
                                                2024-07-03 13:47:07 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:07 UTC825INData Raw: 00 00 28 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 61 76 30 31 63 6d 66 63 00 00 03 12 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 a9 cd 7c e2 a9 cd 7c 00 00 3c 00 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61
                                                Data Ascii: (ftypmp41iso8isommp41dashav01cmfcmoovlmvhd||<@meta hdlrID32`ID32ID3HPRIV>https://github.com/sha


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                35192.168.2.549760157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:07 UTC695OUTGET /v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=882&byteend=122743 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:08 UTC679INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=882&byteend=122743
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:08 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                36192.168.2.549764157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:07 UTC898OUTGET /v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=826&byteend=905 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:08 UTC587INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 15:30:05 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 147437747
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:08 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=13, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 80
                                                2024-07-03 13:47:08 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:08 UTC79INData Raw: 00 00 50 73 69 64 78 00 00 00 00 00 00 00 01 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 04 00 01 58 63 00 01 2c 00 10 00 00 00 00 01 1a 08 00 01 2c 00 10 00 00 00 00 01 21 af 00 01 2c 00 10 00 00 00 00 00 42 7b 00 00 24 00 10 00 00 00
                                                Data Ascii: Psidx<Xc,,!,B{$


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                37192.168.2.549769157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:08 UTC710OUTGET /v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=824&byteend=915 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:08 UTC694INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=824&byteend=915
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:08 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                38192.168.2.549770157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:08 UTC694OUTGET /v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=0&byteend=817 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:08 UTC678INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=0&byteend=817
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:08 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                39192.168.2.549768157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:08 UTC696OUTGET /v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=818&byteend=873 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:08 UTC680INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=818&byteend=873
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:08 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                40192.168.2.549765157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:08 UTC900OUTGET /v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=906&byteend=89068 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:08 UTC590INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 15:30:05 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 147437747
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:08 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=37, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 88163
                                                2024-07-03 13:47:08 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:08 UTC1500INData Raw: 00 02 bc 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 02 a4 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 02 00 00 01 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 02 70 74 72 75 6e 00 00 02 05 00 00 00 96 00 00 02 c4 00 00 00 00 00 00 77 81 00 00 09 30 00 00 00 03 00 00 00 2f 00 00 00 03 00 00 00 3b 00 00 00 03 00 00 00 17 00 00 00 03 00 00 01 94 00 00 00 03 00 00 00 2d 00 00 00 03 00 00 00 e3 00 00 00 03 00 00 00 41 00 00 00 03 00 00 09 2f 00 00 00 03 00 00 00 2e 00 00 00 03 00 00 00 91 00 00 00 03 00 00 00 23 00 00 00 03 00 00 00 ff 00 00 00 03 00 00 00 1e 00 00 00 03 00 00 00 9b 00 00 00 03 00 00 00 27 00 00 00 03 00 00 09 1e 00 00 00 03 00 00 00 28 00 00 00 03 00 00 00 78 00 00 00 03
                                                Data Ascii: moofmfhdtraftfhd*tfdtptrunw0/;-A/.#'(x
                                                2024-07-03 13:47:08 UTC15426INData Raw: 75 ce ce e4 90 41 21 46 2f 5e 78 f4 df 78 c7 d5 f3 eb 1f a1 16 95 11 09 78 c0 1e 68 0d f2 2e a0 87 45 38 4d 06 9b cf 55 c0 b0 c9 eb 3b 0c e4 d0 9d a8 f5 31 d6 b3 cd 2c 55 89 4f 11 de 1c 1c 33 cb cd fb 80 97 7e 24 1e fa a6 f6 fb 3b 89 b2 7a 47 99 f2 73 33 96 86 49 d7 fe d4 5e d9 80 64 52 25 41 8c f8 18 77 d4 53 51 02 18 a3 67 df 67 98 6a af d3 65 0f 0f 6b 97 a4 7c dd d2 21 cb df c6 b2 a2 f6 ef 36 f4 34 fa 3c 42 19 c0 3f d7 f8 60 c2 f7 6f 67 5b 9a 85 27 09 e2 29 28 45 e0 48 88 ea e6 66 38 7c ca 42 65 62 3b 54 37 f9 82 95 fd 5a f6 d6 26 31 ab 3f a8 ae 78 89 19 06 0f c5 57 d4 1b bc 88 71 7d d8 82 8c 0b da 63 88 cd 4c e3 f6 11 bf 6f 3e 5c c1 02 a7 06 ac f6 44 51 1f 72 88 82 b8 11 5a fb 8d 40 36 08 72 ac 7b ab d0 0f 07 cf 75 94 87 a2 15 40 d9 74 dd 89 21 ea ab
                                                Data Ascii: uA!F/^xxxh.E8MU;1,UO3~$;zGs3I^dR%AwSQggjek|!64<B?`og[')(EHf8|Beb;T7Z&1?xWq}cLo>\DQrZ@6r{u@t!
                                                2024-07-03 13:47:08 UTC16384INData Raw: 08 8b 54 1d 79 25 2d 83 68 65 e1 1b 46 b9 6b 12 d9 78 e5 55 c6 bc e2 7f 96 92 69 96 7e 65 00 d0 fc d7 ec ad e4 2e e0 2f 05 03 94 6f 9f c1 96 1d f3 5d a4 39 3a 5d e8 0e 7e 94 3e 29 6f 05 92 87 5e 7a 5c c0 0b 36 49 d9 c8 25 a0 cf 76 91 5d 94 85 19 f9 90 26 f1 e4 f4 67 85 04 83 6f a1 d0 87 62 d3 2a 58 5f 6f 6f ad 8f b6 f8 53 77 32 e2 aa 8c 8f 10 f6 69 f5 15 f9 9f 18 6b e6 67 40 0a 17 d2 ab 73 3f c2 e0 1b d8 72 5c 13 dc 2e 35 c7 de 96 56 77 8c 5d 77 79 54 bd e7 9e 35 99 cd 48 a6 0e 6f 08 d6 1d 8b 60 62 6f ef 80 87 07 72 9a 62 73 f9 aa 09 f7 32 de a5 22 61 51 19 b1 77 d4 dc 73 2d b5 1d b9 ce d6 35 20 6b 98 94 c2 96 cc 0c d5 6f e6 69 6f 5a d2 b9 1b 56 1f 63 ca 28 aa aa e3 d0 0c 56 9f aa f3 6f 55 41 3c 8e 69 96 22 de 8b 52 12 d7 0b b4 71 42 bc 79 a2 df 61 ea b3
                                                Data Ascii: Ty%-heFkxUi~e./o]9:]~>)o^z\6I%v]&gob*X_ooSw2ikg@s?r\.5Vw]wyT5Ho`borbs2"aQws-5 koioZVc(VoUA<i"RqBya
                                                2024-07-03 13:47:08 UTC16384INData Raw: 14 2f 7f a0 c4 23 98 02 d6 50 50 62 69 eb bf 10 01 4b f7 d9 49 51 e4 26 e5 42 9c e8 c0 90 4b 0b 2b 83 56 04 32 6f 28 04 84 04 92 61 9d 33 53 13 00 00 03 02 00 07 00 f6 b8 b0 d7 50 74 8f a9 59 3b c0 ab 25 30 f3 d4 10 29 1b 69 e0 d9 56 d7 76 79 94 00 b3 3f ef 05 f6 11 18 53 8f 2a 03 e6 30 62 33 21 2c 8d 21 76 6b 7f f0 7e 29 75 be cd a2 6c be 50 1f 2a d9 fb 0a d9 a3 b6 c7 f0 4f dc 74 5d 6a 5b 7a fc 13 d6 06 5d 7d 80 b9 e3 55 d5 71 3c 26 36 44 88 32 83 01 28 02 88 04 92 ae 9d 36 d3 13 00 00 03 3e f0 07 00 fa d5 4b a3 3c 6c 40 92 ec b2 1d 48 39 21 4e 9d 54 8d 1e d7 61 3a ba c1 aa 71 3f 24 d5 13 fc 47 73 60 b8 01 31 1b 8e f1 b0 74 f2 c0 0a f8 a1 de 93 1d c7 0b cb 2a 7c fb f7 56 7f 36 5b 1d 21 f5 b6 dc 1b 5b 44 6c 04 48 44 49 5a 57 6d 19 72 17 46 d8 15 71 f3 ef
                                                Data Ascii: /#PPbiKIQ&BK+V2o(a3SPtY;%0)iVvy?S*0b3!,!vk~)ulP*Ot]j[z]}Uq<&6D2(6>K<l@H9!NTa:q?$Gs`1t*|V6[![DlHDIZWmrFq
                                                2024-07-03 13:47:08 UTC14935INData Raw: 59 4c c6 ba dd 43 5d 18 84 49 93 da 58 8f ca 6c cd 28 86 a5 62 55 66 a3 bf 84 7c 4e 00 40 c0 74 85 18 11 59 ca 07 a4 37 30 7d d4 cb 60 f3 22 7a 45 19 07 07 b7 94 1b 9f df 46 86 ee 15 99 ed a9 2a 24 f3 61 aa 76 c7 5d d5 2d 66 da f7 0b 0c 40 fc 68 3d 36 a6 2b da 80 0e 56 84 bc 70 11 e7 49 73 6f 63 d2 72 bc 6e 4e 6e 67 66 81 e1 5e 4b bd f1 f5 6e ca 3f 9a 16 2f b9 3c df 05 0a 82 76 ba ef fe b4 75 77 ae 71 4c b7 f4 95 44 d3 0b 82 0b 0f 20 71 09 6e f7 e4 71 36 f4 01 63 d6 e6 40 bd 89 be f7 0b 69 d7 8b 86 90 13 f7 b1 2f 00 3b 7b e4 1e 00 51 aa c2 6a 7b ae 02 a7 4c a7 c9 9c 0e 1d 19 b4 c2 dc 06 d8 5e f5 7d 3b 86 0e 30 33 32 85 f8 19 83 f0 6e 7c 23 95 2f e3 62 2e 50 34 2b 42 f5 8a 79 1f dd b1 dc 32 b8 01 28 54 24 03 59 8a 1d 34 53 13 00 00 03 3e f0 07 00 fe eb f2
                                                Data Ascii: YLC]IXl(bUf|N@tY70}`"zEF*$av]-f@h=6+VpIsocrnNngf^Kn?/<vuwqLD qnq6c@i/;{Qj{L^};032n|#/b.P4+By2(T$Y4S>
                                                2024-07-03 13:47:08 UTC1500INData Raw: 6b 12 e2 22 bf 3d f7 7b e0 31 d1 1a ea d7 30 bc 6b 77 34 6f 0e 30 a6 c9 5c 12 ec d3 46 23 a5 fe c3 13 5a 75 ab 8d ae 63 fa e5 91 d1 0b 4a 50 53 8a 05 9f 62 cc 19 18 c5 31 db ea 21 d7 91 67 8e 35 8d f6 a7 27 3a 70 63 1f 2e 77 91 85 b0 2b b4 8f 74 d6 82 3e bc f4 2f af d8 32 71 4f fb d0 15 27 cf 4b 88 0b 91 d1 3f 78 77 c9 f9 d5 9c 7d ee fa 18 7f d2 54 1a 06 25 ea b5 de 10 15 56 73 e8 75 1f 2c 8f 72 52 38 d2 f7 d9 82 f9 48 84 46 57 3a b4 2e e3 90 41 d8 93 ad a1 7b 53 e7 77 ac d8 0f ac 1f 75 c0 23 2d d5 a7 31 47 b2 fc 7f ae 2c 81 ac ab 5e 20 b5 a0 bf ff b9 2b c9 d2 4b 3b e3 39 b3 2c 77 a1 50 06 be e8 2b b2 f7 d6 93 77 7c 25 ab db 1b 12 11 96 35 ed 4f 5a 34 eb ac 48 aa 5b 04 d6 38 6a 09 50 ce d2 8a 39 de f1 29 9b 61 e2 8c c7 45 e7 2f 45 ad c0 fd af cd d7 c6 e6
                                                Data Ascii: k"={10kw4o0\F#ZucJPSb1!g5':pc.w+t>/2qO'K?xw}T%Vsu,rR8HFW:.A{Swu#-1G,^ +K;9,wP+w|%5OZ4H[8jP9)aE/E
                                                2024-07-03 13:47:08 UTC16333INData Raw: 54 a7 3a 17 de f2 02 ca 64 95 75 ef 51 19 e0 b1 8b 44 b3 42 81 34 40 09 6c e0 1e 4d 29 46 80 48 73 37 65 4d 78 74 ac 4d 91 37 cf f3 bb dd ab 20 9f 64 10 3e f5 61 10 8a 8d 53 1a 15 37 f9 50 35 4b c7 49 f4 95 d4 c0 68 40 f7 1f f7 d8 51 6b 33 46 0d e0 21 71 d1 23 cf 2f 18 aa 09 78 56 34 f3 02 06 6d 9b a8 ba c3 87 ad 38 7d 0c 23 78 e9 0e f7 9e c1 21 32 76 71 92 b7 05 b4 30 58 15 53 dc 87 dd a8 bc 45 cd 03 99 a3 a3 8d 1e d8 3c aa a4 ec d0 82 f0 41 e8 9e 99 de ea 38 1d ff 8a 65 f0 a2 9a 88 26 d2 98 ae 39 4a aa 93 9d ef 4e 26 0c 5d d4 04 9d 30 ad 72 e9 22 fc b1 57 9a 11 b0 8b 66 42 2d 78 42 09 12 ef 5a 80 8d ac 71 5b 76 8c 7b f4 c8 70 41 c2 4b c0 c9 21 12 18 db bc c5 f6 ac 6a 1b c9 4a 55 eb 4e 2f 47 59 12 9c 48 4f 63 8a 90 a2 0b 4d f5 88 78 09 48 14 db 93 4e 01
                                                Data Ascii: T:duQDB4@lM)FHs7eMxtM7 d>aS7P5KIh@Qk3F!q#/xV4m8}#x!2vq0XSE<A8e&9JN&]0r"WfB-xBZq[v{pAK!jJUN/GYHOcMxHN
                                                2024-07-03 13:47:08 UTC5700INData Raw: 02 c2 39 e5 c3 f1 52 ed 81 a5 8a 1e 4d 5d 71 b9 03 16 cf 20 d3 23 b5 bf 7d 79 fc 68 87 ef 93 1e 2b a6 ee 54 56 0d 29 2b 23 da 18 a4 a1 90 25 b7 0d eb 02 a3 38 4a a1 b1 02 33 9b 83 ee c5 08 db 97 f2 0d 98 cd 6e 7d 07 f1 65 83 99 22 99 33 66 6b 53 6c 44 0d 0a 45 62 21 fa 5f 92 7a 7d fe f1 ae 13 cb a4 7e 38 86 6f 39 57 53 4d 26 45 da d3 ef 56 e7 69 ec 11 c4 7f 85 73 28 a8 1a f4 47 61 78 70 20 94 ee fe c8 0f 17 8a e9 79 97 5d 24 b1 de dc 19 dd 7a bd 3f 57 18 a7 20 c1 dd e0 9e 93 20 50 92 89 c2 fb 0e 10 94 b1 64 55 74 14 6a 2a 46 16 51 b9 68 95 2f aa 16 65 cf be 09 1f 7c 71 a5 a5 8b d1 55 37 4b 59 35 14 44 85 b5 71 5b e0 de 52 86 e0 7f 6c 25 8f 7e c5 0b 0d 53 d6 70 90 18 8f 51 62 2a 3b ca 6d 36 51 9e 76 02 e5 a2 ca 65 c7 f6 69 44 94 b4 f2 0e 17 5f fb 95 a6 3b
                                                Data Ascii: 9RM]q #}yh+TV)+#%8J3n}e"3fkSlDEb!_z}~8o9WSM&EVis(Gaxp y]$z?W PdUtj*FQh/e|qU7KY5Dq[Rl%~SpQb*;m6QveiD_;


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                41192.168.2.549774157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:08 UTC916OUTGET /v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=0&byteend=823 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:08 UTC589INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 09:01:20 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 1747466157
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:08 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 824
                                                2024-07-03 13:47:08 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:08 UTC823INData Raw: 00 00 24 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 63 6d 66 63 00 00 03 14 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 a9 72 5f e2 a9 72 5f 00 00 ac 44 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61 6b 61 2d 70
                                                Data Ascii: $ftypmp41iso8isommp41dashcmfcmoovlmvhdr_r_D@meta hdlrID32`ID32ID3HPRIV>https://github.com/shaka-p


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                42192.168.2.549780157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:08 UTC918OUTGET /v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=824&byteend=951 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:08 UTC589INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 09:01:20 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 1747466157
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:08 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 128
                                                2024-07-03 13:47:08 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:08 UTC127INData Raw: 00 00 80 73 69 64 78 00 00 00 00 00 00 00 01 00 00 ac 44 00 00 00 00 00 00 00 00 00 00 00 08 00 00 46 11 00 01 5c 3e 90 00 00 00 00 00 3f 5e 00 01 58 00 90 00 00 00 00 00 3f e0 00 01 58 00 90 00 00 00 00 00 3f 97 00 01 58 00 90 00 00 00 00 00 3f e9 00 01 58 00 90 00 00 00 00 00 3f 26 00 01 58 00 90 00 00 00 00 00 3f 8a 00 01 58 00 90 00 00 00 00 00 30 b9 00 01 08 00 90 00 00 00
                                                Data Ascii: sidxDF\>?^X?X?X?X?&X?X0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                43192.168.2.549773157.240.0.354432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:08 UTC911OUTPOST /ajax/bulk-route-definitions/ HTTP/1.1
                                                Host: www.facebook.com
                                                Connection: keep-alive
                                                Content-Length: 702
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Content-Type: application/x-www-form-urlencoded
                                                X-FB-LSD: AVqIzvvP8QI
                                                sec-ch-ua-platform-version: "10.0.0"
                                                X-ASBD-ID: 129477
                                                sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                sec-ch-ua-model: ""
                                                sec-ch-prefers-color-scheme: light
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/video
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:08 UTC702OUTData Raw: 72 6f 75 74 65 5f 75 72 6c 73 5b 30 5d 3d 25 32 46 76 69 64 65 6f 26 72 6f 75 74 69 6e 67 5f 6e 61 6d 65 73 70 61 63 65 3d 66 62 5f 63 6f 6d 65 74 26 5f 5f 61 61 69 64 3d 30 26 5f 5f 75 73 65 72 3d 30 26 5f 5f 61 3d 31 26 5f 5f 72 65 71 3d 31 26 5f 5f 68 73 3d 31 39 39 30 37 2e 48 59 50 25 33 41 63 6f 6d 65 74 5f 6c 6f 67 67 65 64 6f 75 74 5f 70 6b 67 2e 32 2e 31 2e 2e 30 2e 30 26 64 70 72 3d 31 26 5f 5f 63 63 67 3d 47 4f 4f 44 26 5f 5f 72 65 76 3d 31 30 31 34 36 34 37 36 35 32 26 5f 5f 73 3d 68 6e 69 67 73 69 25 33 41 77 66 39 6a 65 64 25 33 41 71 63 77 79 6f 35 26 5f 5f 68 73 69 3d 37 33 38 37 34 30 35 36 37 35 32 30 39 35 30 38 33 32 39 26 5f 5f 64 79 6e 3d 37 78 65 55 6d 77 6c 45 6e 77 6e 38 4b 32 57 6d 68 30 6e 6f 36 75 35 55 34 65 30 79 6f 57 33 71
                                                Data Ascii: route_urls[0]=%2Fvideo&routing_namespace=fb_comet&__aaid=0&__user=0&__a=1&__req=1&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&dpr=1&__ccg=GOOD&__rev=1014647652&__s=hnigsi%3Awf9jed%3Aqcwyo5&__hsi=7387405675209508329&__dyn=7xeUmwlEnwn8K2Wmh0no6u5U4e0yoW3q
                                                2024-07-03 13:47:08 UTC994INHTTP/1.1 200 OK
                                                Content-Type: text/javascript; charset=utf-8
                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown&brsid=7387405717241831803", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown&brsid=7387405717241831803"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                2024-07-03 13:47:08 UTC1859INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27
                                                Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net '
                                                2024-07-03 13:47:08 UTC2005INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 61 74 74 65 72 79 3d 28 73 65 6c 66 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f
                                                Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewpo
                                                2024-07-03 13:47:08 UTC21INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a
                                                Data Ascii: Connection: close
                                                2024-07-03 13:47:08 UTC2990INData Raw: 35 62 32 63 0d 0a 66 6f 72 20 28 3b 3b 29 3b 7b 22 70 61 79 6c 6f 61 64 22 3a 7b 22 70 61 79 6c 6f 61 64 73 22 3a 7b 22 2f 76 69 64 65 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 66 61 6c 73 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 72 6f 75 74 65 5f 64 65 66 69 6e 69 74 69 6f 6e 22 2c 22 65 78 70 6f 72 74 73 22 3a 7b 22 61 63 74 6f 72 49 44 22 3a 22 30 22 2c 22 72 6f 6f 74 56 69 65 77 22 3a 7b 22 61 6c 6c 52 65 73 6f 75 72 63 65 73 22 3a 5b 7b 22 5f 5f 6a 73 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 4c 4f 45 48 6f 6d 65 52 6f 6f 74 2e 72 65 61 63 74 22 7d 2c 7b 22 5f 5f 6a 73 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 4c 4f 45 48 6f 6d 65 52 6f 6f 74 2e 65 6e 74 72 79 70 6f 69 6e 74 22 7d 2c 7b 22 5f 5f 6a 73 72 22 3a 22
                                                Data Ascii: 5b2cfor (;;);{"payload":{"payloads":{"/video":{"error":false,"result":{"type":"route_definition","exports":{"actorID":"0","rootView":{"allResources":[{"__jsr":"CometVideoHomeLOEHomeRoot.react"},{"__jsr":"CometVideoHomeLOEHomeRoot.entrypoint"},{"__jsr":"
                                                2024-07-03 13:47:08 UTC1500INData Raw: 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 30 39 33 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 30 39 34 30 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 30 34 33 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 30 39 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 31 31 38 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 31 31 39 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 31 32 30 22 3a 7b 22
                                                Data Ascii: sult":true,"hash":null},"20936":{"result":true,"hash":null},"20940":{"result":false,"hash":null},"21043":{"result":false,"hash":null},"21096":{"result":false,"hash":null},"21118":{"result":false,"hash":null},"21119":{"result":false,"hash":null},"21120":{"
                                                2024-07-03 13:47:08 UTC1500INData Raw: 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 30 38 36 34 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 30 38 36 35 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 30 35 30 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 30 35 31 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 30 35 32 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 30 35 33 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 30 35 34 22 3a 7b 22
                                                Data Ascii: ult":false,"hash":null},"20864":{"result":true,"hash":null},"20865":{"result":false,"hash":null},"21050":{"result":false,"hash":null},"21051":{"result":false,"hash":null},"21052":{"result":false,"hash":null},"21053":{"result":false,"hash":null},"21054":{"
                                                2024-07-03 13:47:08 UTC1500INData Raw: 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 30 39 32 34 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 30 39 32 35 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 30 39 32 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 30 39 32 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 30 39 32 38 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 30 30 33 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 30 30 34 22 3a 7b 22 72 65 73 75 6c 74
                                                Data Ascii: lt":true,"hash":null},"20924":{"result":true,"hash":null},"20925":{"result":true,"hash":null},"20926":{"result":true,"hash":null},"20927":{"result":true,"hash":null},"20928":{"result":true,"hash":null},"21003":{"result":false,"hash":null},"21004":{"result
                                                2024-07-03 13:47:08 UTC1500INData Raw: 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 32 38 30 38 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 32 38 31 33 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 33 38 37 34 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 36 33 33 32 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 34 30 37 30 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 33 34 30 33 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 33 34 30 34 22 3a 7b 22 72
                                                Data Ascii: ult":false,"hash":null},"22808":{"result":false,"hash":null},"22813":{"result":false,"hash":null},"23874":{"result":false,"hash":null},"26332":{"result":true,"hash":null},"4070":{"result":false,"hash":null},"23403":{"result":false,"hash":null},"23404":{"r
                                                2024-07-03 13:47:08 UTC1500INData Raw: 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 70 2f 72 2f 78 48 61 6c 7a 4b 51 45 68 6a 5f 2e 70 6e 67 22 2c 22 5f 73 70 69 22 3a 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 70 2f 72 2f 78 48 61 6c 7a 4b 51 45 68 6a 5f 2e 70 6e 67 22 2c 22 77 22 3a 38 2c 22 68 22 3a 38 2c 22 70 22 3a 22 2d 31 37 33 70 78 20 2d 38 31 70 78 22 2c 22 73 7a 22 3a 22 61 75 74 6f 22 7d 2c 22 31 37 33 39 38 30 38 22 3a 7b 22 73 70 72 69 74 65 64 22 3a 32 2c 22 73 70 69 22 3a 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 70 2f 72 2f 78 48 61 6c 7a 4b 51 45 68 6a 5f 2e 70 6e 67 22 2c 22 5f 73 70 69
                                                Data Ascii: fbcdn.net/rsrc.php/v3/yp/r/xHalzKQEhj_.png","_spi":"https://static.xx.fbcdn.net/rsrc.php/v3/yp/r/xHalzKQEhj_.png","w":8,"h":8,"p":"-173px -81px","sz":"auto"},"1739808":{"sprited":2,"spi":"https://static.xx.fbcdn.net/rsrc.php/v3/yp/r/xHalzKQEhj_.png","_spi


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                44192.168.2.549777157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:08 UTC698OUTGET /v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=874&byteend=48453 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:08 UTC682INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=874&byteend=48453
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:08 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                45192.168.2.549771157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:08 UTC920OUTGET /v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=952&byteend=18888 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:08 UTC591INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 09:01:20 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 1747466157
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:08 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 17937
                                                2024-07-03 13:47:08 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:08 UTC1500INData Raw: 00 01 34 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 01 1c 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 08 00 00 00 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 00 cc 74 72 75 6e 00 00 02 01 00 00 00 2e 00 00 01 3c 00 00 01 73 00 00 01 74 00 00 01 73 00 00 02 50 00 00 01 f8 00 00 01 b2 00 00 01 df 00 00 01 c4 00 00 01 d4 00 00 01 53 00 00 01 87 00 00 01 a3 00 00 01 9c 00 00 01 87 00 00 01 6c 00 00 01 42 00 00 01 40 00 00 01 55 00 00 01 69 00 00 01 9a 00 00 01 96 00 00 01 42 00 00 01 4d 00 00 01 55 00 00 01 51 00 00 01 6c 00 00 01 8e 00 00 01 5b 00 00 01 7a 00 00 01 5d 00 00 01 7c 00 00 01 62 00 00 01 75 00 00 01 7f 00 00 01 76 00 00 01 70 00 00 01 75 00 00 01 6a 00 00 01 6e 00 00 01 74
                                                Data Ascii: 4moofmfhdtraftfhd*tfdttrun.<stsPSlB@UiBMUQl[z]|buvpujnt
                                                2024-07-03 13:47:09 UTC15380INData Raw: 3a 9e 28 76 fa 1a 5c 93 3f 23 4e 91 e8 67 18 96 09 80 90 26 78 de 04 46 88 3e 15 dd c3 12 4c 77 42 be 37 7d c7 6d b8 d2 4b f0 0e 4f a4 56 31 ad a9 0d 9c 7e 02 ec f9 c9 6f c0 10 88 13 39 7e b5 45 1d ff c8 94 ed d2 6c 95 59 87 93 eb 63 66 e4 f4 b3 1b 77 6c 86 d2 ad 78 ad 25 4a 55 d9 7d 26 60 bd fd 5a 6d bd a3 e1 f1 57 de 3a 46 f4 9d b4 9e 73 a4 24 ae 8f 9a e5 93 fe e6 83 71 78 5b 29 2c 7a ba f7 86 b0 1e c1 a9 4b be e2 25 b7 6c 79 1b fa 07 7e 87 8e e8 c4 2c 10 19 da 01 99 38 57 a1 25 c1 4c 49 77 e3 f0 ff 67 bb 95 52 7c 34 01 0c 47 55 ce 14 02 20 09 95 2e 3e b9 d1 16 60 9e 26 27 e5 c9 86 90 fd dc 9d 6c 81 e1 e3 7a a3 ce 8e c3 57 ca 9b 25 87 7e f4 1d 63 ed 0d ae 14 0e 49 64 89 15 23 ca 81 b3 7e 6e 26 68 1b f5 83 a3 45 9d 40 6b 7c 1c c8 37 85 0c 33 8f e1 e2 70
                                                Data Ascii: :(v\?#Ng&xF>LwB7}mKOV1~o9~ElYcfwlx%JU}&`ZmW:Fs$qx[),zK%ly~,8W%LIwgR|4GU .>`&'lzW%~cId#~n&hE@k|73p
                                                2024-07-03 13:47:09 UTC1056INData Raw: d3 6c b6 18 eb 13 10 0d 89 af 86 94 9f 2a 61 d4 fe 23 85 a5 ab 7a 91 0b ca c0 18 f2 7c c7 02 d7 2c 6b 00 4e 15 8c e3 cf fc f7 e5 9b 2b 39 9b c2 c0 05 46 ae 99 28 00 7b 85 4d 79 89 d5 d4 f8 fa 1a 88 c6 73 c1 57 72 ca d9 35 6e fe 67 26 e7 38 dc eb 7a 37 1c ee 64 ac f8 48 2f 37 17 6a c9 11 2e 8f 64 85 d2 69 a5 45 df 2a 6b df e1 bd eb a0 4d 05 fe 42 c4 2a e7 88 10 63 e6 f6 de 53 d4 aa bd dc 1c 7e 35 f3 63 0c bb 80 31 0d ce b9 df 7b 51 c7 79 73 86 e3 2c 22 9d af 49 da 12 16 8a ee 52 89 01 02 20 45 56 e0 01 14 42 16 7b 50 3b a5 08 52 70 57 15 a9 45 8d c4 92 86 c4 3c 07 ba 7b 18 48 00 5a d3 18 e1 8c 65 f7 fd ff b5 c0 a0 24 ae 9e 0c 0c 6b 2e 02 b5 ac 18 67 d8 ae ea 6f 09 cb f3 ab 5f 7b bb 82 70 00 54 31 03 0d ce c0 11 8a f6 6c 00 19 7f 10 08 80 fc 3d dd e3 49 c3
                                                Data Ascii: l*a#z|,kN+9F({MysWr5ng&8z7dH/7j.diE*kMB*cS~5c1{Qys,"IR EVB{P;RpWE<{HZe$k.go_{pT1l=I


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                46192.168.2.549785157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:08 UTC902OUTGET /v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=0&byteend=825 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:08 UTC587INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 15:40:18 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 90417318
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:08 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 826
                                                2024-07-03 13:47:08 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:08 UTC825INData Raw: 00 00 28 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 61 76 30 31 63 6d 66 63 00 00 03 12 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 a8 7e 62 e2 a8 7e 62 00 00 3c 00 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61
                                                Data Ascii: (ftypmp41iso8isommp41dashav01cmfcmoovlmvhd~b~b<@meta hdlrID32`ID32ID3HPRIV>https://github.com/sha


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                47192.168.2.549767157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:08 UTC712OUTGET /v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=916&byteend=18791 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC696INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=916&byteend=18791
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:08 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=37, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                48192.168.2.549786157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:08 UTC708OUTGET /v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=0&byteend=823 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:08 UTC692INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=0&byteend=823
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:08 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                49192.168.2.549778157.240.0.354432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:08 UTC911OUTPOST /ajax/bulk-route-definitions/ HTTP/1.1
                                                Host: www.facebook.com
                                                Connection: keep-alive
                                                Content-Length: 832
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Content-Type: application/x-www-form-urlencoded
                                                X-FB-LSD: AVqIzvvP8QI
                                                sec-ch-ua-platform-version: "10.0.0"
                                                X-ASBD-ID: 129477
                                                sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                sec-ch-ua-model: ""
                                                sec-ch-prefers-color-scheme: light
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/video
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:08 UTC832OUTData Raw: 72 6f 75 74 65 5f 75 72 6c 73 5b 30 5d 3d 25 32 46 26 72 6f 75 74 65 5f 75 72 6c 73 5b 31 5d 3d 25 32 46 6c 6f 67 69 6e 25 32 46 64 65 76 69 63 65 2d 62 61 73 65 64 25 32 46 72 65 67 75 6c 61 72 25 32 46 6c 6f 67 69 6e 25 32 46 25 33 46 6c 6f 67 69 6e 5f 61 74 74 65 6d 70 74 25 33 44 31 25 32 36 6e 65 78 74 25 33 44 68 74 74 70 73 25 32 35 33 41 25 32 35 32 46 25 32 35 32 46 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 25 32 35 32 46 76 69 64 65 6f 26 72 6f 75 74 69 6e 67 5f 6e 61 6d 65 73 70 61 63 65 3d 66 62 5f 63 6f 6d 65 74 26 5f 5f 61 61 69 64 3d 30 26 5f 5f 75 73 65 72 3d 30 26 5f 5f 61 3d 31 26 5f 5f 72 65 71 3d 32 26 5f 5f 68 73 3d 31 39 39 30 37 2e 48 59 50 25 33 41 63 6f 6d 65 74 5f 6c 6f 67 67 65 64 6f 75 74 5f 70 6b 67 2e 32 2e 31 2e 2e 30
                                                Data Ascii: route_urls[0]=%2F&route_urls[1]=%2Flogin%2Fdevice-based%2Fregular%2Flogin%2F%3Flogin_attempt%3D1%26next%3Dhttps%253A%252F%252Fwww.facebook.com%252Fvideo&routing_namespace=fb_comet&__aaid=0&__user=0&__a=1&__req=2&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0
                                                2024-07-03 13:47:09 UTC994INHTTP/1.1 200 OK
                                                Content-Type: text/javascript; charset=utf-8
                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown&brsid=7387405718017662686", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown&brsid=7387405718017662686"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                2024-07-03 13:47:09 UTC1859INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27
                                                Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net '
                                                2024-07-03 13:47:09 UTC2003INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 61 74 74 65 72 79 3d 28 73 65 6c 66 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f
                                                Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewpo
                                                2024-07-03 13:47:09 UTC21INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a
                                                Data Ascii: Connection: close
                                                2024-07-03 13:47:09 UTC351INData Raw: 31 35 33 0d 0a 66 6f 72 20 28 3b 3b 29 3b 7b 22 70 61 79 6c 6f 61 64 22 3a 7b 22 70 61 79 6c 6f 61 64 73 22 3a 7b 22 2f 22 3a 7b 22 65 72 72 6f 72 22 3a 66 61 6c 73 65 2c 22 72 65 73 75 6c 74 22 3a 6e 75 6c 6c 7d 2c 22 2f 6c 6f 67 69 6e 2f 64 65 76 69 63 65 2d 62 61 73 65 64 2f 72 65 67 75 6c 61 72 2f 6c 6f 67 69 6e 2f 3f 6c 6f 67 69 6e 5f 61 74 74 65 6d 70 74 3d 31 26 6e 65 78 74 3d 68 74 74 70 73 5c 75 30 30 32 35 33 41 5c 75 30 30 32 35 32 46 5c 75 30 30 32 35 32 46 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 5c 75 30 30 32 35 32 46 76 69 64 65 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 66 61 6c 73 65 2c 22 72 65 73 75 6c 74 22 3a 6e 75 6c 6c 7d 7d 2c 22 73 72 5f 70 61 79 6c 6f 61 64 22 3a 7b 22 68 73 72 70 22 3a 7b 22 68 62 6c 70 22 3a 7b 22 63 6f 6e 73
                                                Data Ascii: 153for (;;);{"payload":{"payloads":{"/":{"error":false,"result":null},"/login/device-based/regular/login/?login_attempt=1&next=https\u00253A\u00252F\u00252Fwww.facebook.com\u00252Fvideo":{"error":false,"result":null}},"sr_payload":{"hsrp":{"hblp":{"cons


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                50192.168.2.549783157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:08 UTC904OUTGET /v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=826&byteend=881 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC586INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 15:40:18 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 90417318
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:08 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 56
                                                2024-07-03 13:47:09 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:09 UTC55INData Raw: 00 00 38 73 69 64 78 00 00 00 00 00 00 00 01 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 a4 8b 00 01 2c 00 10 00 00 00 00 00 ba 64 00 01 1a 00 10 00 00 00
                                                Data Ascii: 8sidx<,d


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                51192.168.2.549788157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:08 UTC710OUTGET /v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=824&byteend=903 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC694INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=824&byteend=903
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:08 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                52192.168.2.549787157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:08 UTC712OUTGET /v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=904&byteend=18604 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC696INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=904&byteend=18604
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:08 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                53192.168.2.549775157.240.0.354432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC1156OUTPOST /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=3&__rev=1014647652&__s=hnigsi%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C3 HTTP/1.1
                                                Host: www.facebook.com
                                                Connection: keep-alive
                                                Content-Length: 1074
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryH7eQljYv3XHyxAtF
                                                sec-ch-ua-platform-version: "10.0.0"
                                                sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                sec-ch-ua-model: ""
                                                sec-ch-prefers-color-scheme: light
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/video
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC1074OUTData Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 48 37 65 51 6c 6a 59 76 33 58 48 79 78 41 74 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 73 22 0d 0a 0d 0a 31 37 32 30 30 31 34 34 32 36 38 33 37 0d 0a 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 48 37 65 51 6c 6a 59 76 33 58 48 79 78 41 74 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 71 22 0d 0a 0d 0a 5b 7b 22 61 70 70 5f 69 64 22 3a 22 32 32 32 30 33 39 31 37 38 38 32 30 30 38 39 32 22 2c 22 70 6f 73 74 73 22 3a 5b 5b 22 66 61 6c 63 6f 3a 6c 6f 78 5f 75 70 73 65 6c 6c 5f 65 76 65 6e 74 22 2c 7b 22
                                                Data Ascii: ------WebKitFormBoundaryH7eQljYv3XHyxAtFContent-Disposition: form-data; name="ts"1720014426837------WebKitFormBoundaryH7eQljYv3XHyxAtFContent-Disposition: form-data; name="q"[{"app_id":"2220391788200892","posts":[["falco:lox_upsell_event",{"
                                                2024-07-03 13:47:09 UTC948INHTTP/1.1 200 OK
                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown&brsid=7387405722081726143", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown&brsid=7387405722081726143"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                2024-07-03 13:47:09 UTC1859INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27
                                                Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net '
                                                2024-07-03 13:47:09 UTC1998INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 61 74 74 65 72 79 3d 28 73 65 6c 66 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f
                                                Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewpo
                                                2024-07-03 13:47:09 UTC40INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 0d 0a
                                                Data Ascii: Connection: closeContent-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                54192.168.2.549782157.240.0.354432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC912OUTPOST /ajax/bulk-route-definitions/ HTTP/1.1
                                                Host: www.facebook.com
                                                Connection: keep-alive
                                                Content-Length: 1040
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Content-Type: application/x-www-form-urlencoded
                                                X-FB-LSD: AVqIzvvP8QI
                                                sec-ch-ua-platform-version: "10.0.0"
                                                X-ASBD-ID: 129477
                                                sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                sec-ch-ua-model: ""
                                                sec-ch-prefers-color-scheme: light
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/video
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC1040OUTData Raw: 72 6f 75 74 65 5f 75 72 6c 73 5b 30 5d 3d 25 32 46 77 61 74 63 68 26 72 6f 75 74 65 5f 75 72 6c 73 5b 31 5d 3d 25 32 46 77 61 74 63 68 25 32 46 6c 69 76 65 25 32 46 25 33 46 72 65 66 25 33 44 77 61 74 63 68 26 72 6f 75 74 65 5f 75 72 6c 73 5b 32 5d 3d 25 32 46 72 65 65 6c 26 72 6f 75 74 65 5f 75 72 6c 73 5b 33 5d 3d 25 32 46 77 61 74 63 68 25 32 46 73 68 6f 77 73 26 72 6f 75 74 65 5f 75 72 6c 73 5b 34 5d 3d 25 32 46 77 61 74 63 68 25 32 46 74 6f 70 69 63 26 72 6f 75 74 65 5f 75 72 6c 73 5b 35 5d 3d 25 32 46 70 72 69 76 61 63 79 25 32 46 70 6f 6c 69 63 79 25 32 46 25 33 46 65 6e 74 72 79 5f 70 6f 69 6e 74 25 33 44 63 6f 6d 65 74 5f 64 72 6f 70 64 6f 77 6e 26 72 6f 75 74 65 5f 75 72 6c 73 5b 36 5d 3d 25 32 46 70 6f 6c 69 63 69 65 73 25 33 46 72 65 66 25 33
                                                Data Ascii: route_urls[0]=%2Fwatch&route_urls[1]=%2Fwatch%2Flive%2F%3Fref%3Dwatch&route_urls[2]=%2Freel&route_urls[3]=%2Fwatch%2Fshows&route_urls[4]=%2Fwatch%2Ftopic&route_urls[5]=%2Fprivacy%2Fpolicy%2F%3Fentry_point%3Dcomet_dropdown&route_urls[6]=%2Fpolicies%3Fref%3
                                                2024-07-03 13:47:09 UTC994INHTTP/1.1 200 OK
                                                Content-Type: text/javascript; charset=utf-8
                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown&brsid=7387405722507124609", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown&brsid=7387405722507124609"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                2024-07-03 13:47:09 UTC1859INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27
                                                Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net '
                                                2024-07-03 13:47:09 UTC2009INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 61 74 74 65 72 79 3d 28 73 65 6c 66 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f
                                                Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewpo
                                                2024-07-03 13:47:09 UTC21INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a
                                                Data Ascii: Connection: close
                                                2024-07-03 13:47:09 UTC2986INData Raw: 35 64 33 37 0d 0a 66 6f 72 20 28 3b 3b 29 3b 7b 22 70 61 79 6c 6f 61 64 22 3a 7b 22 70 61 79 6c 6f 61 64 73 22 3a 7b 22 2f 77 61 74 63 68 22 3a 7b 22 65 72 72 6f 72 22 3a 66 61 6c 73 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 72 6f 75 74 65 5f 64 65 66 69 6e 69 74 69 6f 6e 22 2c 22 65 78 70 6f 72 74 73 22 3a 7b 22 61 63 74 6f 72 49 44 22 3a 22 30 22 2c 22 72 6f 6f 74 56 69 65 77 22 3a 7b 22 61 6c 6c 52 65 73 6f 75 72 63 65 73 22 3a 5b 7b 22 5f 5f 6a 73 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 4c 4f 45 48 6f 6d 65 52 6f 6f 74 2e 72 65 61 63 74 22 7d 2c 7b 22 5f 5f 6a 73 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 4c 4f 45 48 6f 6d 65 52 6f 6f 74 2e 65 6e 74 72 79 70 6f 69 6e 74 22 7d 2c 7b 22 5f 5f 6a 73 72 22 3a 22
                                                Data Ascii: 5d37for (;;);{"payload":{"payloads":{"/watch":{"error":false,"result":{"type":"route_definition","exports":{"actorID":"0","rootView":{"allResources":[{"__jsr":"CometVideoHomeLOEHomeRoot.react"},{"__jsr":"CometVideoHomeLOEHomeRoot.entrypoint"},{"__jsr":"
                                                2024-07-03 13:47:09 UTC1500INData Raw: 3a 6e 75 6c 6c 2c 22 6d 69 62 65 78 74 69 64 22 3a 6e 75 6c 6c 2c 22 73 68 61 72 65 5f 75 72 6c 22 3a 6e 75 6c 6c 2c 22 72 65 66 22 3a 22 77 61 74 63 68 22 2c 22 76 22 3a 6e 75 6c 6c 2c 22 74 22 3a 6e 75 6c 6c 2c 22 65 78 74 72 61 5f 6a 75 6e 6b 22 3a 6e 75 6c 6c 7d 2c 22 72 6f 75 74 65 50 61 72 61 6d 73 22 3a 7b 22 65 78 74 69 64 22 3a 7b 22 6c 65 67 61 63 79 4e 61 6d 65 73 22 3a 5b 5d 2c 22 64 65 66 61 75 6c 74 22 3a 6e 75 6c 6c 2c 22 70 61 74 68 22 3a 66 61 6c 73 65 2c 22 73 69 67 6e 69 66 69 63 61 6e 74 22 3a 74 72 75 65 2c 22 63 6f 65 72 63 69 62 6c 65 54 79 70 65 22 3a 22 53 54 52 49 4e 47 22 7d 2c 22 6d 69 62 65 78 74 69 64 22 3a 7b 22 6c 65 67 61 63 79 4e 61 6d 65 73 22 3a 5b 5d 2c 22 64 65 66 61 75 6c 74 22 3a 6e 75 6c 6c 2c 22 70 61 74 68 22 3a
                                                Data Ascii: :null,"mibextid":null,"share_url":null,"ref":"watch","v":null,"t":null,"extra_junk":null},"routeParams":{"extid":{"legacyNames":[],"default":null,"path":false,"significant":true,"coercibleType":"STRING"},"mibextid":{"legacyNames":[],"default":null,"path":
                                                2024-07-03 13:47:09 UTC1500INData Raw: 5f 5f 64 72 22 3a 22 46 42 52 65 65 6c 73 52 6f 6f 74 2e 65 6e 74 72 79 70 6f 69 6e 74 22 7d 7d 2c 22 75 73 65 43 6c 6f 73 65 42 75 74 74 6f 6e 22 3a 74 72 75 65 2c 22 72 6f 75 74 65 54 79 70 65 22 3a 22 6d 65 64 69 61 5f 76 69 65 77 65 72 22 2c 22 75 70 73 65 6c 6c 43 6f 6e 66 69 67 22 3a 7b 22 73 75 72 66 61 63 65 22 3a 22 72 65 65 6c 73 22 7d 2c 22 63 61 6e 6f 6e 69 63 61 6c 55 72 6c 22 3a 6e 75 6c 6c 7d 2c 22 72 6f 75 74 65 5f 6d 61 74 63 68 5f 69 6e 66 6f 73 22 3a 5b 7b 22 69 6e 73 74 61 6e 63 65 50 61 72 61 6d 73 22 3a 7b 22 76 69 64 65 6f 5f 69 64 22 3a 6e 75 6c 6c 2c 22 73 22 3a 6e 75 6c 6c 2c 22 67 72 6f 75 70 5f 69 64 22 3a 6e 75 6c 6c 2c 22 73 74 61 63 6b 5f 69 64 78 22 3a 6e 75 6c 6c 2c 22 76 69 64 65 6f 5f 69 64 73 22 3a 6e 75 6c 6c 2c 22 70
                                                Data Ascii: __dr":"FBReelsRoot.entrypoint"}},"useCloseButton":true,"routeType":"media_viewer","upsellConfig":{"surface":"reels"},"canonicalUrl":null},"route_match_infos":[{"instanceParams":{"video_id":null,"s":null,"group_id":null,"stack_idx":null,"video_ids":null,"p
                                                2024-07-03 13:47:09 UTC1500INData Raw: 7b 22 5f 5f 6a 73 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 52 6f 6f 74 2e 72 65 61 63 74 22 7d 5d 2c 22 72 65 73 6f 75 72 63 65 22 3a 7b 22 5f 5f 6a 73 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 43 61 74 61 6c 6f 67 52 6f 6f 74 2e 72 65 61 63 74 22 7d 2c 22 70 72 6f 70 73 22 3a 7b 7d 2c 22 65 6e 74 72 79 50 6f 69 6e 74 22 3a 7b 22 5f 5f 64 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 43 61 74 61 6c 6f 67 52 6f 6f 74 2e 65 6e 74 72 79 70 6f 69 6e 74 22 7d 7d 2c 22 74 72 61 63 65 50 6f 6c 69 63 79 22 3a 22 63 6f 6d 65 74 2e 77 61 74 63 68 2e 63 61 74 61 6c 6f 67 22 2c 22 6d 65 74 61 22 3a 7b 22 74 69 74 6c 65 22 3a 22 53 68 6f 77 73 22 2c 22 61 63 63 65 73 73 6f 72 79 22 3a 6e 75 6c 6c 2c 22 66 61 76 69 63 6f 6e 22 3a 6e 75
                                                Data Ascii: {"__jsr":"CometVideoHomeRoot.react"}],"resource":{"__jsr":"CometVideoHomeCatalogRoot.react"},"props":{},"entryPoint":{"__dr":"CometVideoHomeCatalogRoot.entrypoint"}},"tracePolicy":"comet.watch.catalog","meta":{"title":"Shows","accessory":null,"favicon":nu
                                                2024-07-03 13:47:09 UTC1500INData Raw: 6e 74 22 7d 2c 7b 22 5f 5f 6a 73 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 52 6f 6f 74 2e 72 65 61 63 74 22 7d 5d 2c 22 72 65 73 6f 75 72 63 65 22 3a 7b 22 5f 5f 6a 73 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 48 61 73 68 74 61 67 44 69 72 65 63 74 6f 72 79 52 6f 6f 74 2e 72 65 61 63 74 22 7d 2c 22 70 72 6f 70 73 22 3a 7b 7d 2c 22 65 6e 74 72 79 50 6f 69 6e 74 22 3a 7b 22 5f 5f 64 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 48 61 73 68 74 61 67 44 69 72 65 63 74 6f 72 79 52 6f 6f 74 2e 65 6e 74 72 79 70 6f 69 6e 74 22 7d 7d 2c 22 74 61 62 4b 65 79 22 3a 22 77 61 74 63 68 22 2c 22 70 72 6f 64 75 63 74 41 74 74 72 69 62 75 74 69 6f 6e 49 64 22 3a 22 32 33 39 32 39 35 30 31 33 37 22 2c 22 75 70 73 65 6c 6c 43 6f 6e 66 69 67
                                                Data Ascii: nt"},{"__jsr":"CometVideoHomeRoot.react"}],"resource":{"__jsr":"CometVideoHomeHashtagDirectoryRoot.react"},"props":{},"entryPoint":{"__dr":"CometVideoHomeHashtagDirectoryRoot.entrypoint"}},"tabKey":"watch","productAttributionId":"2392950137","upsellConfig
                                                2024-07-03 13:47:09 UTC1500INData Raw: 31 38 32 38 39 34 35 22 3a 7b 22 72 22 3a 31 30 30 2c 22 73 22 3a 31 7d 2c 22 31 38 34 38 38 31 35 22 3a 7b 22 72 22 3a 31 30 30 30 30 2c 22 73 22 3a 31 7d 2c 22 31 37 34 34 31 37 38 22 3a 7b 22 72 22 3a 31 2c 22 73 22 3a 31 7d 2c 22 31 37 34 33 36 35 36 22 3a 7b 22 72 22 3a 31 7d 2c 22 31 37 34 34 32 35 31 22 3a 7b 22 72 22 3a 31 30 30 2c 22 73 22 3a 31 7d 2c 22 31 38 33 36 33 36 38 22 3a 7b 22 72 22 3a 31 2c 22 73 22 3a 31 7d 2c 22 31 39 36 32 33 34 31 22 3a 7b 22 72 22 3a 31 2c 22 73 22 3a 31 7d 2c 22 31 37 34 34 33 35 37 22 3a 7b 22 72 22 3a 31 2c 22 73 22 3a 31 7d 2c 22 31 37 34 34 35 35 32 22 3a 7b 22 72 22 3a 31 30 30 30 30 7d 7d 2c 22 67 6b 78 44 61 74 61 22 3a 7b 22 37 37 34 32 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68
                                                Data Ascii: 1828945":{"r":100,"s":1},"1848815":{"r":10000,"s":1},"1744178":{"r":1,"s":1},"1743656":{"r":1},"1744251":{"r":100,"s":1},"1836368":{"r":1,"s":1},"1962341":{"r":1,"s":1},"1744357":{"r":1,"s":1},"1744552":{"r":10000}},"gkxData":{"7742":{"result":false,"hash


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                55192.168.2.54979231.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC683OUTGET /v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=0&byteend=825 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC551INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 20:32:11 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 2203972891
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:09 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=4, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 826
                                                2024-07-03 13:47:09 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:09 UTC825INData Raw: 00 00 28 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 61 76 30 31 63 6d 66 63 00 00 03 12 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 aa 14 4b e2 aa 14 4b 00 00 3c 00 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61
                                                Data Ascii: (ftypmp41iso8isommp41dashav01cmfcmoovlmvhdKK<@meta hdlrID32`ID32ID3HPRIV>https://github.com/sha


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                56192.168.2.54979431.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC685OUTGET /v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=826&byteend=881 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC550INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 20:32:11 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 2203972891
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:09 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=3, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 56
                                                2024-07-03 13:47:09 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:09 UTC55INData Raw: 00 00 38 73 69 64 78 00 00 00 00 00 00 00 01 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 02 00 01 dc 06 00 01 2c 00 10 00 00 00 00 01 4e df 00 01 0c 00 10 00 00 00
                                                Data Ascii: 8sidx<,N


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                57192.168.2.54979131.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC701OUTGET /v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=0&byteend=823 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC551INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 20:00:43 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 4175100246
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:09 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=3, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 824
                                                2024-07-03 13:47:09 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:09 UTC823INData Raw: 00 00 24 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 63 6d 66 63 00 00 03 14 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 aa 0c ea e2 aa 0c ea 00 00 bb 80 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61 6b 61 2d 70
                                                Data Ascii: $ftypmp41iso8isommp41dashcmfcmoovlmvhd@meta hdlrID32`ID32ID3HPRIV>https://github.com/shaka-p


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                58192.168.2.549789157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC690OUTGET /v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=0&byteend=825 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC674INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=0&byteend=825
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:09 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                59192.168.2.549790157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC906OUTGET /v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=882&byteend=43004 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC589INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 15:40:18 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 90417318
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:09 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 42123
                                                2024-07-03 13:47:09 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:09 UTC1500INData Raw: 00 02 bc 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 02 a4 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 02 00 00 01 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 02 70 74 72 75 6e 00 00 02 05 00 00 00 96 00 00 02 c4 00 00 00 00 00 00 42 72 00 00 06 63 00 00 00 03 00 00 00 1c 00 00 00 03 00 00 00 3b 00 00 00 03 00 00 00 1a 00 00 00 03 00 00 00 8c 00 00 00 03 00 00 00 17 00 00 00 03 00 00 00 3e 00 00 00 03 00 00 00 16 00 00 00 03 00 00 07 cb 00 00 00 03 00 00 00 19 00 00 00 03 00 00 00 3a 00 00 00 03 00 00 00 19 00 00 00 03 00 00 00 77 00 00 00 03 00 00 00 17 00 00 00 03 00 00 00 32 00 00 00 03 00 00 00 16 00 00 00 03 00 00 05 49 00 00 00 03 00 00 00 17 00 00 00 03 00 00 00 35 00 00 00 03
                                                Data Ascii: moofmfhdtraftfhd*tfdtptrunBrc;>:w2I5
                                                2024-07-03 13:47:09 UTC15450INData Raw: 65 84 75 89 a1 cb a2 c6 ce 92 22 9a 5d b7 0a 8d 5c 4c 1d 66 97 08 e2 9d 85 60 f4 ad c1 5f 7c f7 53 85 d2 23 df fd ce 79 18 07 c9 06 28 5a 3a 89 0f c0 c1 73 18 2c 88 20 e7 25 e1 77 13 65 9e 13 8d 85 1e b1 ef 74 4d 7f 46 23 51 dd 50 13 3d 39 1b ce a8 48 a2 01 7c a4 b9 47 69 27 34 f7 89 c9 35 85 52 2c 69 e8 fd 31 47 ea 06 9e 57 95 f4 fe 89 64 8c f0 eb e7 44 e9 71 6b 9d 1f f3 b6 66 91 52 80 d9 cf 8c 31 0c 00 d4 cb 63 8a 21 34 c2 39 52 37 ad 75 4e 66 aa 6e 74 2a 8e 78 0a 22 83 9c 8b ff 13 67 7c 0c 12 52 94 04 89 d5 d3 fa e7 38 30 df 03 9b 6a dc 1b cd d2 d4 4a 17 aa ab 57 bd cc 92 26 8b ce 97 49 d5 3a 4b d7 d6 45 35 4d f9 4c 83 75 4b 4b 17 49 a4 b8 e2 e4 0e 5c b9 3a e3 97 66 16 1f da c8 31 21 a7 00 1d ea 67 c9 7c 50 59 89 62 51 0d 22 a9 57 0f a1 ba 8e df 23 66
                                                Data Ascii: eu"]\Lf`_|S#y(Z:s, %wetMF#QP=9H|Gi'45R,i1GWdDqkfR1c!49R7uNfnt*x"g|R80jJW&I:KE5MLuKKI\:f1!g|PYbQ"W#f
                                                2024-07-03 13:47:09 UTC16384INData Raw: 13 4c dc 3e 1a a6 9e d7 73 aa 81 73 9a 44 cc a1 01 91 a6 4c 85 80 c7 ae b0 10 4b e5 8f b0 94 9c e8 a2 0c 7a 53 cb c1 de c0 6d a5 da 9f 51 cc 91 98 50 65 5e 11 1a f9 f1 77 73 21 a3 6c 94 4d be 01 63 66 57 71 80 00 3f e6 1b 6c 6d f1 ac 87 35 dc 8b 64 44 d6 6d 54 29 d2 d8 9c 1d f9 4b 82 a5 93 75 1d ed bb 34 9f 4a c1 2f fe b3 65 ee a3 29 9f 18 09 2b 94 2b cf b2 c5 38 7a 15 4d 3d 50 2f a2 38 bc 35 b8 8b c7 f7 e6 ec 54 b9 05 30 95 0d 96 4d 3f 2a 2b e2 56 59 4b 91 cc 9a 27 db 7e 82 7f 1f 31 4a 9c 21 5b 49 eb db b1 f4 7c 7a 39 a5 5d a6 4c 2a 96 18 00 0c 29 d0 02 a0 84 2b 4e 94 a2 6d e5 64 2d b2 05 9b 27 23 a7 44 2a c8 4e 6b 30 89 2c 17 0e 28 43 28 e2 14 b8 4d 0e 5c f2 ba 67 ec 78 e5 4f 21 fd c9 f9 9f 6d e0 6e 24 90 24 ef 6e 59 8f d1 55 40 9f 56 80 c7 1e 13 dd 8c
                                                Data Ascii: L>ssDLKzSmQPe^ws!lMcfWq?lm5dDmT)Ku4J/e)++8zM=P/85T0M?*+VYK'~1J![I|z9]L*)+Nmd-'#D*Nk0,(C(M\gxO!mn$$nYU@V
                                                2024-07-03 13:47:09 UTC8788INData Raw: 83 62 74 da e3 28 cd ac 4f af c2 46 80 58 a7 db 45 8a 73 cd 4e ff ea ea e1 1c 49 24 70 5b bf 0c 37 99 e8 84 f0 1a 53 63 f4 ce 42 6a 9a 68 9c 61 08 c9 99 16 c6 22 19 dc a1 c1 9a ec f5 11 f7 a8 71 29 d6 82 ab 02 76 f8 09 08 1f 61 b9 9a d3 d8 f9 d0 94 44 df 3a 65 8c a6 4f b1 d3 25 4b 3c 43 f1 35 bd b4 7b 9a f5 af f2 80 d7 6b be cd 2e 38 97 95 db a8 2c e0 d8 6a 3c d6 5e 5a 1c c2 a3 5e 66 8f 2f 91 a7 22 21 30 90 44 7f 8b f5 21 1f af 59 e5 ec d7 e4 d9 51 12 a5 cf 0d cc 05 cf a5 d6 36 40 de e9 f2 02 6e 4e 04 17 3e 5e 27 7e c2 65 4e 62 66 fe 2e 53 59 0f 22 6e f0 ba 5b 8a db a5 0e d6 bf 61 41 fb a1 56 bf a4 18 43 03 46 d6 b1 f5 a7 61 0f 86 54 84 03 cb d9 05 c6 af ee b2 fc 78 b9 ba 14 35 71 cb e7 11 d7 b9 84 3c 4f 49 98 c4 3b 5c fb fb a2 47 75 7e 72 ca 4a 5d 3c 7c
                                                Data Ascii: bt(OFXEsNI$p[7ScBjha"q)vaD:eO%K<C5{k.8,j<^Z^f/"!0D!YQ6@nN>^'~eNbf.SY"n[aAVCFaTx5q<OI;\Gu~rJ]<|


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                60192.168.2.549800157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC922OUTGET /v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=0&byteend=823 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC247INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 15:27:32 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 3780638177
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                2024-07-03 13:47:09 UTC2970INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 73 70 6f 6e 73 65 5f 6f 6b 3b 20 65 5f 70 72 6f 78 79 3d 22 41 63 4a 52 51 32 44 4b 6d 76 4f 68 38 30 4f 4e 76 4b 4a 79 4a 39 62 47 36 6d 4a 31 4e 5f 41 4f 32 6c 75 77 72 30 31 44 63 75 50 54 57 55 44 63 2d 6a 4e 69 57 4f 64 35 44 32 4a 4c 45 44 59 66 63 4f 69 65 68 70 65 78 46 69 37 38 39 39 79 54 61 4d 77 45 22 3b 20 65 5f 66 62 5f 62 69 6e 61 72 79 76 65 72 73 69 6f 6e 3d 22 41 63 4b 55 55 64 78 39 68 4f 64 46 62 59 6e 71 45 5f 56 77 7a 45 35 5a 30 62 50 39 7a 50 5a 74 64 7a 5f 6b 7a 33 77 41 61 4d 51 4d 6b 38 41 79 46 31 72 52 68 78 49 6d 50 53 41 67 4f 48 4e 7a 6a 49 41 6d 39 79 32 46 75 64 61 76 47 78 7a 6f 6b 61 31 48 30 39 48 78 70 6a 6d 67 56 74 63 5a 2d 4a 63 22 3b 20 65 5f 66 62 5f
                                                Data Ascii: Proxy-Status: http_response_ok; e_proxy="AcJRQ2DKmvOh80ONvKJyJ9bG6mJ1N_AO2luwr01DcuPTWUDc-jNiWOd5D2JLEDYfcOiehpexFi7899yTaMwE"; e_fb_binaryversion="AcKUUdx9hOdFbYnqE_VwzE5Z0bP9zPZtdz_kz3wAaMQMk8AyF1rRhxImPSAgOHNzjIAm9y2FudavGxzoka1H09HxpjmgVtcZ-Jc"; e_fb_
                                                2024-07-03 13:47:09 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:09 UTC823INData Raw: 00 00 24 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 63 6d 66 63 00 00 03 14 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 a8 7b 64 e2 a8 7b 64 00 00 ac 44 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61 6b 61 2d 70
                                                Data Ascii: $ftypmp41iso8isommp41dashcmfcmoovlmvhd{d{dD@meta hdlrID32`ID32ID3HPRIV>https://github.com/shaka-p


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                61192.168.2.549798157.240.0.354432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC912OUTPOST /ajax/bulk-route-definitions/ HTTP/1.1
                                                Host: www.facebook.com
                                                Connection: keep-alive
                                                Content-Length: 5819
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Content-Type: application/x-www-form-urlencoded
                                                X-FB-LSD: AVqIzvvP8QI
                                                sec-ch-ua-platform-version: "10.0.0"
                                                X-ASBD-ID: 129477
                                                sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                sec-ch-ua-model: ""
                                                sec-ch-prefers-color-scheme: light
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/video
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC5819OUTData Raw: 72 6f 75 74 65 5f 75 72 6c 73 5b 30 5d 3d 25 32 46 31 30 30 30 39 32 31 30 35 34 33 31 36 31 33 25 32 46 76 69 64 65 6f 73 25 32 46 31 33 38 33 33 31 37 32 37 33 30 37 31 33 37 36 25 32 46 25 33 46 5f 5f 73 6f 5f 5f 25 33 44 64 69 73 63 6f 76 65 72 25 32 36 5f 5f 72 76 5f 5f 25 33 44 76 69 64 65 6f 5f 68 6f 6d 65 5f 77 77 77 5f 6c 6f 65 5f 70 6f 70 75 6c 61 72 5f 76 69 64 65 6f 73 25 32 36 5f 5f 63 66 74 5f 5f 5b 30 5d 25 33 44 41 5a 55 79 5f 63 4f 56 71 46 4b 71 49 6a 32 53 7a 79 6d 72 4f 74 77 6d 32 4a 2d 38 6f 62 72 65 4f 58 58 4e 2d 2d 47 76 66 58 68 53 6d 4d 54 36 50 62 6f 6b 6f 46 51 4d 6c 49 4d 59 78 4c 48 52 41 53 35 6d 70 63 66 6a 45 44 30 51 46 44 62 6e 4b 64 63 4d 5a 2d 4c 46 54 61 4c 4e 71 6d 6a 42 54 6e 6f 77 6c 6a 50 71 73 6a 49 53 37 79 66
                                                Data Ascii: route_urls[0]=%2F100092105431613%2Fvideos%2F1383317273071376%2F%3F__so__%3Ddiscover%26__rv__%3Dvideo_home_www_loe_popular_videos%26__cft__[0]%3DAZUy_cOVqFKqIj2SzymrOtwm2J-8obreOXXN--GvfXhSmMT6PbokoFQMlIMYxLHRAS5mpcfjED0QFDbnKdcMZ-LFTaLNqmjBTnowljPqsjIS7yf
                                                2024-07-03 13:47:10 UTC994INHTTP/1.1 200 OK
                                                Content-Type: text/javascript; charset=utf-8
                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown&brsid=7387405721223980087", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown&brsid=7387405721223980087"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                2024-07-03 13:47:10 UTC1859INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27
                                                Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net '
                                                2024-07-03 13:47:10 UTC2005INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 61 74 74 65 72 79 3d 28 73 65 6c 66 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f
                                                Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewpo
                                                2024-07-03 13:47:10 UTC21INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a
                                                Data Ascii: Connection: close
                                                2024-07-03 13:47:10 UTC1490INData Raw: 31 34 65 38 66 0d 0a 66 6f 72 20 28 3b 3b 29 3b 7b 22 70 61 79 6c 6f 61 64 22 3a 7b 22 70 61 79 6c 6f 61 64 73 22 3a 7b 22 2f 31 30 30 30 39 32 31 30 35 34 33 31 36 31 33 2f 76 69 64 65 6f 73 2f 31 33 38 33 33 31 37 32 37 33 30 37 31 33 37 36 2f 3f 5f 5f 73 6f 5f 5f 3d 64 69 73 63 6f 76 65 72 26 5f 5f 72 76 5f 5f 3d 76 69 64 65 6f 5f 68 6f 6d 65 5f 77 77 77 5f 6c 6f 65 5f 70 6f 70 75 6c 61 72 5f 76 69 64 65 6f 73 26 5f 5f 63 66 74 5f 5f 5b 30 5d 3d 41 5a 55 79 5f 63 4f 56 71 46 4b 71 49 6a 32 53 7a 79 6d 72 4f 74 77 6d 32 4a 2d 38 6f 62 72 65 4f 58 58 4e 2d 2d 47 76 66 58 68 53 6d 4d 54 36 50 62 6f 6b 6f 46 51 4d 6c 49 4d 59 78 4c 48 52 41 53 35 6d 70 63 66 6a 45 44 30 51 46 44 62 6e 4b 64 63 4d 5a 2d 4c 46 54 61 4c 4e 71 6d 6a 42 54 6e 6f 77 6c 6a 50 71
                                                Data Ascii: 14e8ffor (;;);{"payload":{"payloads":{"/100092105431613/videos/1383317273071376/?__so__=discover&__rv__=video_home_www_loe_popular_videos&__cft__[0]=AZUy_cOVqFKqIj2SzymrOtwm2J-8obreOXXN--GvfXhSmMT6PbokoFQMlIMYxLHRAS5mpcfjED0QFDbnKdcMZ-LFTaLNqmjBTnowljPq
                                                2024-07-03 13:47:10 UTC1500INData Raw: 22 5f 5f 6a 73 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 4c 4f 45 56 69 64 65 6f 50 65 72 6d 61 6c 69 6e 6b 52 6f 6f 74 2e 72 65 61 63 74 22 7d 2c 7b 22 5f 5f 6a 73 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 4c 4f 45 56 69 64 65 6f 50 65 72 6d 61 6c 69 6e 6b 52 6f 6f 74 2e 65 6e 74 72 79 70 6f 69 6e 74 22 7d 2c 7b 22 5f 5f 6a 73 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 52 6f 6f 74 2e 72 65 61 63 74 22 7d 2c 7b 22 5f 5f 6a 73 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 46 65 65 64 52 6f 6f 74 2e 72 65 61 63 74 22 7d 2c 7b 22 5f 5f 6a 73 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 4e 65 77 50 65 72 6d 61 6c 69 6e 6b 48 65 72 6f 55 6e 69 74 2e 72 65 61 63 74 22 7d 5d 2c 22 72 65 73 6f 75 72 63 65 22 3a
                                                Data Ascii: "__jsr":"CometVideoHomeLOEVideoPermalinkRoot.react"},{"__jsr":"CometVideoHomeLOEVideoPermalinkRoot.entrypoint"},{"__jsr":"CometVideoHomeRoot.react"},{"__jsr":"CometVideoHomeFeedRoot.react"},{"__jsr":"CometVideoHomeNewPermalinkHeroUnit.react"}],"resource":
                                                2024-07-03 13:47:10 UTC1500INData Raw: 75 65 2c 22 73 69 67 6e 69 66 69 63 61 6e 74 22 3a 74 72 75 65 2c 22 63 6f 65 72 63 69 62 6c 65 54 79 70 65 22 3a 22 53 54 52 49 4e 47 22 7d 2c 22 73 74 6f 72 79 5f 74 6f 6b 65 6e 22 3a 7b 22 6c 65 67 61 63 79 4e 61 6d 65 73 22 3a 5b 22 66 62 69 64 22 2c 22 76 69 64 65 6f 5f 69 64 22 2c 22 76 22 5d 2c 22 64 65 66 61 75 6c 74 22 3a 6e 75 6c 6c 2c 22 70 61 74 68 22 3a 74 72 75 65 2c 22 73 69 67 6e 69 66 69 63 61 6e 74 22 3a 74 72 75 65 2c 22 63 6f 65 72 63 69 62 6c 65 54 79 70 65 22 3a 22 46 42 49 44 22 7d 2c 22 73 65 74 22 3a 7b 22 6c 65 67 61 63 79 4e 61 6d 65 73 22 3a 5b 5d 2c 22 64 65 66 61 75 6c 74 22 3a 6e 75 6c 6c 2c 22 70 61 74 68 22 3a 74 72 75 65 2c 22 73 69 67 6e 69 66 69 63 61 6e 74 22 3a 74 72 75 65 2c 22 63 6f 65 72 63 69 62 6c 65 54 79 70 65
                                                Data Ascii: ue,"significant":true,"coercibleType":"STRING"},"story_token":{"legacyNames":["fbid","video_id","v"],"default":null,"path":true,"significant":true,"coercibleType":"FBID"},"set":{"legacyNames":[],"default":null,"path":true,"significant":true,"coercibleType
                                                2024-07-03 13:47:10 UTC1500INData Raw: 22 3a 7b 22 69 64 22 3a 22 31 30 30 30 39 32 31 30 35 34 33 31 36 31 33 22 7d 2c 22 65 6e 74 72 79 50 6f 69 6e 74 22 3a 7b 22 5f 5f 64 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 50 6c 61 79 6c 69 73 74 52 6f 6f 74 2e 65 6e 74 72 79 70 6f 69 6e 74 22 7d 7d 2c 22 74 72 61 63 65 50 6f 6c 69 63 79 22 3a 22 63 6f 6d 65 74 2e 77 61 74 63 68 2e 70 6c 61 79 6c 69 73 74 22 2c 22 6d 65 74 61 22 3a 7b 22 74 69 74 6c 65 22 3a 22 48 65 72 6e 61 6e 64 65 7a 20 45 64 79 20 2d 20 56 69 64 65 6f 73 22 2c 22 61 63 63 65 73 73 6f 72 79 22 3a 6e 75 6c 6c 2c 22 66 61 76 69 63 6f 6e 22 3a 6e 75 6c 6c 7d 2c 22 70 72 65 66 65 74 63 68 61 62 6c 65 22 3a 74 72 75 65 2c 22 65 6e 74 69 74 79 4b 65 79 43 6f 6e 66 69 67 22 3a 7b 22 65 6e 74 69 74 79 5f 74 79 70 65 22 3a 7b
                                                Data Ascii: ":{"id":"100092105431613"},"entryPoint":{"__dr":"CometVideoHomePlaylistRoot.entrypoint"}},"tracePolicy":"comet.watch.playlist","meta":{"title":"Hernandez Edy - Videos","accessory":null,"favicon":null},"prefetchable":true,"entityKeyConfig":{"entity_type":{
                                                2024-07-03 13:47:10 UTC1500INData Raw: 74 68 22 3a 66 61 6c 73 65 2c 22 73 69 67 6e 69 66 69 63 61 6e 74 22 3a 74 72 75 65 2c 22 63 6f 65 72 63 69 62 6c 65 54 79 70 65 22 3a 22 53 54 52 49 4e 47 22 7d 7d 2c 22 72 6f 75 74 65 50 61 74 68 22 3a 22 2f 77 61 74 63 68 2f 7b 3f 69 64 6f 72 76 61 6e 69 74 79 7d 2f 22 7d 5d 7d 7d 2c 22 2f 77 61 74 63 68 2f 31 30 30 30 39 32 31 30 35 34 33 31 36 31 33 2f 3f 5f 5f 63 66 74 5f 5f 5b 30 5d 3d 41 5a 55 79 5f 63 4f 56 71 46 4b 71 49 6a 32 53 7a 79 6d 72 4f 74 77 6d 32 4a 2d 38 6f 62 72 65 4f 58 58 4e 2d 2d 47 76 66 58 68 53 6d 4d 54 36 50 62 6f 6b 6f 46 51 4d 6c 49 4d 59 78 4c 48 52 41 53 35 6d 70 63 66 6a 45 44 30 51 46 44 62 6e 4b 64 63 4d 5a 2d 4c 46 54 61 4c 4e 71 6d 6a 42 54 6e 6f 77 6c 6a 50 71 73 6a 49 53 37 79 66 32 6f 2d 59 4a 55 2d 39 4f 64 41 77
                                                Data Ascii: th":false,"significant":true,"coercibleType":"STRING"}},"routePath":"/watch/{?idorvanity}/"}]}},"/watch/100092105431613/?__cft__[0]=AZUy_cOVqFKqIj2SzymrOtwm2J-8obreOXXN--GvfXhSmMT6PbokoFQMlIMYxLHRAS5mpcfjED0QFDbnKdcMZ-LFTaLNqmjBTnowljPqsjIS7yf2o-YJU-9OdAw
                                                2024-07-03 13:47:10 UTC1500INData Raw: 6f 6e 74 61 69 6e 65 72 22 3a 74 72 75 65 2c 22 74 61 62 4b 65 79 22 3a 22 77 61 74 63 68 22 2c 22 70 72 6f 64 75 63 74 41 74 74 72 69 62 75 74 69 6f 6e 49 64 22 3a 22 32 33 39 32 39 35 30 31 33 37 22 2c 22 75 70 73 65 6c 6c 43 6f 6e 66 69 67 22 3a 7b 22 73 75 72 66 61 63 65 22 3a 22 77 61 74 63 68 22 7d 2c 22 63 61 6e 6f 6e 69 63 61 6c 55 72 6c 22 3a 22 2f 77 61 74 63 68 2f 45 64 79 68 64 7a 2e 32 30 30 37 2f 3f 5f 5f 63 66 74 5f 5f 5c 75 30 30 32 35 35 42 30 5c 75 30 30 32 35 35 44 3d 41 5a 55 79 5f 63 4f 56 71 46 4b 71 49 6a 32 53 7a 79 6d 72 4f 74 77 6d 32 4a 2d 38 6f 62 72 65 4f 58 58 4e 2d 2d 47 76 66 58 68 53 6d 4d 54 36 50 62 6f 6b 6f 46 51 4d 6c 49 4d 59 78 4c 48 52 41 53 35 6d 70 63 66 6a 45 44 30 51 46 44 62 6e 4b 64 63 4d 5a 2d 4c 46 54 61 4c
                                                Data Ascii: ontainer":true,"tabKey":"watch","productAttributionId":"2392950137","upsellConfig":{"surface":"watch"},"canonicalUrl":"/watch/Edyhdz.2007/?__cft__\u00255B0\u00255D=AZUy_cOVqFKqIj2SzymrOtwm2J-8obreOXXN--GvfXhSmMT6PbokoFQMlIMYxLHRAS5mpcfjED0QFDbnKdcMZ-LFTaL


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                62192.168.2.54979331.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC688OUTGET /v/t39.25447-2/449815513_985779669957805_3893353821137976724_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EyMCIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=uHLhfLpiKxIQ7kNvgGFZCP3&_nc_ht=video-hou1-1.xx&oh=00_AYAbpcVpsyLUwD9hIKidj0TCKVN5PwLBcvM2kePW7QMEtg&oe=668B173E&bytestart=882&byteend=122743 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC554INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 20:32:11 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 2203972891
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:09 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 121862
                                                2024-07-03 13:47:09 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:09 UTC1500INData Raw: 00 02 bc 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 02 a4 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 02 00 00 01 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 02 70 74 72 75 6e 00 00 02 05 00 00 00 96 00 00 02 c4 00 00 00 00 00 00 43 85 00 00 28 5c 00 00 00 03 00 00 00 a2 00 00 00 03 00 00 02 19 00 00 00 03 00 00 00 99 00 00 00 03 00 00 07 4f 00 00 00 03 00 00 00 d5 00 00 00 03 00 00 02 6a 00 00 00 03 00 00 00 a1 00 00 00 03 00 00 2a 1d 00 00 00 03 00 00 00 b0 00 00 00 03 00 00 01 d8 00 00 00 03 00 00 00 71 00 00 00 03 00 00 06 36 00 00 00 03 00 00 00 a3 00 00 00 03 00 00 02 44 00 00 00 03 00 00 00 95 00 00 00 03 00 00 2b df 00 00 00 03 00 00 00 76 00 00 00 03 00 00 01 ad 00 00 00 03
                                                Data Ascii: moofmfhdtraftfhd*tfdtptrunC(\Oj*q6D+v
                                                2024-07-03 13:47:09 UTC15450INData Raw: 35 92 54 5c d9 49 15 ee 88 e0 ef 15 53 42 14 9e 9c fb 32 c0 b9 a9 75 b2 7a a8 f6 07 e4 2a 6a 70 cd 77 36 0d 51 89 78 cd 6a ac 97 b6 89 c5 73 0e 4d e8 4f 07 6e 0d 43 60 f2 9d 03 76 ac 57 b5 fe a6 6c ba dd f2 65 0f 62 ed 0c 1f a6 25 52 6f fa 1f cf b9 60 c8 3d c7 86 8b 7c 50 3b 66 f6 de 70 40 6b 58 bf 86 09 02 8a a1 18 85 b5 60 00 82 e8 ae 53 73 6f 62 8f 75 34 45 b6 a4 85 a8 94 0f 75 e6 ba 1d 8b 4c ea 2a db b6 4a 2e 6d e0 9d 96 d8 35 bd 24 f3 4e 70 8d 12 5c 3c a2 4a cf fe 87 46 dc ff 32 5a 83 ed 74 71 51 71 1f be 14 fc c7 67 76 18 f1 a7 40 f5 e8 39 a2 d3 25 1c 62 1a 2f dc 8f 34 07 3d bc d8 21 1d 5f 76 e3 75 75 5c 8f 91 a8 61 84 96 30 13 bc 90 dd 7e 50 81 a4 3d 3e 18 e1 34 22 e5 a3 bf 27 fc fa dd fb f9 77 62 d2 79 3d 43 39 dd f2 09 28 dd 03 3c a3 71 2f 50 00
                                                Data Ascii: 5T\ISB2uz*jpw6QxjsMOnC`vWleb%Ro`=|P;fp@kX`Ssobu4EuL*J.m5$Np\<JF2ZtqQqgv@9%b/4=!_vuu\a0~P=>4"'wby=C9(<q/P
                                                2024-07-03 13:47:09 UTC16384INData Raw: 6b ac 9a 1d e9 38 12 2b 61 1a fc 1b fd 9a 32 3e b4 71 d9 8a af 0d 57 d8 09 11 92 88 e2 33 dd e2 fc 34 e2 97 a5 7a 43 2b fe 72 3b 92 42 a6 6f 7d 1d 84 a8 95 05 50 99 de 99 52 5c 02 9a b4 cb 1a 28 82 b2 35 b6 e8 b4 e6 df 3d e3 e3 14 d2 b3 f1 3a b8 5a 1d a1 32 bb b0 94 cb 97 49 a8 21 42 2b e8 2e 08 fd e0 25 6d 51 9b 8f 6a 35 46 f6 b2 02 7e ba 40 47 32 df 9e 1b c5 3f 96 34 ec 92 22 e6 98 b2 e6 1e 6d eb 1b a1 c7 4d ba e9 ae 61 c5 d4 84 05 69 5f 68 30 a7 85 b9 9d 3d 2e 0d cf 02 bb ac db f5 8c 81 d2 a0 79 f8 10 5c 9c 03 70 e2 15 0e a6 45 65 96 ca df 5b 7f 8d ec 2d 78 69 87 e9 8c 71 34 f6 d3 6c fd 21 dc a9 b1 c7 e9 fa ca 30 f8 9d a5 74 11 1e 4c a2 84 26 81 b3 f5 31 15 a9 31 40 19 a6 39 c0 a7 8b 36 3f 28 44 d4 79 3c 7c e5 7b 58 26 04 b5 7f 3d 2c 7d ff 85 80 bc 59
                                                Data Ascii: k8+a2>qW34zC+r;Bo}PR\(5=:Z2I!B+.%mQj5F~@G2?4"mMai_h0=.y\pEe[-xiq4l!0tL&11@96?(Dy<|{X&=,}Y
                                                2024-07-03 13:47:09 UTC16384INData Raw: 42 f1 c2 78 52 ff c0 16 f8 98 ab c1 0f 2d 81 08 58 14 2c ee b3 ac ef 87 d2 ae 3a 92 ee 15 a0 72 f5 10 28 85 b5 54 f2 e0 d8 a7 7d 7e d2 8d 81 0e d2 3c d4 38 51 13 4d b9 eb 8c ac 55 a0 2e fb 12 14 e1 8e c5 38 3f 53 c7 af f0 e1 91 a6 7d c4 75 b9 f3 71 0a 3a 22 30 0c 05 1d 23 58 6f 9a fd 0d 5b 12 ef dc ee f0 95 b2 e0 19 97 49 95 64 db 63 48 a5 25 cf 69 d8 a0 38 ce e0 03 71 ec 47 20 02 35 c9 56 7e e9 0d c4 b7 99 23 8a 80 fc d9 eb 72 6c 9e 0d e7 82 91 37 07 88 da 99 3b a9 51 3b 9b d4 ee 67 44 28 66 3d c4 90 3d b0 b9 ec a4 59 d9 3f 77 00 81 da 25 4c 6f f0 06 bc 4c 3c 2b 9b 10 ef ca fa 85 c5 2d 31 35 9c 00 40 73 9a a1 0a 5e 74 c4 f5 73 1a 2d 2d 09 1d bc af de b1 81 4a 58 6a 45 59 9f f3 7d 64 87 79 2d ec 50 97 21 4e 17 40 45 eb 40 22 4c 4f f9 58 d8 e5 d5 35 64 5e
                                                Data Ascii: BxR-X,:r(T}~<8QMU.8?S}uq:"0#Xo[IdcH%i8qG 5V~#rl7;Q;gD(f==Y?w%LoL<+-15@s^ts--JXjEY}dy-P!N@E@"LOX5d^
                                                2024-07-03 13:47:09 UTC14935INData Raw: 97 3d ec d7 6a 4c d5 e4 7a a4 8b a8 a2 5d 31 38 ac 3a 76 d4 d2 65 2d 12 72 28 4a bc 67 2d ac 40 32 eb 61 f6 3b 84 69 60 94 c5 e3 22 f4 a1 4b ec 3c a0 0c 3a 0b 43 ee f6 b5 7d 0b 10 74 34 a3 d0 50 7b c9 3e 08 af a5 1e 5f d5 31 c2 a5 77 60 69 79 53 f0 38 aa af e5 6e d2 6b 23 d2 44 aa 7a 67 58 48 03 cb 26 5a 13 64 fb d3 98 e2 3b 77 dc b1 3e 0b b1 6c 13 2d 59 c6 0d b1 bf 11 a5 72 c3 a5 b8 7f cd 7a d5 82 c3 b0 5a 2c 36 d0 d6 b8 8d 5b c5 20 b5 9b d0 84 f2 32 ab 7c ab 44 7f e5 42 65 6f 0b 51 f9 79 99 58 4a dd 70 c5 2f e0 7f 9c 17 bd 64 24 44 fe 54 bb fc 35 fc db 23 e0 ab 7b 91 4b 00 6a 24 27 08 9c d4 b4 f5 0e 3a 43 60 ac 29 d0 73 19 12 50 f1 60 ed db 18 ff b4 51 91 73 fa bc 4f f4 7e b2 c5 30 d6 ae 05 59 d3 60 31 9c 8f 4f d7 25 d6 19 f9 04 36 4d 74 87 61 37 54 ef
                                                Data Ascii: =jLz]18:ve-r(Jg-@2a;i`"K<:C}t4P{>_1w`iyS8nk#DzgXH&Zd;w>l-YrzZ,6[ 2|DBeoQyXJp/d$DT5#{Kj$':C`)sP`QsO~0Y`1O%6Mta7T
                                                2024-07-03 13:47:09 UTC1500INData Raw: 97 0e 7e 9a af e0 9e 09 a5 68 36 b9 13 4d ef a3 f8 a8 95 c6 17 5b dd 64 9f b2 fc a2 3d ab 06 0b 47 51 7f 82 af 97 b7 c6 8e 85 76 5d bd 62 bb 7c ab 61 3d 1e db ef 45 b4 8d 1f f9 40 d6 7e cd 07 75 7e 0f a6 9c 40 93 79 01 4a 2d fa f4 b0 3f 59 0c e8 a4 59 13 2e 89 ce 64 46 8d 37 af 45 14 5d bc a7 84 df 5e 51 d7 77 6b b1 85 25 1e aa f4 ff 15 ea 2f 89 2b 22 fc b2 d9 bd e1 64 00 0a b4 c9 c4 4b 07 bc 1d 00 79 45 c3 de ae 37 b3 20 88 6b 89 34 d5 ad 20 3a 0a eb 69 e8 56 13 93 2e ef 04 08 e0 97 41 88 b5 96 14 d5 3a c4 75 57 c7 81 dc f8 6b 09 14 6d 10 8e 99 9d 27 8a c5 18 85 b7 38 73 18 13 48 e4 29 79 3d 75 68 66 4c 6c aa 5b 3c 9d 66 24 26 f8 67 af ed 33 14 e3 67 18 6f d2 09 36 a0 91 09 33 6a 71 08 8d c7 c6 1f 19 e3 53 37 bc 7c e1 be 37 fb 06 04 fe 36 18 60 69 c3 ff
                                                Data Ascii: ~h6M[d=GQv]b|a=E@~u~@yJ-?YY.dF7E]^Qwk%/+"dKyE7 k4 :iV.A:uWkm'8sH)y=uhfLl[<f$&g3go63jqS7|76`i
                                                2024-07-03 13:47:09 UTC16333INData Raw: f7 95 55 84 6c f9 e5 0e 8a ab e2 15 48 3a f1 df 55 85 f3 68 1b 29 eb 40 7b dd 2c 91 99 16 fb d9 2a 18 3a 18 87 f3 9c 5a a2 25 3a 0b 0e a0 3b 68 4d 99 b1 e4 f2 39 e1 79 ee a2 38 2e 95 4a bb 3f b4 3e 9d f7 bc 5b 3b a3 38 9d d1 7f b2 a0 64 39 da 0b a7 3a 6f e1 58 d0 a7 01 1a ec 14 0c 5c 56 93 32 f5 11 db 8f d4 bb 0e 13 aa f2 fe 9c 3d cc 73 7b d2 e4 b4 6c 9a e4 30 ae 4b fc 7c 20 46 1c 6c 71 a8 6a f6 53 3e ec 6a 61 f7 b8 b7 d5 77 58 b5 0d 75 93 44 ae d5 ee 67 63 e9 8f 19 1e 48 15 7e 19 64 19 8a d5 27 94 d4 8d 72 da 92 e6 fb e6 d4 05 4b 9c a2 fa 8b a8 d5 17 b8 5a e5 0b c4 e6 a3 c5 16 68 46 f4 5b e3 f8 da 43 5c 1c c2 3f df b0 b4 23 b8 0c 20 3a 50 30 7b ae fd 40 cb 2a 79 2b 7d 0d 44 71 2c 32 05 cc a2 ec d9 f9 cf ab 65 e1 8c f2 9d f5 4e c1 9f 05 23 39 18 f3 e4 e7
                                                Data Ascii: UlH:Uh)@{,*:Z%:;hM9y8.J?>[;8d9:oX\V2=s{l0K| FlqjS>jawXuDgcH~d'rKZhF[C\?# :P0{@*y+}Dq,2eN#9
                                                2024-07-03 13:47:09 UTC16384INData Raw: 4c e7 02 57 3a 7d 7d 3e 92 7d 31 c6 f2 cc 52 c7 a6 2c 9c 1f 22 7b be c9 95 f9 32 af 08 15 7b 13 e1 89 31 b3 95 f6 23 25 d5 86 24 96 84 cc c5 d5 c9 5e cd 5e cd 1f f9 de 64 25 c3 79 52 8d a4 bc 7b 0f 58 49 28 79 9e be 9c 8e db 35 e6 c6 c3 16 0d 8c fa e4 25 24 ff e4 70 df 66 f5 aa 84 9a 26 d9 03 a4 df 9b 8c 65 2f 4a 26 9d e5 a3 5a 61 a7 d7 4e c5 4d 6b 19 47 b3 49 ab 09 f7 58 23 2c cc d3 b8 2e 19 b6 8f 7b 91 8a 0d a2 6d 4a 23 4d 18 8c 2a 93 5b 64 10 f4 2c 8c cd 5b 6b 78 d1 fb 4c 3a 1d 09 4d d7 55 0f 5c 2c 01 8c b9 b8 43 44 79 a6 77 97 13 20 41 e3 21 16 fa cf f1 b1 bc fd 4b 8c 0d bf a3 0c b9 0c db 14 df 3d 89 52 eb c4 c4 50 a8 d9 29 15 ac 71 37 ae e2 3b 55 26 16 ed bf 88 e4 9e 0f c5 18 b0 e5 d6 1a 92 37 33 54 8d 68 29 dc 8c 43 a3 08 ce b1 fc f2 af 97 3b fd e8
                                                Data Ascii: LW:}}>}1R,"{2{1#%$^^d%yR{XI(y5%$pf&e/J&ZaNMkGIX#,.{mJ#M*[d,[kxL:MU\,CDyw A!K=RP)q7;U&73Th)C;
                                                2024-07-03 13:47:10 UTC16384INData Raw: 60 a1 2d 43 7b d4 b5 4c 14 ca 65 23 d3 c9 d2 94 b9 c0 91 07 ac 14 42 67 71 6e fd dc a1 af de f5 bc c2 07 b4 7e 67 a8 68 df 0f c6 7f 9a fd 2c 3b 4e 9a 5d 65 88 c9 a3 95 81 69 58 f1 9c 26 24 7f 55 0a 8b 67 63 be 16 46 4e 1b 24 17 61 53 bf e6 58 b8 78 60 9c e8 f2 c5 0e 91 e1 60 98 93 48 f4 2f f8 fc 8b 6c 26 db d0 47 76 5c 48 af 33 23 ad 91 5c be b3 a9 01 d3 c2 fb a1 e6 21 fe 5f 86 29 6f 50 51 20 c8 64 07 d2 ab 5c 6e 78 70 73 b6 09 68 35 c0 1e b9 fa bd a4 2e 58 40 09 bf 14 95 82 34 26 10 96 7d 66 79 37 2c 21 72 01 bd 76 53 af 8e 1e 6a fe d9 d3 87 3e 59 42 d3 3c cc 37 14 8d fa 6c 31 04 15 05 ef 7a 15 0a b8 20 87 41 2c 8f db bb 32 27 a8 bb a7 0a 79 15 f8 b6 c2 a3 bc 77 9a 01 5d 65 a9 90 0a ae 13 30 d4 36 9f da 01 fc 86 3e 51 ba 78 ef 09 1d 90 04 7b 87 fd da b5
                                                Data Ascii: `-C{Le#Bgqn~gh,;N]eiX&$UgcFN$aSXx``H/l&Gv\H3#\!_)oPQ d\nxpsh5.X@4&}fy7,!rvSj>YB<7l1z A,2'yw]e06>Qx{


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                63192.168.2.54979531.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC687OUTGET /v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=0&byteend=817 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC550INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 17:04:14 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 118353545
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:09 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 818
                                                2024-07-03 13:47:09 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:09 UTC817INData Raw: 00 00 28 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 76 70 30 39 63 6d 66 63 00 00 03 0a 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 a8 92 0e e2 a8 92 0e 00 00 3c 00 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61
                                                Data Ascii: (ftypmp41iso8isommp41dashvp09cmfcmoovlmvhd<@meta hdlrID32`ID32ID3HPRIV>https://github.com/sha


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                64192.168.2.549803157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC692OUTGET /v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=826&byteend=905 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC676INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=826&byteend=905
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:09 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                65192.168.2.549804157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC924OUTGET /v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=824&byteend=915 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC247INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 15:27:32 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 3780638177
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                2024-07-03 13:47:09 UTC2968INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 73 70 6f 6e 73 65 5f 6f 6b 3b 20 65 5f 70 72 6f 78 79 3d 22 41 63 4a 52 51 32 44 4b 6d 76 4f 68 38 30 4f 4e 76 4b 4a 79 4a 39 62 47 36 6d 4a 31 4e 5f 41 4f 32 6c 75 77 72 30 31 44 63 75 50 54 57 55 44 63 2d 6a 4e 69 57 4f 64 35 44 32 4a 4c 45 44 59 66 63 4f 69 65 68 70 65 78 46 69 37 38 39 39 79 54 61 4d 77 45 22 3b 20 65 5f 66 62 5f 62 69 6e 61 72 79 76 65 72 73 69 6f 6e 3d 22 41 63 4b 55 55 64 78 39 68 4f 64 46 62 59 6e 71 45 5f 56 77 7a 45 35 5a 30 62 50 39 7a 50 5a 74 64 7a 5f 6b 7a 33 77 41 61 4d 51 4d 6b 38 41 79 46 31 72 52 68 78 49 6d 50 53 41 67 4f 48 4e 7a 6a 49 41 6d 39 79 32 46 75 64 61 76 47 78 7a 6f 6b 61 31 48 30 39 48 78 70 6a 6d 67 56 74 63 5a 2d 4a 63 22 3b 20 65 5f 66 62 5f
                                                Data Ascii: Proxy-Status: http_response_ok; e_proxy="AcJRQ2DKmvOh80ONvKJyJ9bG6mJ1N_AO2luwr01DcuPTWUDc-jNiWOd5D2JLEDYfcOiehpexFi7899yTaMwE"; e_fb_binaryversion="AcKUUdx9hOdFbYnqE_VwzE5Z0bP9zPZtdz_kz3wAaMQMk8AyF1rRhxImPSAgOHNzjIAm9y2FudavGxzoka1H09HxpjmgVtcZ-Jc"; e_fb_
                                                2024-07-03 13:47:09 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:09 UTC91INData Raw: 00 00 5c 73 69 64 78 00 00 00 00 00 00 00 01 00 00 ac 44 00 00 00 00 00 00 00 00 00 00 00 05 00 00 45 91 00 01 5c 3e 90 00 00 00 00 00 40 4b 00 01 58 00 90 00 00 00 00 00 3f 07 00 01 58 00 90 00 00 00 00 00 3f ea 00 01 58 00 90 00 00 00 00 00 35 52 00 01 23 82 90 00 00 00
                                                Data Ascii: \sidxDE\>@KX?X?X5R#


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                66192.168.2.549806157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC926OUTGET /v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=916&byteend=18724 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC247INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 15:27:32 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 3780638177
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                2024-07-03 13:47:09 UTC2975INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 73 70 6f 6e 73 65 5f 6f 6b 3b 20 65 5f 70 72 6f 78 79 3d 22 41 63 4a 52 51 32 44 4b 6d 76 4f 68 38 30 4f 4e 76 4b 4a 79 4a 39 62 47 36 6d 4a 31 4e 5f 41 4f 32 6c 75 77 72 30 31 44 63 75 50 54 57 55 44 63 2d 6a 4e 69 57 4f 64 35 44 32 4a 4c 45 44 59 66 63 4f 69 65 68 70 65 78 46 69 37 38 39 39 79 54 61 4d 77 45 22 3b 20 65 5f 66 62 5f 62 69 6e 61 72 79 76 65 72 73 69 6f 6e 3d 22 41 63 4b 55 55 64 78 39 68 4f 64 46 62 59 6e 71 45 5f 56 77 7a 45 35 5a 30 62 50 39 7a 50 5a 74 64 7a 5f 6b 7a 33 77 41 61 4d 51 4d 6b 38 41 79 46 31 72 52 68 78 49 6d 50 53 41 67 4f 48 4e 7a 6a 49 41 6d 39 79 32 46 75 64 61 76 47 78 7a 6f 6b 61 31 48 30 39 48 78 70 6a 6d 67 56 74 63 5a 2d 4a 63 22 3b 20 65 5f 66 62 5f
                                                Data Ascii: Proxy-Status: http_response_ok; e_proxy="AcJRQ2DKmvOh80ONvKJyJ9bG6mJ1N_AO2luwr01DcuPTWUDc-jNiWOd5D2JLEDYfcOiehpexFi7899yTaMwE"; e_fb_binaryversion="AcKUUdx9hOdFbYnqE_VwzE5Z0bP9zPZtdz_kz3wAaMQMk8AyF1rRhxImPSAgOHNzjIAm9y2FudavGxzoka1H09HxpjmgVtcZ-Jc"; e_fb_
                                                2024-07-03 13:47:09 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:09 UTC1500INData Raw: 00 01 34 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 01 1c 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 08 00 00 00 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 00 cc 74 72 75 6e 00 00 02 01 00 00 00 2e 00 00 01 3c 00 00 01 73 00 00 01 7f 00 00 01 da 00 00 01 d0 00 00 01 c1 00 00 01 d5 00 00 01 93 00 00 01 92 00 00 01 6e 00 00 01 52 00 00 01 69 00 00 01 88 00 00 01 9c 00 00 01 b3 00 00 01 84 00 00 01 7e 00 00 01 7c 00 00 01 7a 00 00 01 6d 00 00 01 5c 00 00 01 a7 00 00 01 77 00 00 01 50 00 00 01 67 00 00 01 60 00 00 01 68 00 00 01 60 00 00 01 a3 00 00 01 51 00 00 01 54 00 00 01 68 00 00 01 81 00 00 01 9e 00 00 01 bb 00 00 01 9d 00 00 01 4e 00 00 01 52 00 00 01 59 00 00 01 41 00 00 01 56
                                                Data Ascii: 4moofmfhdtraftfhd*tfdttrun.<snRi~|zm\wPg`h`QThNRYAV
                                                2024-07-03 13:47:09 UTC15416INData Raw: 27 50 60 9d 92 bc 8b f2 04 c9 3a 91 b4 cd cb 05 95 22 9d 17 5e 51 b0 0f b8 6f 01 d0 10 85 55 05 04 00 e0 05 04 00 e0 24 48 00 e0 21 1b 54 6d fc 94 2b 1b 84 04 22 36 68 67 85 71 6f 2f 92 de db f2 dd db 5c cd 38 b3 7e 70 6d d9 83 83 dd 2f 75 60 81 a6 48 c1 07 56 3f df a8 e0 7e 70 46 48 2d 22 f1 76 15 cc c9 6f 89 90 fa 4f 92 d2 f4 e6 dc fd 2e 05 13 dc 23 d8 9b 65 57 09 e9 ea 3e 0c d2 7f 22 7d d0 88 81 f7 9b 0e f2 df 8f 8f 9c 26 5a 52 e8 63 2b a4 02 e8 3f 99 40 1b 1d d3 4e 26 dd cb 73 92 62 3a 5a 2b c7 57 ae 85 45 39 fb 2b 06 1b c5 5e 2d 13 d6 9d 89 a4 95 a2 55 47 68 98 9b d0 e5 72 6b 6d 13 9b 32 10 3f 39 2b 15 d6 e1 9e bc 5b f0 3f bd 84 f1 b5 c5 ab 7d e6 83 0e f3 4a ec 55 09 7b 67 35 54 82 9b 5b 1b 99 cb 97 bb 8a 36 6d 41 2d 31 71 87 4c d9 73 1a 06 3e 1d f2
                                                Data Ascii: 'P`:"^QoU$H!Tm+"6hgqo/\8~pm/u`HV?~pFH-"voO.#eW>"}&ZRc+?@N&sb:Z+WE9+^-UGhrkm2?9+[?}JU{g5T[6mA-1qLs>
                                                2024-07-03 13:47:09 UTC892INData Raw: a4 14 b1 ac 48 91 40 0c 50 1f 70 33 d1 30 00 3c e0 d2 45 f2 01 f0 0f 4e 00 0c 36 e9 16 a5 95 8c 03 aa 7f 0e d0 9f c5 f5 2e 5c 38 9d 6c d2 b8 4b 7d bb 13 91 7f 87 a4 aa f3 52 b6 db 0a eb 06 3b b4 4a 06 ff 90 12 d7 59 46 b8 80 02 42 d1 99 b6 f9 bd 99 9f 38 10 d4 5f 6c 6b 1a df 1f 01 99 61 08 ee 12 5c a9 f7 cf 73 98 00 99 29 80 00 2c 25 11 b0 da 38 fe 5a b0 85 77 85 68 08 40 10 8b ce c4 bf ff 28 01 ae 97 3b 9f fe c0 04 ff 9f ea 77 42 00 70 21 1b 4f ff ff af ff 82 28 d0 f4 46 30 8d 89 61 61 89 54 70 2b 0a 84 02 21 01 08 56 15 40 b7 60 0d d9 6a 0b 93 3c f0 2f 73 be 6c f5 30 31 07 0d 94 80 08 1d c2 1a 61 6a 02 0a 19 ec 41 02 ad 17 3a 79 3a 20 5e 49 65 e2 33 63 8b 32 00 19 81 94 47 67 89 c7 3e 1f d7 7e 60 ee 9a b9 04 00 09 25 9e 54 90 29 49 34 ff 02 a8 80 37 f8
                                                Data Ascii: H@Pp30<EN6.\8lK}R;JYFB8_lka\s),%8Zwh@(;wBp!O(F0aaTp+!V@`j</sl01ajA:y: ^Ie3c2Gg>~`%T)I47


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                67192.168.2.549809157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC710OUTGET /v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=0&byteend=823 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC694INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=0&byteend=823
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:09 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                68192.168.2.54979631.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC703OUTGET /v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=824&byteend=915 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC550INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 20:00:43 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 4175100246
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:09 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 92
                                                2024-07-03 13:47:09 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:09 UTC91INData Raw: 00 00 5c 73 69 64 78 00 00 00 00 00 00 00 01 00 00 bb 80 00 00 00 00 00 00 00 00 00 00 00 05 00 00 45 d4 00 01 7c 3e 90 00 00 00 00 00 3f c2 00 01 78 00 90 00 00 00 00 00 3f 73 00 01 78 00 90 00 00 00 00 00 3f 85 00 01 70 00 90 00 00 00 00 00 2e a6 00 01 13 c2 90 00 00 00
                                                Data Ascii: \sidxE|>?x?sx?p.


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                69192.168.2.549799157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC902OUTGET /v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=0&byteend=825 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC247INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 01:19:35 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 2477213452
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                2024-07-03 13:47:09 UTC2645INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 73 70 6f 6e 73 65 5f 6f 6b 3b 20 65 5f 66 62 5f 63 6f 6e 66 69 67 76 65 72 73 69 6f 6e 3d 22 41 63 4c 6b 72 6f 78 69 2d 6a 35 34 45 33 77 6b 46 72 74 62 47 42 7a 52 48 4d 48 4b 64 75 50 37 5f 77 6a 7a 30 34 44 32 62 4c 41 5f 76 76 46 61 59 6b 73 6f 4d 78 72 53 6c 37 56 72 41 67 22 3b 20 65 5f 66 62 5f 76 69 70 70 6f 72 74 3d 22 41 63 4b 65 6d 35 58 6b 41 6e 4c 32 76 70 68 30 79 74 66 4b 58 69 57 70 5a 54 7a 70 78 79 44 63 31 41 71 49 6f 4f 37 46 69 43 67 63 6c 6b 6d 61 77 6a 4b 6d 33 49 5a 7a 2d 34 36 63 22 3b 20 65 5f 66 62 5f 70 72 6f 78 79 63 6f 64 65 3d 22 41 63 4a 4a 63 32 30 66 72 76 64 4b 57 43 41 67 65 61 30 50 61 70 75 65 70 42 49 47 72 66 58 64 6b 53 72 4d 47 64 4b 75 58 76 68 63 56
                                                Data Ascii: Proxy-Status: http_response_ok; e_fb_configversion="AcLkroxi-j54E3wkFrtbGBzRHMHKduP7_wjz04D2bLA_vvFaYksoMxrSl7VrAg"; e_fb_vipport="AcKem5XkAnL2vph0ytfKXiWpZTzpxyDc1AqIoO7FiCgclkmawjKm3IZz-46c"; e_fb_proxycode="AcJJc20frvdKWCAgea0PapuepBIGrfXdkSrMGdKuXvhcV
                                                2024-07-03 13:47:09 UTC190INData Raw: 58 2d 46 42 2d 43 6f 6e 6e 65 63 74 69 6f 6e 2d 51 75 61 6c 69 74 79 3a 20 45 58 43 45 4c 4c 45 4e 54 3b 20 71 3d 30 2e 39 2c 20 72 74 74 3d 33 32 2c 20 72 74 78 3d 30 2c 20 63 3d 31 34 2c 20 6d 73 73 3d 31 33 39 32 2c 20 74 62 77 3d 33 34 31 31 2c 20 74 70 3d 2d 31 2c 20 74 70 6c 3d 2d 31 2c 20 75 70 6c 61 74 3d 30 2c 20 75 6c 6c 61 74 3d 2d 31 0d 0a 41 6c 74 2d 53 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 38 32 36 0d 0a 0d 0a
                                                Data Ascii: X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1Alt-Svc: h3=":443"; ma=86400Connection: closeContent-Length: 826
                                                2024-07-03 13:47:09 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:09 UTC825INData Raw: 00 00 28 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 61 76 30 31 63 6d 66 63 00 00 03 12 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 a7 b4 a6 e2 a7 b4 a6 00 00 3c 00 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61
                                                Data Ascii: (ftypmp41iso8isommp41dashav01cmfcmoovlmvhd<@meta hdlrID32`ID32ID3HPRIV>https://github.com/sha


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                70192.168.2.549810157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC904OUTGET /v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=826&byteend=893 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC247INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 01:19:35 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 2477213452
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                2024-07-03 13:47:09 UTC2644INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 73 70 6f 6e 73 65 5f 6f 6b 3b 20 65 5f 66 62 5f 63 6f 6e 66 69 67 76 65 72 73 69 6f 6e 3d 22 41 63 4c 6b 72 6f 78 69 2d 6a 35 34 45 33 77 6b 46 72 74 62 47 42 7a 52 48 4d 48 4b 64 75 50 37 5f 77 6a 7a 30 34 44 32 62 4c 41 5f 76 76 46 61 59 6b 73 6f 4d 78 72 53 6c 37 56 72 41 67 22 3b 20 65 5f 66 62 5f 76 69 70 70 6f 72 74 3d 22 41 63 4b 65 6d 35 58 6b 41 6e 4c 32 76 70 68 30 79 74 66 4b 58 69 57 70 5a 54 7a 70 78 79 44 63 31 41 71 49 6f 4f 37 46 69 43 67 63 6c 6b 6d 61 77 6a 4b 6d 33 49 5a 7a 2d 34 36 63 22 3b 20 65 5f 66 62 5f 70 72 6f 78 79 63 6f 64 65 3d 22 41 63 4a 4a 63 32 30 66 72 76 64 4b 57 43 41 67 65 61 30 50 61 70 75 65 70 42 49 47 72 66 58 64 6b 53 72 4d 47 64 4b 75 58 76 68 63 56
                                                Data Ascii: Proxy-Status: http_response_ok; e_fb_configversion="AcLkroxi-j54E3wkFrtbGBzRHMHKduP7_wjz04D2bLA_vvFaYksoMxrSl7VrAg"; e_fb_vipport="AcKem5XkAnL2vph0ytfKXiWpZTzpxyDc1AqIoO7FiCgclkmawjKm3IZz-46c"; e_fb_proxycode="AcJJc20frvdKWCAgea0PapuepBIGrfXdkSrMGdKuXvhcV
                                                2024-07-03 13:47:09 UTC189INData Raw: 58 2d 46 42 2d 43 6f 6e 6e 65 63 74 69 6f 6e 2d 51 75 61 6c 69 74 79 3a 20 45 58 43 45 4c 4c 45 4e 54 3b 20 71 3d 30 2e 39 2c 20 72 74 74 3d 33 32 2c 20 72 74 78 3d 30 2c 20 63 3d 31 34 2c 20 6d 73 73 3d 31 33 39 32 2c 20 74 62 77 3d 33 34 31 30 2c 20 74 70 3d 2d 31 2c 20 74 70 6c 3d 2d 31 2c 20 75 70 6c 61 74 3d 31 2c 20 75 6c 6c 61 74 3d 2d 31 0d 0a 41 6c 74 2d 53 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 36 38 0d 0a 0d 0a
                                                Data Ascii: X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=1, ullat=-1Alt-Svc: h3=":443"; ma=86400Connection: closeContent-Length: 68
                                                2024-07-03 13:47:09 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:09 UTC67INData Raw: 00 00 44 73 69 64 78 00 00 00 00 00 00 00 01 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 03 00 05 95 04 00 01 2c 00 10 00 00 00 00 05 3e 0e 00 01 2c 00 10 00 00 00 00 03 37 7e 00 00 ce 00 10 00 00 00
                                                Data Ascii: Dsidx<,>,7~


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                71192.168.2.54981531.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC689OUTGET /v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=818&byteend=873 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC549INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 17:04:14 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 118353545
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:09 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 56
                                                2024-07-03 13:47:10 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:10 UTC55INData Raw: 00 00 38 73 69 64 78 00 00 00 00 00 00 00 01 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 b9 dc 00 01 2c 00 10 00 00 00 00 00 4d dd 00 00 50 00 10 00 00 00
                                                Data Ascii: 8sidx<,MP


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                72192.168.2.549807157.240.252.354432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC368OUTGET /ajax/bulk-route-definitions/ HTTP/1.1
                                                Host: www.facebook.com
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC1171INHTTP/1.1 404 Not Found
                                                Vary: Accept-Encoding
                                                Set-Cookie: fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZe.AWWM1Pe9py0; expires=Tue, 01-Oct-2024 13:47:10 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=None
                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387405726054556493", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387405726054556493"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                2024-07-03 13:47:10 UTC1859INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27
                                                Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net '
                                                2024-07-03 13:47:10 UTC1662INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 61 74 74 65 72 79 3d 28 73 65 6c 66 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f
                                                Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewpo
                                                2024-07-03 13:47:10 UTC2558INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 71 75 65 73 74 5f 65 72 72 6f 72 3b 20 65 5f 66 62 5f 63 6f 6e 66 69 67 76 65 72 73 69 6f 6e 3d 22 41 63 4a 39 7a 6f 6f 73 71 32 43 77 30 76 31 52 38 30 41 30 4e 7a 69 7a 50 76 78 76 70 53 78 56 78 41 66 75 6d 51 78 4a 63 61 55 79 6f 61 44 77 63 6d 63 46 68 4c 36 4f 58 67 5a 64 50 51 22 3b 20 65 5f 63 6c 69 65 6e 74 61 64 64 72 3d 22 41 63 4c 4b 48 5f 63 74 68 4c 33 33 56 46 41 77 6f 63 6b 35 6f 6e 34 71 32 46 43 36 42 38 43 72 61 6a 52 31 4d 6c 67 4c 72 74 4c 76 72 6e 76 6c 65 5f 48 44 64 63 4a 73 35 64 77 43 76 47 46 53 48 72 47 35 57 53 56 42 34 62 65 33 72 68 4d 30 30 69 4d 57 50 75 6a 32 79 65 46 41 47 4e 63 50 4d 47 36 42 6d 39 5f 34 4a 77 62 4b 39 6f 33 5f 75 77 22 3b 20 65 5f 66 62 5f
                                                Data Ascii: Proxy-Status: http_request_error; e_fb_configversion="AcJ9zoosq2Cw0v1R80A0NzizPvxvpSxVxAfumQxJcaUyoaDwcmcFhL6OXgZdPQ"; e_clientaddr="AcLKH_cthL33VFAwock5on4q2FC6B8CrajR1MlgLrtLvrnvle_HDdcJs5dwCvGFSHrG5WSVB4be3rhM00iMWPuj2yeFAGNcPMG6Bm9_4JwbK9o3_uw"; e_fb_
                                                2024-07-03 13:47:10 UTC170INData Raw: 58 2d 46 42 2d 43 6f 6e 6e 65 63 74 69 6f 6e 2d 51 75 61 6c 69 74 79 3a 20 4d 4f 44 45 52 41 54 45 3b 20 71 3d 30 2e 33 2c 20 72 74 74 3d 31 38 31 2c 20 72 74 78 3d 30 2c 20 63 3d 31 30 2c 20 6d 73 73 3d 31 33 39 32 2c 20 74 62 77 3d 33 34 30 33 2c 20 74 70 3d 2d 31 2c 20 74 70 6c 3d 2d 31 2c 20 75 70 6c 61 74 3d 31 35 39 2c 20 75 6c 6c 61 74 3d 30 0d 0a 41 6c 74 2d 53 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a
                                                Data Ascii: X-FB-Connection-Quality: MODERATE; q=0.3, rtt=181, rtx=0, c=10, mss=1392, tbw=3403, tp=-1, tpl=-1, uplat=159, ullat=0Alt-Svc: h3=":443"; ma=86400Connection: close
                                                2024-07-03 13:47:10 UTC1330INData Raw: 31 35 35 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 6a 73 22 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 6f 72 69 67 69 6e 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 20 2f 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 50 55 31 76 6f 5a 70 63 22 3e 66 75 6e 63 74 69 6f 6e 20 65 6e 76 46 6c 75 73 68 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 62 5b 63 5d 3d 61
                                                Data Ascii: 155a<!DOCTYPE html><html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8" /><meta name="referrer" content="origin-when-crossorigin" id="meta_referrer" /><script nonce="PU1voZpc">function envFlush(a){function b(b){for(var c in a)b[c]=a
                                                2024-07-03 13:47:10 UTC1500INData Raw: 2b 78 6d 6c 22 20 68 72 65 66 3d 22 2f 6f 73 64 2e 78 6d 6c 22 20 74 69 74 6c 65 3d 22 46 61 63 65 62 6f 6f 6b 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 6d 65 64 69 61 3d 22 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 36 34 30 70 78 29 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 61 6a 61 78 2f 62 75 6c 6b 2d 72 6f 75 74 65 2d 64 65 66 69 6e 69 74 69 6f 6e 73 2f 3f 6c 6f 63 61 6c 65 32 3d 65 6e 5f 47 42 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 6d 65 64 69 61 3d 22 68 61 6e 64 68 65 6c 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 61 6a
                                                Data Ascii: +xml" href="/osd.xml" title="Facebook" /><link rel="alternate" media="only screen and (max-width: 640px)" href="https://www.facebook.com/ajax/bulk-route-definitions/?locale2=en_GB" /><link rel="alternate" media="handheld" href="https://www.facebook.com/aj
                                                2024-07-03 13:47:10 UTC1500INData Raw: 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 30 34 33 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 39 39 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 37 37 34 32 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 30 39 33 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 30 39 34 38 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 35 35 37 32 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 35 35 37 31 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68
                                                Data Ascii: ash":null},"21043":{"result":false,"hash":null},"2199":{"result":false,"hash":null},"7742":{"result":false,"hash":null},"20936":{"result":false,"hash":null},"20948":{"result":true,"hash":null},"25572":{"result":true,"hash":null},"25571":{"result":false,"h
                                                2024-07-03 13:47:10 UTC1144INData Raw: 2c 5b 22 63 72 3a 36 36 36 39 22 2c 5b 22 44 61 74 61 53 74 6f 72 65 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 44 61 74 61 53 74 6f 72 65 22 2c 6e 75 6c 6c 5d 7d 2c 2d 31 5d 2c 5b 22 53 65 72 76 65 72 4e 6f 6e 63 65 22 2c 5b 5d 2c 7b 22 53 65 72 76 65 72 4e 6f 6e 63 65 22 3a 22 79 41 6a 73 42 57 6d 74 57 61 30 53 55 4f 74 47 30 35 62 6b 41 5a 22 7d 2c 31 34 31 5d 2c 5b 22 4b 53 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 22 6b 69 6c 6c 65 64 22 3a 7b 22 5f 5f 73 65 74 22 3a 5b 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 43 52 45 41 54 45 22 2c 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 44 45 4c 45 54 45 22 2c 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 55 50 44 41 54 45 5f 4e 41 4d 45 22 2c 22 57 4f 52 4b 52 4f 4f 4d 53 5f 52 45 51 55 45 53 54
                                                Data Ascii: ,["cr:6669",["DataStore"],{"__rc":["DataStore",null]},-1],["ServerNonce",[],{"ServerNonce":"yAjsBWmtWa0SUOtG05bkAZ"},141],["KSConfig",[],{"killed":{"__set":["POCKET_MONSTERS_CREATE","POCKET_MONSTERS_DELETE","POCKET_MONSTERS_UPDATE_NAME","WORKROOMS_REQUEST
                                                2024-07-03 13:47:10 UTC1500INData Raw: 35 30 38 66 0d 0a 33 31 5d 2c 5b 22 43 6f 6f 6b 69 65 44 6f 6d 61 69 6e 22 2c 5b 5d 2c 7b 22 64 6f 6d 61 69 6e 22 3a 22 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 22 7d 2c 36 34 32 31 5d 2c 5b 22 47 65 74 41 73 79 6e 63 50 61 72 61 6d 73 45 78 74 72 61 44 61 74 61 22 2c 5b 5d 2c 7b 22 65 78 74 72 61 5f 64 61 74 61 22 3a 7b 7d 7d 2c 37 35 31 31 5d 2c 5b 22 42 6f 6f 74 6c 6f 61 64 65 72 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 22 64 65 66 65 72 42 6f 6f 74 6c 6f 61 64 73 22 3a 66 61 6c 73 65 2c 22 6a 73 52 65 74 72 69 65 73 22 3a 5b 32 30 30 2c 35 30 30 5d 2c 22 6a 73 52 65 74 72 79 41 62 6f 72 74 4e 75 6d 22 3a 32 2c 22 6a 73 52 65 74 72 79 41 62 6f 72 74 54 69 6d 65 22 3a 35 2c 22 73 69 6c 65 6e 74 44 75 70 73 22 3a 66 61 6c 73 65 2c 22 74 69 6d 65 6f 75 74 22 3a 36
                                                Data Ascii: 508f31],["CookieDomain",[],{"domain":"facebook.com"},6421],["GetAsyncParamsExtraData",[],{"extra_data":{}},7511],["BootloaderConfig",[],{"deferBootloads":false,"jsRetries":[200,500],"jsRetryAbortNum":2,"jsRetryAbortTime":5,"silentDups":false,"timeout":6
                                                2024-07-03 13:47:10 UTC1500INData Raw: 66 61 6c 73 65 2c 22 49 53 5f 4d 45 53 53 45 4e 47 45 52 5f 4f 4e 4c 59 5f 55 53 45 52 22 3a 66 61 6c 73 65 2c 22 49 53 5f 44 45 41 43 54 49 56 41 54 45 44 5f 41 4c 4c 4f 57 45 44 5f 4f 4e 5f 4d 45 53 53 45 4e 47 45 52 22 3a 66 61 6c 73 65 2c 22 49 53 5f 4d 45 53 53 45 4e 47 45 52 5f 43 41 4c 4c 5f 47 55 45 53 54 5f 55 53 45 52 22 3a 66 61 6c 73 65 2c 22 49 53 5f 57 4f 52 4b 5f 4d 45 53 53 45 4e 47 45 52 5f 43 41 4c 4c 5f 47 55 45 53 54 5f 55 53 45 52 22 3a 66 61 6c 73 65 2c 22 49 53 5f 57 4f 52 4b 52 4f 4f 4d 53 5f 55 53 45 52 22 3a 66 61 6c 73 65 2c 22 41 50 50 5f 49 44 22 3a 22 32 35 36 32 38 31 30 34 30 35 35 38 22 2c 22 49 53 5f 42 55 53 49 4e 45 53 53 5f 44 4f 4d 41 49 4e 22 3a 66 61 6c 73 65 7d 2c 32 37 30 5d 2c 5b 22 4c 53 44 22 2c 5b 5d 2c 7b 22
                                                Data Ascii: false,"IS_MESSENGER_ONLY_USER":false,"IS_DEACTIVATED_ALLOWED_ON_MESSENGER":false,"IS_MESSENGER_CALL_GUEST_USER":false,"IS_WORK_MESSENGER_CALL_GUEST_USER":false,"IS_WORKROOMS_USER":false,"APP_ID":"256281040558","IS_BUSINESS_DOMAIN":false},270],["LSD",[],{"


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                73192.168.2.549814157.240.0.354432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC912OUTPOST /ajax/bulk-route-definitions/ HTTP/1.1
                                                Host: www.facebook.com
                                                Connection: keep-alive
                                                Content-Length: 4085
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Content-Type: application/x-www-form-urlencoded
                                                X-FB-LSD: AVqIzvvP8QI
                                                sec-ch-ua-platform-version: "10.0.0"
                                                X-ASBD-ID: 129477
                                                sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                sec-ch-ua-model: ""
                                                sec-ch-prefers-color-scheme: light
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/video
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:09 UTC4085OUTData Raw: 72 6f 75 74 65 5f 75 72 6c 73 5b 30 5d 3d 25 32 46 31 30 30 30 36 36 35 37 35 32 33 36 33 30 35 25 32 46 76 69 64 65 6f 73 25 32 46 31 38 31 38 34 36 38 34 37 31 39 38 30 36 37 37 25 32 46 25 33 46 5f 5f 73 6f 5f 5f 25 33 44 64 69 73 63 6f 76 65 72 25 32 36 5f 5f 72 76 5f 5f 25 33 44 76 69 64 65 6f 5f 68 6f 6d 65 5f 77 77 77 5f 6c 6f 65 5f 70 6f 70 75 6c 61 72 5f 76 69 64 65 6f 73 25 32 36 5f 5f 63 66 74 5f 5f 5b 30 5d 25 33 44 41 5a 56 70 7a 4b 71 6b 33 78 31 5a 66 39 68 67 67 77 4c 54 59 38 37 5f 37 5f 2d 63 61 4a 4a 56 73 57 6a 65 35 76 33 49 42 68 4b 44 2d 6f 69 48 36 66 2d 68 41 5a 43 42 54 55 37 49 4d 74 6a 32 6e 63 6c 67 2d 79 57 66 5f 53 30 5a 70 31 6a 7a 55 4f 48 74 2d 78 35 7a 64 79 50 69 50 57 36 42 31 47 79 72 36 32 36 77 76 79 6d 2d 4b 6a 72
                                                Data Ascii: route_urls[0]=%2F100066575236305%2Fvideos%2F1818468471980677%2F%3F__so__%3Ddiscover%26__rv__%3Dvideo_home_www_loe_popular_videos%26__cft__[0]%3DAZVpzKqk3x1Zf9hggwLTY87_7_-caJJVsWje5v3IBhKD-oiH6f-hAZCBTU7IMtj2nclg-yWf_S0Zp1jzUOHt-x5zdyPiPW6B1Gyr626wvym-Kjr
                                                2024-07-03 13:47:10 UTC994INHTTP/1.1 200 OK
                                                Content-Type: text/javascript; charset=utf-8
                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown&brsid=7387405727406162197", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown&brsid=7387405727406162197"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                2024-07-03 13:47:10 UTC1859INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27
                                                Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net '
                                                2024-07-03 13:47:10 UTC2007INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 61 74 74 65 72 79 3d 28 73 65 6c 66 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f
                                                Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewpo
                                                2024-07-03 13:47:10 UTC21INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a
                                                Data Ascii: Connection: close
                                                2024-07-03 13:47:10 UTC2988INData Raw: 66 34 32 35 0d 0a 66 6f 72 20 28 3b 3b 29 3b 7b 22 70 61 79 6c 6f 61 64 22 3a 7b 22 70 61 79 6c 6f 61 64 73 22 3a 7b 22 2f 31 30 30 30 36 36 35 37 35 32 33 36 33 30 35 2f 76 69 64 65 6f 73 2f 31 38 31 38 34 36 38 34 37 31 39 38 30 36 37 37 2f 3f 5f 5f 73 6f 5f 5f 3d 64 69 73 63 6f 76 65 72 26 5f 5f 72 76 5f 5f 3d 76 69 64 65 6f 5f 68 6f 6d 65 5f 77 77 77 5f 6c 6f 65 5f 70 6f 70 75 6c 61 72 5f 76 69 64 65 6f 73 26 5f 5f 63 66 74 5f 5f 5b 30 5d 3d 41 5a 56 70 7a 4b 71 6b 33 78 31 5a 66 39 68 67 67 77 4c 54 59 38 37 5f 37 5f 2d 63 61 4a 4a 56 73 57 6a 65 35 76 33 49 42 68 4b 44 2d 6f 69 48 36 66 2d 68 41 5a 43 42 54 55 37 49 4d 74 6a 32 6e 63 6c 67 2d 79 57 66 5f 53 30 5a 70 31 6a 7a 55 4f 48 74 2d 78 35 7a 64 79 50 69 50 57 36 42 31 47 79 72 36 32 36 77 76
                                                Data Ascii: f425for (;;);{"payload":{"payloads":{"/100066575236305/videos/1818468471980677/?__so__=discover&__rv__=video_home_www_loe_popular_videos&__cft__[0]=AZVpzKqk3x1Zf9hggwLTY87_7_-caJJVsWje5v3IBhKD-oiH6f-hAZCBTU7IMtj2nclg-yWf_S0Zp1jzUOHt-x5zdyPiPW6B1Gyr626wv
                                                2024-07-03 13:47:10 UTC1500INData Raw: 7d 2c 22 73 74 6f 72 79 5f 74 6f 6b 65 6e 22 3a 7b 22 6c 65 67 61 63 79 4e 61 6d 65 73 22 3a 5b 22 66 62 69 64 22 2c 22 76 69 64 65 6f 5f 69 64 22 2c 22 76 22 5d 2c 22 64 65 66 61 75 6c 74 22 3a 6e 75 6c 6c 2c 22 70 61 74 68 22 3a 74 72 75 65 2c 22 73 69 67 6e 69 66 69 63 61 6e 74 22 3a 74 72 75 65 2c 22 63 6f 65 72 63 69 62 6c 65 54 79 70 65 22 3a 22 46 42 49 44 22 7d 2c 22 73 65 74 22 3a 7b 22 6c 65 67 61 63 79 4e 61 6d 65 73 22 3a 5b 5d 2c 22 64 65 66 61 75 6c 74 22 3a 6e 75 6c 6c 2c 22 70 61 74 68 22 3a 74 72 75 65 2c 22 73 69 67 6e 69 66 69 63 61 6e 74 22 3a 74 72 75 65 2c 22 63 6f 65 72 63 69 62 6c 65 54 79 70 65 22 3a 22 53 54 52 49 4e 47 22 7d 2c 22 63 68 61 6e 6e 65 6c 5f 65 6e 74 72 79 5f 70 6f 69 6e 74 22 3a 7b 22 6c 65 67 61 63 79 4e 61 6d 65
                                                Data Ascii: },"story_token":{"legacyNames":["fbid","video_id","v"],"default":null,"path":true,"significant":true,"coercibleType":"FBID"},"set":{"legacyNames":[],"default":null,"path":true,"significant":true,"coercibleType":"STRING"},"channel_entry_point":{"legacyName
                                                2024-07-03 13:47:10 UTC1500INData Raw: 6c 69 73 74 52 6f 6f 74 2e 65 6e 74 72 79 70 6f 69 6e 74 22 7d 7d 2c 22 74 72 61 63 65 50 6f 6c 69 63 79 22 3a 22 63 6f 6d 65 74 2e 77 61 74 63 68 2e 70 6c 61 79 6c 69 73 74 22 2c 22 6d 65 74 61 22 3a 7b 22 74 69 74 6c 65 22 3a 22 45 53 43 55 45 4c 41 20 44 45 20 41 56 49 41 43 49 4f 4e 20 43 41 4e 43 55 4e 20 2d 20 56 69 64 65 6f 73 22 2c 22 61 63 63 65 73 73 6f 72 79 22 3a 6e 75 6c 6c 2c 22 66 61 76 69 63 6f 6e 22 3a 6e 75 6c 6c 7d 2c 22 70 72 65 66 65 74 63 68 61 62 6c 65 22 3a 74 72 75 65 2c 22 65 6e 74 69 74 79 4b 65 79 43 6f 6e 66 69 67 22 3a 7b 22 65 6e 74 69 74 79 5f 74 79 70 65 22 3a 7b 22 73 6f 75 72 63 65 22 3a 22 63 6f 6e 73 74 61 6e 74 22 2c 22 76 61 6c 75 65 22 3a 22 70 61 67 65 22 7d 2c 22 65 6e 74 69 74 79 5f 69 64 22 3a 7b 22 73 6f 75 72
                                                Data Ascii: listRoot.entrypoint"}},"tracePolicy":"comet.watch.playlist","meta":{"title":"ESCUELA DE AVIACION CANCUN - Videos","accessory":null,"favicon":null},"prefetchable":true,"entityKeyConfig":{"entity_type":{"source":"constant","value":"page"},"entity_id":{"sour
                                                2024-07-03 13:47:10 UTC1500INData Raw: 74 65 50 61 74 68 22 3a 22 2f 77 61 74 63 68 2f 7b 3f 69 64 6f 72 76 61 6e 69 74 79 7d 2f 22 7d 5d 7d 7d 2c 22 2f 77 61 74 63 68 2f 31 30 30 30 36 36 35 37 35 32 33 36 33 30 35 2f 3f 5f 5f 63 66 74 5f 5f 5b 30 5d 3d 41 5a 56 70 7a 4b 71 6b 33 78 31 5a 66 39 68 67 67 77 4c 54 59 38 37 5f 37 5f 2d 63 61 4a 4a 56 73 57 6a 65 35 76 33 49 42 68 4b 44 2d 6f 69 48 36 66 2d 68 41 5a 43 42 54 55 37 49 4d 74 6a 32 6e 63 6c 67 2d 79 57 66 5f 53 30 5a 70 31 6a 7a 55 4f 48 74 2d 78 35 7a 64 79 50 69 50 57 36 42 31 47 79 72 36 32 36 77 76 79 6d 2d 4b 6a 72 39 38 70 4a 79 6b 51 31 58 77 65 39 38 61 61 79 51 4b 69 53 63 6d 30 52 30 69 33 6b 4a 55 72 35 4b 6c 41 4d 46 37 70 76 72 50 52 4f 5a 64 79 4a 77 75 58 6f 31 63 46 71 65 65 64 41 46 67 51 26 5f 5f 63 66 74 5f 5f 5b
                                                Data Ascii: tePath":"/watch/{?idorvanity}/"}]}},"/watch/100066575236305/?__cft__[0]=AZVpzKqk3x1Zf9hggwLTY87_7_-caJJVsWje5v3IBhKD-oiH6f-hAZCBTU7IMtj2nclg-yWf_S0Zp1jzUOHt-x5zdyPiPW6B1Gyr626wvym-Kjr98pJykQ1Xwe98aayQKiScm0R0i3kJUr5KlAMF7pvrPROZdyJwuXo1cFqeedAFgQ&__cft__[
                                                2024-07-03 13:47:10 UTC1500INData Raw: 61 63 65 22 3a 22 77 61 74 63 68 22 7d 2c 22 63 61 6e 6f 6e 69 63 61 6c 55 72 6c 22 3a 22 2f 77 61 74 63 68 2f 65 74 61 65 73 63 75 65 6c 61 64 65 61 76 69 61 63 69 6f 6e 63 61 6e 63 75 6e 2f 3f 5f 5f 63 66 74 5f 5f 5c 75 30 30 32 35 35 42 30 5c 75 30 30 32 35 35 44 3d 41 5a 56 70 7a 4b 71 6b 33 78 31 5a 66 39 68 67 67 77 4c 54 59 38 37 5f 37 5f 2d 63 61 4a 4a 56 73 57 6a 65 35 76 33 49 42 68 4b 44 2d 6f 69 48 36 66 2d 68 41 5a 43 42 54 55 37 49 4d 74 6a 32 6e 63 6c 67 2d 79 57 66 5f 53 30 5a 70 31 6a 7a 55 4f 48 74 2d 78 35 7a 64 79 50 69 50 57 36 42 31 47 79 72 36 32 36 77 76 79 6d 2d 4b 6a 72 39 38 70 4a 79 6b 51 31 58 77 65 39 38 61 61 79 51 4b 69 53 63 6d 30 52 30 69 33 6b 4a 55 72 35 4b 6c 41 4d 46 37 70 76 72 50 52 4f 5a 64 79 4a 77 75 58 6f 31 63
                                                Data Ascii: ace":"watch"},"canonicalUrl":"/watch/etaescueladeaviacioncancun/?__cft__\u00255B0\u00255D=AZVpzKqk3x1Zf9hggwLTY87_7_-caJJVsWje5v3IBhKD-oiH6f-hAZCBTU7IMtj2nclg-yWf_S0Zp1jzUOHt-x5zdyPiPW6B1Gyr626wvym-Kjr98pJykQ1Xwe98aayQKiScm0R0i3kJUr5KlAMF7pvrPROZdyJwuXo1c
                                                2024-07-03 13:47:10 UTC1500INData Raw: 73 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 4c 4f 45 56 69 64 65 6f 50 65 72 6d 61 6c 69 6e 6b 52 6f 6f 74 2e 65 6e 74 72 79 70 6f 69 6e 74 22 7d 2c 7b 22 5f 5f 6a 73 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 52 6f 6f 74 2e 72 65 61 63 74 22 7d 2c 7b 22 5f 5f 6a 73 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 46 65 65 64 52 6f 6f 74 2e 72 65 61 63 74 22 7d 2c 7b 22 5f 5f 6a 73 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 4e 65 77 50 65 72 6d 61 6c 69 6e 6b 48 65 72 6f 55 6e 69 74 2e 72 65 61 63 74 22 7d 5d 2c 22 72 65 73 6f 75 72 63 65 22 3a 7b 22 5f 5f 6a 73 72 22 3a 22 43 6f 6d 65 74 56 69 64 65 6f 48 6f 6d 65 4c 4f 45 56 69 64 65 6f 50 65 72 6d 61 6c 69 6e 6b 52 6f 6f 74 2e 72 65 61 63 74 22 7d 2c 22 70 72 6f
                                                Data Ascii: sr":"CometVideoHomeLOEVideoPermalinkRoot.entrypoint"},{"__jsr":"CometVideoHomeRoot.react"},{"__jsr":"CometVideoHomeFeedRoot.react"},{"__jsr":"CometVideoHomeNewPermalinkHeroUnit.react"}],"resource":{"__jsr":"CometVideoHomeLOEVideoPermalinkRoot.react"},"pro


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                74192.168.2.549802157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:09 UTC712OUTGET /v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=824&byteend=951 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC696INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=824&byteend=951
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:10 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                75192.168.2.549808157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC694OUTGET /v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=906&byteend=89068 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC678INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=906&byteend=89068
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:10 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                76192.168.2.549801157.240.0.354432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC911OUTPOST /ajax/bulk-route-definitions/ HTTP/1.1
                                                Host: www.facebook.com
                                                Connection: keep-alive
                                                Content-Length: 892
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Content-Type: application/x-www-form-urlencoded
                                                X-FB-LSD: AVqIzvvP8QI
                                                sec-ch-ua-platform-version: "10.0.0"
                                                X-ASBD-ID: 129477
                                                sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                sec-ch-ua-model: ""
                                                sec-ch-prefers-color-scheme: light
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/video
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC892OUTData Raw: 72 6f 75 74 65 5f 75 72 6c 73 5b 30 5d 3d 25 32 46 72 65 65 6c 25 32 46 32 35 31 31 33 36 33 33 38 39 32 35 31 35 35 39 25 32 46 25 33 46 73 25 33 44 69 66 75 26 72 6f 75 74 65 5f 75 72 6c 73 5b 31 5d 3d 25 32 46 72 65 65 6c 25 32 46 37 36 37 34 34 38 30 35 38 36 30 32 30 39 30 25 32 46 25 33 46 73 25 33 44 69 66 75 26 72 6f 75 74 65 5f 75 72 6c 73 5b 32 5d 3d 25 32 46 72 65 65 6c 25 32 46 34 38 33 38 35 31 32 32 37 33 37 37 31 34 39 25 32 46 25 33 46 73 25 33 44 69 66 75 26 72 6f 75 74 65 5f 75 72 6c 73 5b 33 5d 3d 25 32 46 72 65 65 6c 25 32 46 37 36 35 34 31 34 31 34 35 36 36 39 33 33 34 25 32 46 25 33 46 73 25 33 44 69 66 75 26 72 6f 75 74 69 6e 67 5f 6e 61 6d 65 73 70 61 63 65 3d 66 62 5f 63 6f 6d 65 74 26 5f 5f 61 61 69 64 3d 30 26 5f 5f 75 73 65 72
                                                Data Ascii: route_urls[0]=%2Freel%2F2511363389251559%2F%3Fs%3Difu&route_urls[1]=%2Freel%2F767448058602090%2F%3Fs%3Difu&route_urls[2]=%2Freel%2F483851227377149%2F%3Fs%3Difu&route_urls[3]=%2Freel%2F765414145669334%2F%3Fs%3Difu&routing_namespace=fb_comet&__aaid=0&__user
                                                2024-07-03 13:47:10 UTC994INHTTP/1.1 200 OK
                                                Content-Type: text/javascript; charset=utf-8
                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown&brsid=7387405725594603130", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown&brsid=7387405725594603130"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                2024-07-03 13:47:10 UTC1859INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27
                                                Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net '
                                                2024-07-03 13:47:10 UTC2009INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 61 74 74 65 72 79 3d 28 73 65 6c 66 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f
                                                Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewpo
                                                2024-07-03 13:47:10 UTC21INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a
                                                Data Ascii: Connection: close
                                                2024-07-03 13:47:10 UTC2986INData Raw: 32 66 61 37 0d 0a 66 6f 72 20 28 3b 3b 29 3b 7b 22 70 61 79 6c 6f 61 64 22 3a 7b 22 70 61 79 6c 6f 61 64 73 22 3a 7b 22 2f 72 65 65 6c 2f 32 35 31 31 33 36 33 33 38 39 32 35 31 35 35 39 2f 3f 73 3d 69 66 75 22 3a 7b 22 65 72 72 6f 72 22 3a 66 61 6c 73 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 72 6f 75 74 65 5f 64 65 66 69 6e 69 74 69 6f 6e 22 2c 22 65 78 70 6f 72 74 73 22 3a 7b 22 61 63 74 6f 72 49 44 22 3a 22 30 22 2c 22 72 6f 6f 74 56 69 65 77 22 3a 7b 22 61 6c 6c 52 65 73 6f 75 72 63 65 73 22 3a 5b 7b 22 5f 5f 6a 73 72 22 3a 22 46 42 52 65 65 6c 73 52 6f 6f 74 2e 72 65 61 63 74 22 7d 2c 7b 22 5f 5f 6a 73 72 22 3a 22 46 42 52 65 65 6c 73 52 6f 6f 74 2e 65 6e 74 72 79 70 6f 69 6e 74 22 7d 5d 2c 22 72 65 73 6f 75 72 63 65 22 3a 7b 22 5f
                                                Data Ascii: 2fa7for (;;);{"payload":{"payloads":{"/reel/2511363389251559/?s=ifu":{"error":false,"result":{"type":"route_definition","exports":{"actorID":"0","rootView":{"allResources":[{"__jsr":"FBReelsRoot.react"},{"__jsr":"FBReelsRoot.entrypoint"}],"resource":{"_
                                                2024-07-03 13:47:10 UTC1500INData Raw: 5f 69 64 73 22 3a 6e 75 6c 6c 2c 22 70 61 67 65 5f 69 64 22 3a 6e 75 6c 6c 2c 22 68 69 64 65 5f 6e 65 78 74 22 3a 66 61 6c 73 65 2c 22 6d 69 62 65 78 74 69 64 22 3a 6e 75 6c 6c 2c 22 73 68 61 72 65 5f 75 72 6c 22 3a 6e 75 6c 6c 7d 2c 22 72 6f 75 74 65 50 61 72 61 6d 73 22 3a 7b 22 76 69 64 65 6f 5f 69 64 22 3a 7b 22 6c 65 67 61 63 79 4e 61 6d 65 73 22 3a 5b 5d 2c 22 64 65 66 61 75 6c 74 22 3a 6e 75 6c 6c 2c 22 70 61 74 68 22 3a 74 72 75 65 2c 22 73 69 67 6e 69 66 69 63 61 6e 74 22 3a 74 72 75 65 2c 22 63 6f 65 72 63 69 62 6c 65 54 79 70 65 22 3a 22 53 54 52 49 4e 47 22 7d 2c 22 73 22 3a 7b 22 6c 65 67 61 63 79 4e 61 6d 65 73 22 3a 5b 5d 2c 22 64 65 66 61 75 6c 74 22 3a 6e 75 6c 6c 2c 22 70 61 74 68 22 3a 66 61 6c 73 65 2c 22 73 69 67 6e 69 66 69 63 61 6e
                                                Data Ascii: _ids":null,"page_id":null,"hide_next":false,"mibextid":null,"share_url":null},"routeParams":{"video_id":{"legacyNames":[],"default":null,"path":true,"significant":true,"coercibleType":"STRING"},"s":{"legacyNames":[],"default":null,"path":false,"significan
                                                2024-07-03 13:47:10 UTC1500INData Raw: 73 74 61 6e 74 22 2c 22 76 61 6c 75 65 22 3a 22 72 65 65 6c 22 7d 2c 22 65 6e 74 69 74 79 5f 69 64 22 3a 7b 22 73 6f 75 72 63 65 22 3a 22 70 61 72 61 6d 22 2c 22 76 61 6c 75 65 22 3a 22 76 69 64 65 6f 5f 69 64 22 7d 7d 2c 22 68 6f 73 74 61 62 6c 65 56 69 65 77 22 3a 7b 22 61 6c 6c 52 65 73 6f 75 72 63 65 73 22 3a 5b 7b 22 5f 5f 6a 73 72 22 3a 22 46 42 52 65 65 6c 73 52 6f 6f 74 2e 72 65 61 63 74 22 7d 2c 7b 22 5f 5f 6a 73 72 22 3a 22 46 42 52 65 65 6c 73 52 6f 6f 74 2e 65 6e 74 72 79 70 6f 69 6e 74 22 7d 5d 2c 22 72 65 73 6f 75 72 63 65 22 3a 7b 22 5f 5f 6a 73 72 22 3a 22 46 42 52 65 65 6c 73 52 6f 6f 74 2e 72 65 61 63 74 22 7d 2c 22 70 72 6f 70 73 22 3a 7b 7d 2c 22 65 6e 74 72 79 50 6f 69 6e 74 22 3a 7b 22 5f 5f 64 72 22 3a 22 46 42 52 65 65 6c 73 52 6f
                                                Data Ascii: stant","value":"reel"},"entity_id":{"source":"param","value":"video_id"}},"hostableView":{"allResources":[{"__jsr":"FBReelsRoot.react"},{"__jsr":"FBReelsRoot.entrypoint"}],"resource":{"__jsr":"FBReelsRoot.react"},"props":{},"entryPoint":{"__dr":"FBReelsRo
                                                2024-07-03 13:47:10 UTC1500INData Raw: 7d 7d 2c 22 72 6f 75 74 65 50 61 74 68 22 3a 22 2f 72 65 65 6c 2f 7b 3f 76 69 64 65 6f 5f 69 64 7d 2f 22 7d 5d 7d 7d 2c 22 2f 72 65 65 6c 2f 37 36 35 34 31 34 31 34 35 36 36 39 33 33 34 2f 3f 73 3d 69 66 75 22 3a 7b 22 65 72 72 6f 72 22 3a 66 61 6c 73 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 74 79 70 65 22 3a 22 72 6f 75 74 65 5f 64 65 66 69 6e 69 74 69 6f 6e 22 2c 22 65 78 70 6f 72 74 73 22 3a 7b 22 61 63 74 6f 72 49 44 22 3a 22 30 22 2c 22 72 6f 6f 74 56 69 65 77 22 3a 7b 22 61 6c 6c 52 65 73 6f 75 72 63 65 73 22 3a 5b 7b 22 5f 5f 6a 73 72 22 3a 22 46 42 52 65 65 6c 73 52 6f 6f 74 2e 72 65 61 63 74 22 7d 2c 7b 22 5f 5f 6a 73 72 22 3a 22 46 42 52 65 65 6c 73 52 6f 6f 74 2e 65 6e 74 72 79 70 6f 69 6e 74 22 7d 5d 2c 22 72 65 73 6f 75 72 63 65 22 3a 7b 22 5f
                                                Data Ascii: }},"routePath":"/reel/{?video_id}/"}]}},"/reel/765414145669334/?s=ifu":{"error":false,"result":{"type":"route_definition","exports":{"actorID":"0","rootView":{"allResources":[{"__jsr":"FBReelsRoot.react"},{"__jsr":"FBReelsRoot.entrypoint"}],"resource":{"_
                                                2024-07-03 13:47:10 UTC1500INData Raw: 67 61 63 79 4e 61 6d 65 73 22 3a 5b 5d 2c 22 64 65 66 61 75 6c 74 22 3a 6e 75 6c 6c 2c 22 70 61 74 68 22 3a 66 61 6c 73 65 2c 22 73 69 67 6e 69 66 69 63 61 6e 74 22 3a 74 72 75 65 2c 22 63 6f 65 72 63 69 62 6c 65 54 79 70 65 22 3a 22 53 54 52 49 4e 47 22 7d 2c 22 70 61 67 65 5f 69 64 22 3a 7b 22 6c 65 67 61 63 79 4e 61 6d 65 73 22 3a 5b 5d 2c 22 64 65 66 61 75 6c 74 22 3a 6e 75 6c 6c 2c 22 70 61 74 68 22 3a 66 61 6c 73 65 2c 22 73 69 67 6e 69 66 69 63 61 6e 74 22 3a 66 61 6c 73 65 2c 22 63 6f 65 72 63 69 62 6c 65 54 79 70 65 22 3a 22 53 54 52 49 4e 47 22 7d 2c 22 68 69 64 65 5f 6e 65 78 74 22 3a 7b 22 6c 65 67 61 63 79 4e 61 6d 65 73 22 3a 5b 5d 2c 22 64 65 66 61 75 6c 74 22 3a 66 61 6c 73 65 2c 22 70 61 74 68 22 3a 66 61 6c 73 65 2c 22 73 69 67 6e 69 66
                                                Data Ascii: gacyNames":[],"default":null,"path":false,"significant":true,"coercibleType":"STRING"},"page_id":{"legacyNames":[],"default":null,"path":false,"significant":false,"coercibleType":"STRING"},"hide_next":{"legacyNames":[],"default":false,"path":false,"signif
                                                2024-07-03 13:47:10 UTC1500INData Raw: 22 63 22 3a 31 2c 22 70 22 3a 22 3a 34 35 22 7d 2c 22 48 75 79 65 59 52 61 22 3a 7b 22 74 79 70 65 22 3a 22 6a 73 22 2c 22 73 72 63 22 3a 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 33 69 72 79 35 34 2f 79 77 2f 6c 2f 65 6e 5f 47 42 2f 2d 49 4f 46 74 47 39 5f 54 6b 4c 2e 6a 73 3f 5f 6e 63 5f 78 3d 49 6a 33 57 70 38 6c 67 35 4b 7a 22 2c 22 63 22 3a 31 2c 22 70 22 3a 22 3a 32 31 36 22 7d 2c 22 63 73 72 3a 5f 37 5f 32 5f 54 57 22 3a 7b 22 74 79 70 65 22 3a 22 63 73 72 22 2c 22 73 72 63 22 3a 22 3a 34 34 2c 32 34 2c 32 37 2c 33 31 2c 33 32 2c 35 36 2c 32 30 2c 31 38 2c 35 30 2c 33 38 2c 33 37 2c 33 30 2c 38 2c 34 31 2c 33 35 2c 35 37 2c 35 32 2c 35 22 2c 22 63 22 3a 31 7d 2c 22 6c 6f 76
                                                Data Ascii: "c":1,"p":":45"},"HuyeYRa":{"type":"js","src":"https://static.xx.fbcdn.net/rsrc.php/v3iry54/yw/l/en_GB/-IOFtG9_TkL.js?_nc_x=Ij3Wp8lg5Kz","c":1,"p":":216"},"csr:_7_2_TW":{"type":"csr","src":":44,24,27,31,32,56,20,18,50,38,37,30,8,41,35,57,52,5","c":1},"lov


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                77192.168.2.549797157.240.0.354432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC1156OUTPOST /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=8&__rev=1014647652&__s=hnigsi%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C3 HTTP/1.1
                                                Host: www.facebook.com
                                                Connection: keep-alive
                                                Content-Length: 1537
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryG1xJJdNBwzKlLGXv
                                                sec-ch-ua-platform-version: "10.0.0"
                                                sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                sec-ch-ua-model: ""
                                                sec-ch-prefers-color-scheme: light
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/video
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC1537OUTData Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 47 31 78 4a 4a 64 4e 42 77 7a 4b 6c 4c 47 58 76 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 73 22 0d 0a 0d 0a 31 37 32 30 30 31 34 34 32 38 31 32 36 0d 0a 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 47 31 78 4a 4a 64 4e 42 77 7a 4b 6c 4c 47 58 76 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 6f 73 74 5f 30 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 62 6c 6f 62 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 78 9c ed 56 51
                                                Data Ascii: ------WebKitFormBoundaryG1xJJdNBwzKlLGXvContent-Disposition: form-data; name="ts"1720014428126------WebKitFormBoundaryG1xJJdNBwzKlLGXvContent-Disposition: form-data; name="post_0"; filename="blob"Content-Type: application/octet-streamxVQ
                                                2024-07-03 13:47:10 UTC948INHTTP/1.1 200 OK
                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown&brsid=7387405726307321818", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown&brsid=7387405726307321818"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                2024-07-03 13:47:10 UTC1859INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27
                                                Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net '
                                                2024-07-03 13:47:10 UTC2003INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 61 74 74 65 72 79 3d 28 73 65 6c 66 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f
                                                Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewpo
                                                2024-07-03 13:47:10 UTC40INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 0d 0a
                                                Data Ascii: Connection: closeContent-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                78192.168.2.549819157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC696OUTGET /v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=0&byteend=825 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC680INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=0&byteend=825
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:10 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                79192.168.2.549820157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC907OUTGET /v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=894&byteend=366721 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC247INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 01:19:35 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 2477213452
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                2024-07-03 13:47:10 UTC2649INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 73 70 6f 6e 73 65 5f 6f 6b 3b 20 65 5f 66 62 5f 63 6f 6e 66 69 67 76 65 72 73 69 6f 6e 3d 22 41 63 4c 6b 72 6f 78 69 2d 6a 35 34 45 33 77 6b 46 72 74 62 47 42 7a 52 48 4d 48 4b 64 75 50 37 5f 77 6a 7a 30 34 44 32 62 4c 41 5f 76 76 46 61 59 6b 73 6f 4d 78 72 53 6c 37 56 72 41 67 22 3b 20 65 5f 66 62 5f 76 69 70 70 6f 72 74 3d 22 41 63 4b 65 6d 35 58 6b 41 6e 4c 32 76 70 68 30 79 74 66 4b 58 69 57 70 5a 54 7a 70 78 79 44 63 31 41 71 49 6f 4f 37 46 69 43 67 63 6c 6b 6d 61 77 6a 4b 6d 33 49 5a 7a 2d 34 36 63 22 3b 20 65 5f 66 62 5f 70 72 6f 78 79 63 6f 64 65 3d 22 41 63 4a 4a 63 32 30 66 72 76 64 4b 57 43 41 67 65 61 30 50 61 70 75 65 70 42 49 47 72 66 58 64 6b 53 72 4d 47 64 4b 75 58 76 68 63 56
                                                Data Ascii: Proxy-Status: http_response_ok; e_fb_configversion="AcLkroxi-j54E3wkFrtbGBzRHMHKduP7_wjz04D2bLA_vvFaYksoMxrSl7VrAg"; e_fb_vipport="AcKem5XkAnL2vph0ytfKXiWpZTzpxyDc1AqIoO7FiCgclkmawjKm3IZz-46c"; e_fb_proxycode="AcJJc20frvdKWCAgea0PapuepBIGrfXdkSrMGdKuXvhcV
                                                2024-07-03 13:47:10 UTC193INData Raw: 58 2d 46 42 2d 43 6f 6e 6e 65 63 74 69 6f 6e 2d 51 75 61 6c 69 74 79 3a 20 45 58 43 45 4c 4c 45 4e 54 3b 20 71 3d 30 2e 39 2c 20 72 74 74 3d 33 32 2c 20 72 74 78 3d 30 2c 20 63 3d 31 34 2c 20 6d 73 73 3d 31 33 39 32 2c 20 74 62 77 3d 33 34 31 31 2c 20 74 70 3d 2d 31 2c 20 74 70 6c 3d 2d 31 2c 20 75 70 6c 61 74 3d 31 2c 20 75 6c 6c 61 74 3d 2d 31 0d 0a 41 6c 74 2d 53 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 33 36 35 38 32 38 0d 0a 0d 0a
                                                Data Ascii: X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=1, ullat=-1Alt-Svc: h3=":443"; ma=86400Connection: closeContent-Length: 365828
                                                2024-07-03 13:47:10 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:10 UTC1500INData Raw: 00 02 bc 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 02 a4 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 02 00 00 01 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 02 70 74 72 75 6e 00 00 02 05 00 00 00 96 00 00 02 c4 00 00 00 00 00 00 9c 48 00 00 2f 78 00 00 00 03 00 00 01 1f 00 00 00 03 00 00 04 29 00 00 00 03 00 00 01 18 00 00 00 03 00 00 0a 43 00 00 00 03 00 00 01 2d 00 00 00 03 00 00 06 73 00 00 00 03 00 00 01 d3 00 00 00 03 00 00 4a aa 00 00 00 03 00 00 00 f8 00 00 00 03 00 00 03 ed 00 00 00 03 00 00 00 ec 00 00 00 03 00 00 0c 11 00 00 00 03 00 00 01 06 00 00 00 03 00 00 07 d9 00 00 00 03 00 00 02 1d 00 00 00 03 00 00 4b 3c 00 00 00 03 00 00 01 8a 00 00 00 03 00 00 06 4e 00 00 00 03
                                                Data Ascii: moofmfhdtraftfhd*tfdtptrunH/x)C-sJK<N
                                                2024-07-03 13:47:10 UTC15438INData Raw: 84 ff 39 4b 81 c6 aa 18 c1 64 d0 81 56 07 43 ed 2b f2 08 4b c3 fd 75 67 5d e7 7f f2 d0 af 23 e2 65 72 ca d2 96 99 0d 88 d4 a4 24 27 9b 28 82 ff 90 1e 8e ed 51 80 5b 91 f6 19 c2 39 5a a3 d8 78 55 6f 2e 21 bd 6e 61 1d c7 78 8b de 5a 77 27 fb c1 a8 23 ab 36 2c 82 28 5b 81 9b ca 33 b4 9d bd e9 4f e8 6c 5e 4f 63 08 b1 3b 25 c6 50 e3 f4 6c 3a 65 4b 42 81 1d d7 fc 63 8d 92 8e b4 50 e5 47 31 0d e7 09 9e 5c 2e 02 89 3c 5c cd 95 bb 32 dd 2d 83 9f 10 6f fc 6a 2e 8b b0 dc 92 87 73 10 0d f0 32 cb 34 de e3 c5 f0 51 3c 4a 86 a9 53 bf 28 43 36 53 15 6d 8b 20 ef 4e da 09 d2 93 69 b8 5b ee 80 89 f5 59 53 09 fb a0 b4 59 80 84 33 e4 58 ea 80 40 0f f8 92 24 aa 3e e0 f7 5f 17 92 0f 7a 38 af 6e 55 0c 63 f8 78 4c 3b c8 e4 3c 0c 8e 69 d0 07 8b c7 f7 76 e5 9e 98 da fc 41 f1 9b cc
                                                Data Ascii: 9KdVC+Kug]#er$'(Q[9ZxUo.!naxZw'#6,([3Ol^Oc;%Pl:eKBcPG1\.<\2-oj.s24Q<JS(C6Sm Ni[YSY3X@$>_z8nUcxL;<ivA
                                                2024-07-03 13:47:10 UTC16384INData Raw: f6 88 52 a4 fa 6b 3f 0d 79 60 f0 e5 f7 62 59 b7 25 1e 96 55 c1 95 02 7f b6 d4 8a 79 37 0f 9d 0e fa 5d d2 82 cb 38 52 80 6e f5 ce 70 30 57 82 e6 77 64 48 38 6d 0b 4d 2a 7e a2 b8 5a 5c 8a 04 b5 62 2a b3 53 c7 60 40 e0 e0 2d 0f 6b c7 96 8b cd 65 2c 30 a9 7c 6e 76 60 40 cd 8a a5 26 fa b4 ea 3e 2b a3 cf 63 47 dc 08 76 bc c1 c5 a6 a0 de 5e b4 0d f8 d2 74 33 b3 db e0 df 98 41 3f 9c 47 f1 c0 7e 5a 58 14 c3 c9 25 ec de 83 51 82 8a 80 b4 29 52 8e 9f 5e c1 4d fc c7 72 8d cd 1b 67 7a ae df 94 a8 d3 f0 cf 6b d2 0f c5 0d c6 85 49 18 bc 13 8c 26 1b d5 ee d4 1a b1 67 c7 85 78 11 c8 d8 52 80 31 a4 6a 9b 9f 3a 51 5e a8 2d 0f 30 4e b2 eb d0 93 4e c8 fd af 19 d6 03 f8 a3 3e 44 6c 17 f9 18 e4 61 45 e7 fb 40 47 d8 37 bb b8 67 1d e2 9b d3 ce 7e dc 3b 71 3c dc d6 53 73 1b 3e 14
                                                Data Ascii: Rk?y`bY%Uy7]8Rnp0WwdH8mM*~Z\b*S`@-ke,0|nv`@&>+cGv^t3A?G~ZX%Q)R^MrgzkI&gxR1j:Q^-0NN>DlaE@G7g~;q<Ss>
                                                2024-07-03 13:47:10 UTC16384INData Raw: 0e 9a 7a 0f 9b ae 56 33 7f 07 9a 9c c1 1b 6f 77 10 0e e2 c9 ae ab a3 25 6a 6a 6c 6e d8 74 86 e2 e8 46 85 da 26 74 b0 67 b2 b4 46 38 17 89 46 32 7e 53 60 e6 2f 36 c6 51 05 6c 12 17 eb 68 f6 41 53 d1 f1 e0 71 73 48 ef 16 f0 59 6b 23 32 8e e2 21 85 a7 e0 88 68 5c 2e 74 7f 14 87 0a f1 13 37 57 e8 82 71 5f b0 24 9b e6 0b ba 81 7d 58 19 73 23 2f 71 5a 38 b2 9d 00 60 26 09 71 6d 02 58 1b 45 18 73 7e 93 ab d2 d7 16 e0 0b 4a e1 99 9d 29 ef 65 9b 9d 5d a0 bf 4e 02 f9 89 f0 20 ec e1 67 bb 5c 26 a5 d2 88 23 52 c8 2b 43 50 5a 06 41 53 21 29 b0 b0 95 c6 6e 80 09 bb ff b7 ee 74 93 3d e2 d2 e5 d9 7d 55 42 d0 fe 93 da c8 50 f7 eb 65 5c 30 18 57 f1 63 e5 11 66 fa 98 5e 6f 29 ca cf 87 ac 5c e8 ef 36 7c e8 b1 2a 2a a4 99 91 f6 40 00 ea 50 60 dd 73 00 e8 55 54 5e 62 58 18 40
                                                Data Ascii: zV3ow%jjlntF&tgF8F2~S`/6QlhASqsHYk#2!h\.t7Wq_$}Xs#/qZ8`&qmXEs~J)e]N g\&#R+CPZAS!)nt=}UBPe\0Wcf^o)\6|**@P`sUT^bX@
                                                2024-07-03 13:47:10 UTC14935INData Raw: 55 9b c9 0f c5 61 c5 4d 1f 65 1b 9a 2e 27 04 00 89 fa 5c c4 b3 d4 e4 d8 84 37 63 22 03 f0 9d 6a a2 b6 90 7e a6 d3 43 a2 fa 36 0a 3b 4b 53 c7 fc c9 af 17 2a 51 a9 c0 ba 31 ed 12 5e f2 b7 33 63 36 c7 0f 99 bc 02 e2 6b 77 43 ca 1e c2 3c c2 11 ff 01 b4 72 e7 44 62 9a 8a db 89 8b 40 83 c2 87 03 1d 05 ae a0 5e d0 75 ee 66 69 3d 60 8f 78 72 f1 cd ca f3 1a 85 d1 98 2e 33 02 45 c7 36 d5 b6 18 d4 6c 59 a9 b1 e4 0d c6 97 d0 74 f6 5f c1 3e 00 48 78 25 67 16 2d 99 22 ef d5 81 e8 a5 54 0b c3 e7 95 46 1a c3 e3 9d 91 b5 32 3b 18 8a 05 bc 27 f8 10 61 14 ae 8c 2f b3 14 9b 32 84 45 52 b7 17 6e bc a5 ea c0 a9 7e 68 1c 61 64 f9 53 43 29 31 c5 69 d4 75 d7 a4 58 1d 44 62 60 70 12 f9 1c 43 cd d0 29 97 04 34 cc 38 2c f8 6f d9 ce eb 46 68 ba 0d 72 ab 0b 9f 6b ab 70 62 1f 16 bc 14
                                                Data Ascii: UaMe.'\7c"j~C6;KS*Q1^3c6kwC<rDb@^ufi=`xr.3E6lYt_>Hx%g-"TF2;'a/2ERn~hadSC)1iuXDb`pC)48,oFhrkpb
                                                2024-07-03 13:47:10 UTC1500INData Raw: bc 9b 97 82 3c 27 0b 89 a9 b6 0b 34 8c 9f 36 94 e4 19 30 c5 4f 9f e1 cd 27 5d 58 54 06 df bc 25 95 40 21 fa 86 df ac 6b f6 6a 63 c5 5d ae ef ce 71 71 b8 83 8b 5e ab f5 d7 67 05 6b 9e f1 e3 99 df 28 84 06 63 1c 80 f0 59 5a bf 17 07 8c c0 2b be df 07 30 9e 3f 9c e7 a9 09 23 8f 68 9e 66 27 d8 fa 20 25 b9 b8 d8 26 49 49 00 d7 ee f2 8c 57 b0 35 1f 68 9e 30 d0 a9 72 ca 6f ca 4b 06 4c 08 c6 32 93 16 f9 38 a0 3f 04 b2 8f 3e 7e 55 60 f5 8c a9 76 54 19 87 98 af b2 f8 03 1b 19 ea d6 08 b7 86 9f a0 2c 7c 8f 4b 85 6a d6 4b a6 18 5b 10 ef d3 ef fa 90 dd 07 fb 6b 46 4c 73 f8 3e 3d e7 f5 93 74 12 89 61 05 9e f7 98 5a 28 c0 39 b1 56 3e fa 2f c6 eb 3e 12 fb 80 e9 90 f4 a2 92 37 2a 19 cd 02 5a ab f0 13 6b fd 43 84 16 95 bb 7c 2b a6 f6 2a 41 97 e7 00 2d b6 b9 4b bd b7 0e cb
                                                Data Ascii: <'460O']XT%@!kjc]qq^gk(cYZ+0?#hf' %&IIW5h0roKL28?>~U`vT,|KjK[kFLs>=taZ(9V>/>7*ZkC|+*A-K
                                                2024-07-03 13:47:10 UTC16333INData Raw: d2 6d 11 49 65 f1 7e d2 d8 db 3b dd 49 d9 c1 ea 3b 80 2c 61 d2 71 c4 74 4e ee 55 da 8d 0b 7c 6e 25 06 d6 d4 35 0d ce b9 7b 01 b9 43 bb 08 39 e4 52 db 60 a0 d6 89 4a 4d ea 95 f2 9c 33 7d b1 c5 ab af ae 44 04 ab ba 55 7e 4e 87 3c d0 6e 4e 76 fe 73 e7 e8 85 6e 0a 9e ec cd 74 be 3c 75 be 7f e1 69 4c bf d6 f5 d2 2c 9e 20 89 6c 2b 56 e9 c1 e4 bf fa 77 d2 41 3d 29 c0 03 89 43 ab 8c c3 57 f3 f5 df 5e c3 09 46 39 d3 57 8e 19 a2 3b 89 35 39 4c 9a cb 3a e1 ca 50 b9 6f 73 25 60 a1 99 85 23 9f 3a 25 2f b3 e9 23 15 18 55 64 32 0e b5 0d 14 15 63 5c 26 9f 08 ed f9 d5 62 36 d4 24 37 11 cb ca f9 12 46 a9 85 fe 80 e4 98 16 eb 9d a5 4c 33 bc 0c 6d 5c f3 bc d4 86 46 dc c5 f1 81 9f 3c 5e 60 9f 81 3a 4d 1a 69 57 6f 2f 2a 95 1c c7 3e b7 4f c0 30 61 90 9f e5 41 14 d1 ca 92 13 c9
                                                Data Ascii: mIe~;I;,aqtNU|n%5{C9R`JM3}DU~N<nNvsnt<uiL, l+VwA=)CW^F9W;59L:Pos%`#:%/#Ud2c\&b6$7FL3m\F<^`:MiWo/*>O0aA


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                80192.168.2.549821157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC923OUTGET /v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=0&byteend=823 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC587INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 00:57:36 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 33493972
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:10 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 824
                                                2024-07-03 13:47:10 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:10 UTC823INData Raw: 00 00 24 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 63 6d 66 63 00 00 03 14 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 a7 af 80 e2 a7 af 80 00 00 ac 44 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61 6b 61 2d 70
                                                Data Ascii: $ftypmp41iso8isommp41dashcmfcmoovlmvhdD@meta hdlrID32`ID32ID3HPRIV>https://github.com/shaka-p


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                81192.168.2.54981831.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC691OUTGET /v/t39.25447-2/449744607_459862283322980_6029144762460813703_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJldmV2cDktcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=LlPyzkIP5XEQ7kNvgHJuUCd&_nc_ht=video-hou1-1.xx&oh=00_AYAjW869xKiZoErQUaRNDOrLLWh7lwZOD4IAVkDPOPy1rQ&oe=668B3F79&bytestart=874&byteend=48453 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC552INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 17:04:14 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 118353545
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:10 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 47580
                                                2024-07-03 13:47:10 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:10 UTC1500INData Raw: 00 02 bc 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 02 a4 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 02 00 00 01 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 02 70 74 72 75 6e 00 00 02 05 00 00 00 96 00 00 02 c4 00 00 00 00 00 00 1f 60 00 00 06 00 00 00 00 e2 00 00 00 20 00 00 01 23 00 00 01 17 00 00 01 2d 00 00 00 e6 00 00 00 e5 00 00 00 1b 00 00 01 0e 00 00 00 cc 00 00 00 d8 00 00 00 1c 00 00 00 b7 00 00 00 1b 00 00 00 1d 00 00 08 23 00 00 00 1a 00 00 01 1a 00 00 00 f7 00 00 01 11 00 00 00 f3 00 00 00 ef 00 00 00 1d 00 00 00 dc 00 00 01 24 00 00 00 f2 00 00 00 1e 00 00 01 15 00 00 01 50 00 00 00 4a 00 00 00 1d 00 00 01 bb 00 00 00 3b 00 00 00 4b 00 00 00 4d 00 00 00 45 00 00 00 1c
                                                Data Ascii: moofmfhdtraftfhd*tfdtptrun` #-#$PJ;KME
                                                2024-07-03 13:47:10 UTC15458INData Raw: 2f 8b 64 9d bf 14 34 12 35 f7 cb b0 84 45 42 d4 00 6e db ef 95 d4 85 7d 12 b4 83 42 68 19 04 02 40 a6 30 1f 58 36 a5 98 eb 28 93 70 77 1c 2a 72 d9 8f e3 5e ec 87 33 e1 4e 8a 01 fd ef ef d6 9d 71 14 0e e5 cf 44 96 22 da ca 3b 16 68 35 d2 d2 e0 f3 73 1f 0d aa f3 53 5c f9 0f 9f c5 fa 10 a0 1d 3b c8 d2 54 cc 0d a1 9b aa 70 cc d4 ab c5 7a 8e 36 85 c9 d6 f4 01 f0 a4 3f c6 3d c8 1e 1c 67 d9 b0 a7 5a 5e f3 b3 6f 24 84 d8 e5 cd e6 10 17 60 64 8c 60 5c 04 2e 6f 5b f5 12 ab 0f 36 39 43 7a ba 1a bd 40 db 45 d3 25 16 2d 9d a2 e0 b5 5b 8d ee fc 4d dc fa 06 63 62 20 04 76 72 f3 19 25 96 48 e8 41 5f c8 01 b6 03 e6 24 02 c0 d3 f6 59 1d 76 83 40 43 97 c9 78 b3 56 2b 8a 98 9e 69 aa 1b b0 7a c6 81 d4 a3 a6 65 fd 0a c1 cf a6 0b e5 b3 f8 ea a9 f2 59 b8 ab 36 17 9a 34 b4 65 0f
                                                Data Ascii: /d45EBn}Bh@0X6(pw*r^3NqD";h5sS\;Tpz6?=gZ^o$`d`\.o[69Cz@E%-[Mcb vr%HA_$Yv@CxV+izeY64e
                                                2024-07-03 13:47:10 UTC16384INData Raw: fd a4 a6 76 e3 5d e7 0f 67 5d 24 4e dd 28 47 5a 4e 14 e1 3e cd c3 92 84 18 ae 24 75 a7 fb 7f 3a 83 da b7 78 d7 f8 bb 78 98 d7 ad c6 42 9e be e2 cf 46 de 40 75 58 4c 9e f3 4c 1b 78 d4 2f dc 0e 96 86 3f 10 46 e7 51 7a 80 00 0a 70 ab 6b 58 00 5e 66 87 08 0e 0d 9b 7c 55 73 dd 2e 13 78 30 86 3f 10 46 e7 61 7a 80 00 0a 70 c8 cc f0 00 61 3e 1e c6 77 b1 c6 32 06 03 f1 49 4f d2 31 2d 19 43 57 8e 5d 11 0a 54 40 45 04 3a 26 12 ce 60 54 49 72 1c 30 e2 7e 35 f9 56 2b 2b bf 71 0a 89 e5 30 19 10 19 30 87 53 15 0b 1c 56 12 d6 08 13 a1 2a 8e 38 c3 ad 46 45 80 64 17 93 85 03 50 44 c0 36 03 e0 87 65 5f 52 a7 85 db e7 da 55 0b b4 f3 92 12 83 7f cd 91 6e 70 9b 52 a1 b1 e0 67 4c ea 20 7e 34 ea 17 00 2b 37 96 9b dc a0 42 b6 d2 0c 33 89 00 9f 5f d8 1d c6 fe 73 16 10 61 ec b3 74
                                                Data Ascii: v]g]$N(GZN>$u:xxBF@uXLLx/?FQzpkX^f|Us.x0?Fazpa>w2IO1-CW]T@E:&`TIr0~5V++q00SV*8FEdPD6e_RUnpRgL ~4+7B3_sat
                                                2024-07-03 13:47:10 UTC14237INData Raw: 88 2f 3c af be bd 3b 0b d7 2a da 79 06 ee fa ee d3 8c cf ad d7 9d 73 b4 e7 13 94 d1 a8 ad 08 c7 39 d7 97 04 2d 19 54 c5 7f be a5 f3 eb 45 46 9d 19 08 4f a2 6c 92 18 a1 07 c4 77 d5 5f c2 f8 9f 51 dd 20 60 72 c5 08 9a 47 e0 2b 2a 7c 79 c7 30 e3 a2 08 2d d6 e9 c5 15 d3 35 bd 98 e2 fa b8 ef 95 6f f8 82 29 23 4d d8 ce 1d 97 2c 6b ba fd 78 02 24 23 bb 4f 5c b4 55 84 37 ef ab 66 30 e7 b5 21 6f 09 87 ad 36 6b 96 42 6d 66 77 d3 51 9f ed 6d 57 4b 22 8b ab fa 41 e8 61 66 9b a2 9e b6 d4 77 b2 e0 61 3d 42 60 fc ae 37 a9 61 4f 9c 35 22 0f 81 4c 59 60 41 6e 04 38 d4 c4 01 a3 22 11 a0 92 06 46 a7 67 9a ed 50 c9 03 82 aa ab 06 04 a7 a2 d8 04 c2 8b 6e ae 55 96 c8 c6 60 5a 38 53 3d b6 4f 86 af b1 5a 30 29 85 91 38 e9 2f bd ad 3c e1 e1 63 23 eb 12 88 55 f7 52 f4 68 b6 46 4a
                                                Data Ascii: /<;*ys9-TEFOlw_Q `rG+*|y0-5o)#M,kx$#O\U7f0!o6kBmfwQmWK"Aafwa=B`7aO5"LY`An8"FgPnU`Z8S=OZ0)8/<c#URhFJ


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                82192.168.2.54981631.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC701OUTGET /v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=0&byteend=823 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC551INHTTP/1.1 200 OK
                                                Last-Modified: Wed, 26 Jun 2024 02:11:05 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 2554065408
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:10 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 824
                                                2024-07-03 13:47:10 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:10 UTC823INData Raw: 00 00 24 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 63 6d 66 63 00 00 03 14 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 a1 29 38 e2 a1 29 38 00 00 ac 44 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61 6b 61 2d 70
                                                Data Ascii: $ftypmp41iso8isommp41dashcmfcmoovlmvhd)8)8D@meta hdlrID32`ID32ID3HPRIV>https://github.com/shaka-p


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                83192.168.2.54982231.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC705OUTGET /v/t39.25447-2/449771776_797140345952587_3754630427050177788_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjozOTk4MjU3NDU4MTEzOTJ9&_nc_ohc=AftcvEajyaAQ7kNvgErNFhz&_nc_ht=video-hou1-1.xx&oh=00_AYDggeoSya7_wkIuwPLCKR5KMSE017d1AM2953HxQkZUYQ&oe=668B2AA8&bytestart=916&byteend=18791 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC553INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 20:00:43 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 4175100246
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:10 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=1, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=2, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 17876
                                                2024-07-03 13:47:10 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:10 UTC1500INData Raw: 00 01 44 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 01 2c 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 08 00 00 00 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 00 dc 74 72 75 6e 00 00 02 01 00 00 00 32 00 00 01 4c 00 00 01 55 00 00 01 55 00 00 02 1d 00 00 01 ab 00 00 01 85 00 00 01 8e 00 00 01 b1 00 00 01 74 00 00 01 56 00 00 01 40 00 00 01 5a 00 00 01 90 00 00 01 32 00 00 01 2d 00 00 01 32 00 00 01 a1 00 00 01 55 00 00 01 3f 00 00 01 22 00 00 01 54 00 00 01 49 00 00 01 2c 00 00 01 38 00 00 01 3e 00 00 01 48 00 00 01 3f 00 00 01 48 00 00 01 3d 00 00 01 c7 00 00 01 6a 00 00 01 79 00 00 01 5c 00 00 01 5d 00 00 01 54 00 00 01 28 00 00 01 2f 00 00 01 90 00 00 01 8e 00 00 01 56 00 00 01 4b
                                                Data Ascii: Dmoofmfhd,traftfhd*tfdttrun2LUUtV@Z2-2U?"TI,8>H?H=jy\]T(/VK
                                                2024-07-03 13:47:10 UTC15416INData Raw: a8 97 ba 50 82 44 2f aa 75 7d b8 bc ec 0a 5f 77 c7 6a 31 aa ed c4 45 80 65 2a 9d d6 ee e6 e6 7b 37 82 e8 08 41 a2 89 95 ba 62 f3 ec 09 4b 69 b5 79 f6 0a 8a 80 70 21 7b 55 45 8a 9d 63 a2 41 11 02 a4 94 22 86 aa ae 12 05 0b 20 40 60 2a 3b ba 87 c7 cc db 75 42 d6 bc 68 d9 6f e6 6d cd 4a 7d 63 6d 08 23 89 4a fc 1c cd 22 c3 f0 d1 c3 31 28 f8 a6 c4 70 d8 cc ee 08 33 33 a9 9b 48 1d db 0d 84 e8 05 00 b0 27 8c 9d d6 e9 0d 0a 89 e7 2e 4d 09 d8 c0 5e a5 da 49 c7 12 40 08 6a f5 12 68 55 b4 67 24 27 18 6c 59 e7 9a 33 25 4d 2e e6 ae fe e6 93 65 71 f8 7c e4 f5 30 99 72 c3 f8 db d4 99 67 96 7c ae 6b ad 3c 4f 48 d8 23 29 69 d8 6c 8d 19 5c db 19 2e 37 cb 87 f6 13 95 2b d7 0c 63 ec 3f 6a 88 dc 87 d6 49 9c 60 f7 2b 8b 62 5d d9 76 3d 52 9c e2 77 85 44 a8 a1 6c 49 41 60 a8 30
                                                Data Ascii: PD/u}_wj1Ee*{7AbKiyp!{UEcA" @`*;uBhomJ}cm#J"1(p33H'.M^I@jhUg$'lY3%M.eq|0rg|k<OH#)il\.7+c?jI`+b]v=RwDlIA`0
                                                2024-07-03 13:47:10 UTC959INData Raw: 02 f9 e9 b6 4a eb 97 96 2e 52 99 29 34 e7 ee fd ee 99 6a 8b 32 d6 fe 43 d4 7c 54 80 18 74 2e a7 46 a4 50 6b 70 71 ae 61 4a 0d fd c9 a1 9e 88 03 3b cb 57 44 a0 a2 55 4e d3 6a 49 68 c8 03 8d a3 12 77 fb aa ab e2 62 aa 95 d6 0a 4b 34 60 54 62 b1 31 3b 38 d7 30 aa 65 cd f1 0a 50 34 b4 aa 29 00 56 5b dc 20 96 d8 04 0e 57 7b eb ac 2c 28 ac 23 30 27 0a a1 2c 42 40 05 39 95 8d 2c 3b 3a 04 29 9b e9 40 05 9a bd 96 25 2b 56 1e ae 14 c8 fa a6 9a 44 b6 b1 2f 18 ad 4d 3e 62 17 81 15 9c fc 8f b5 f1 76 00 25 ad a5 c9 e6 56 52 03 0d bd 08 1f 7a fd fc 06 b6 d0 25 a1 41 19 6c 6d 82 31 02 60 a7 aa 80 13 22 a9 4a 45 8e e0 05 a2 04 4b 15 fb 72 33 bd ed 38 d8 44 0b dc 06 50 01 2c de a4 00 cb 09 44 02 b0 cb 8a f4 04 c0 37 88 68 86 3a 53 33 51 44 db eb 5a a5 c9 5e fd b5 49 7c a5
                                                Data Ascii: J.R)4j2C|Tt.FPkpqaJ;WDUNjIhwbK4`Tb1;80eP4)V[ W{,(#0',B@9,;:)@%+VD/M>bv%VRz%Alm1`"JEKr38DP,D7h:S3QDZ^I|


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                84192.168.2.549805157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC698OUTGET /v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=826&byteend=881 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC682INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=826&byteend=881
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:10 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                85192.168.2.54982831.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC705OUTGET /v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=904&byteend=18604 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC553INHTTP/1.1 200 OK
                                                Last-Modified: Wed, 26 Jun 2024 02:11:05 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 2554065408
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:10 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 17701
                                                2024-07-03 13:47:10 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:10 UTC1500INData Raw: 00 01 34 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 01 1c 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 08 00 00 00 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 00 cc 74 72 75 6e 00 00 02 01 00 00 00 2e 00 00 01 3c 00 00 01 73 00 00 01 74 00 00 01 73 00 00 01 ef 00 00 01 e5 00 00 01 d6 00 00 01 c3 00 00 01 b0 00 00 01 a3 00 00 01 90 00 00 01 8b 00 00 01 88 00 00 01 81 00 00 01 72 00 00 01 62 00 00 01 4d 00 00 01 56 00 00 01 7a 00 00 01 85 00 00 01 79 00 00 01 79 00 00 01 68 00 00 01 73 00 00 01 5d 00 00 01 69 00 00 01 94 00 00 01 6c 00 00 01 6f 00 00 01 5a 00 00 01 52 00 00 01 65 00 00 01 57 00 00 01 63 00 00 01 5a 00 00 01 79 00 00 01 65 00 00 01 9e 00 00 01 9d 00 00 01 6a 00 00 01 54
                                                Data Ascii: 4moofmfhdtraftfhd*tfdttrun.<stsrbMVzyyhs]iloZReWcZyejT
                                                2024-07-03 13:47:10 UTC15428INData Raw: 98 a4 28 fb bb a8 d8 e5 a6 04 a5 13 62 85 c2 f3 0e 0b 1c 94 fc 41 22 9f da b5 37 c5 31 4a e0 48 73 90 b9 9e 58 5a 61 b0 14 2f 13 c9 09 84 ac c5 8e d8 d2 31 1e 83 39 78 67 2b be d1 bc 02 b2 93 17 89 4e b0 79 fe 39 59 5e 95 2f 4a 48 95 87 8a 75 77 be 77 7b 52 48 90 7c 5c e1 97 1f 2e 36 31 5a e7 26 80 fe 0e 69 b1 73 5f 41 4a ac 40 a0 f3 88 8e 8a 28 88 2c 6d 27 95 57 39 95 42 b1 24 6c 2c 0d ef a9 51 13 80 da 9e dc b7 66 4a a5 0a 56 b4 a5 de 6f fa ad 73 52 11 5b 88 a0 a1 0f 70 82 f7 56 5d 26 8f 4a e8 56 83 54 e3 ae b7 53 aa 49 3d 0d 1c ca 1e f5 5b da ef 45 44 88 28 22 28 a5 96 f3 6e ce 24 60 33 b5 ef f1 22 09 40 1c a5 17 21 8e 1f f3 77 54 89 07 01 21 3a 2e 23 d8 c4 36 51 b2 cc 82 0b 96 ab 8e 77 61 26 1e 19 e8 ec e8 d0 10 d6 7a 17 04 6f bf 07 8f 34 ad 4c fd 9e
                                                Data Ascii: (bA"71JHsXZa/19xg+Ny9Y^/JHuww{RH|\.61Z&is_AJ@(,m'W9B$l,QfJVosR[pV]&JVTSI=[ED("(n$`3"@!wT!:.#6Qwa&zo4L
                                                2024-07-03 13:47:10 UTC772INData Raw: 19 a7 ba c7 f2 a2 ca 2c 16 43 b1 60 07 dc 37 8d 68 7e 49 2f c9 27 ff d0 42 94 bb f8 6b 7a 36 bf 93 6d b6 ff 0a 52 ef e1 ad e8 da fe 4d b6 db fc 0e 7d 8e 7d a0 41 02 00 70 21 1b 55 3c 39 26 c3 80 b1 60 2c 23 2a 54 61 a1 76 d8 6f 51 51 32 0b 54 20 12 48 bd 2b 2f 25 30 03 9b 60 72 d5 8a 18 8a 60 ee 2c 46 b1 1a b5 44 75 2b 4e af c7 7f 8a 87 f6 01 07 8b d3 f0 82 a0 4b 91 a0 30 d0 d2 bb 15 ad 1a 7d 7d 91 90 8c 6d e4 4c fd aa 77 f6 91 b7 a7 fd 0a 94 fa fc 3c 75 9f 14 e6 c3 a1 0e ff 51 4f 6e a1 9f cb e6 dc 66 fc 7c 38 c0 aa dc 73 5d 03 15 c5 83 9d 68 4f ba 79 6c 63 10 b2 5a f0 9e fc c4 66 b5 42 3b 2d 49 48 37 d9 32 54 60 a6 9f 42 b7 93 96 7c 92 67 6e ad 56 a3 0d 0a cc 14 0a c2 cd 11 0a c6 31 44 52 dd 97 97 d1 14 17 d7 db 35 55 30 d8 f7 4e 48 32 10 78 1c 90 5e d7
                                                Data Ascii: ,C`7h~I/'Bkz6mRM}}Ap!U<9&`,#*TavoQQ2T H+/%0`r`,FDu+NK0}}mLw<uQOnf|8s]hOylcZfB;-IH72T`B|gnV1DR5U0NH2x^


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                86192.168.2.549826157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC714OUTGET /v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=952&byteend=18888 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC698INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=952&byteend=18888
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:10 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                87192.168.2.549829157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC925OUTGET /v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=824&byteend=939 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC587INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 00:57:36 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 33493972
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:10 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 116
                                                2024-07-03 13:47:10 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:10 UTC115INData Raw: 00 00 74 73 69 64 78 00 00 00 00 00 00 00 01 00 00 ac 44 00 00 00 00 00 00 00 00 00 00 00 07 00 00 45 55 00 01 5c 3e 90 00 00 00 00 00 3f 94 00 01 58 00 90 00 00 00 00 00 3f c7 00 01 58 00 90 00 00 00 00 00 3f 84 00 01 58 00 90 00 00 00 00 00 3f 50 00 01 58 00 90 00 00 00 00 00 3f ab 00 01 58 00 90 00 00 00 00 00 2e b5 00 00 fb c2 90 00 00 00
                                                Data Ascii: tsidxDEU\>?X?X?X?PX?X.


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                88192.168.2.549831157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC927OUTGET /v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=940&byteend=18688 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC589INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 00:57:36 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 33493972
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:10 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 17749
                                                2024-07-03 13:47:10 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:10 UTC1500INData Raw: 00 01 34 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 01 1c 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 08 00 00 00 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 00 cc 74 72 75 6e 00 00 02 01 00 00 00 2e 00 00 01 3c 00 00 01 73 00 00 02 0d 00 00 01 e6 00 00 01 d0 00 00 01 c0 00 00 01 bb 00 00 01 a9 00 00 01 a0 00 00 01 9a 00 00 01 75 00 00 01 91 00 00 01 7c 00 00 01 7d 00 00 01 71 00 00 01 5e 00 00 01 87 00 00 01 67 00 00 01 62 00 00 01 6d 00 00 01 67 00 00 01 4c 00 00 01 59 00 00 01 4b 00 00 01 61 00 00 01 67 00 00 01 5d 00 00 01 64 00 00 01 85 00 00 01 64 00 00 01 59 00 00 01 73 00 00 01 68 00 00 01 5b 00 00 01 62 00 00 01 66 00 00 01 5a 00 00 01 6e 00 00 01 6e 00 00 01 7e 00 00 01 81
                                                Data Ascii: 4moofmfhdtraftfhd*tfdttrun.<su|}q^gbmgLYKag]ddYsh[bfZnn~
                                                2024-07-03 13:47:10 UTC15392INData Raw: 22 10 4e 01 71 54 55 55 32 0a b2 a3 40 04 21 68 0b 57 6e 8d bb e4 0d d9 ae 6c 3b 05 be 88 3a 93 f2 fb b4 92 f4 a7 e9 89 63 2a 64 6b c8 59 40 0c 58 3a e8 03 06 58 5b 87 38 ef c3 91 16 84 4c e4 32 73 04 9b 8f 9c 68 2c 2a ee 38 3a fc d1 51 40 f6 ae de 7b 65 eb 33 1e f0 96 5b 1a 35 6d b0 de 34 e9 90 36 07 84 18 a9 6b 7f 45 c0 02 c5 50 00 69 d2 5f 47 e3 3c 9a 23 4e 7f 2c f7 8e db 55 b7 4e dd 50 e9 f2 d5 b7 46 b8 ca 7b 7f 78 d1 3d e9 d5 73 b2 54 83 f3 92 5a 77 8e 68 59 32 b2 64 84 14 51 fd f7 ef e6 e7 e8 4f eb 7f ff 01 b0 3f be fd fc dc fd 09 fd 9f ff ee 28 7f dc 8d 3f f6 47 ba 0c 10 60 70 21 1b 55 2c 3d 9e 82 62 a8 4c 68 43 37 ac 99 d0 a4 65 88 81 28 90 40 80 74 16 22 a8 bb 80 2f ce 3f 11 b4 68 9e 89 73 f1 69 35 9c 40 c7 91 52 a7 9f 10 77 a7 dc 8d 9f 81 ad 35
                                                Data Ascii: "NqTUU2@!hWnl;:c*dkY@X:X[8L2sh,*8:Q@{e3[5m46kEPi_G<#N,UNPF{x=sTZwhY2dQO?(?G`p!U,=bLhC7e(@t"/?hsi5@Rw5
                                                2024-07-03 13:47:10 UTC856INData Raw: ae 62 da 73 d9 8c 6a 6b 1a b9 f8 32 79 76 eb db 45 d3 ea 6e fb 27 3a 9b a3 e9 64 ad a5 75 74 5a 98 6a bd 75 8b 80 05 2c a3 84 0b 53 45 db 1c d4 8c a1 30 0d 90 08 a0 0b 01 49 0a b1 ca 22 26 f1 2d 01 1e a1 86 99 ff ea ff fa 85 40 14 bf bf ff 83 ff e3 fc bf ff 80 30 81 c3 77 fb 89 90 49 80 0e 21 1b 55 50 06 28 c3 42 30 51 02 20 09 94 2c 61 97 15 22 00 16 cb 2b e3 c2 36 13 88 94 f5 10 b2 47 19 a7 e4 bf d8 f7 e1 79 e4 a4 9c 42 51 8c 89 74 4c 3a a8 86 b6 f7 7a 58 14 38 40 17 4a 00 49 28 27 0d ce d7 e0 db dd 6b 2b 29 dd 22 04 03 b6 33 5e fc d1 f2 d3 58 fe 1f 55 fd 5e 12 f5 93 24 0e b6 a8 f5 a5 bc 10 d1 2e a1 43 e8 bf 2b 3f 41 7a 82 00 87 21 44 35 40 52 b4 0d 27 eb 4d 43 8d b2 c1 6d ba 3e b6 73 ae d2 17 18 09 69 ef bb 9a 02 63 18 9c be 54 45 87 47 a3 ca 5a d5 0b
                                                Data Ascii: bsjk2yvEn':dutZju,SE0I"&-@0wI!UP(B0Q ,a"+6GyBQtL:zX8@JI('k+)"3^XU^$.C+?Az!D5@R'MCm>sicTEGZ


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                89192.168.2.54983231.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC703OUTGET /v/t39.25447-2/449178494_787972259986290_5287065104367118752_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo0NTgyNjgxNTAyNzQ4NTh9&_nc_ohc=Okqc0ec779wQ7kNvgGSxSbJ&_nc_ht=video-hou1-1.xx&oh=00_AYA3ox8WBXD_V0qsnAa4MOypYGNXmY1Wh35stftI4T6iPg&oe=668B2BD8&bytestart=824&byteend=903 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC550INHTTP/1.1 200 OK
                                                Last-Modified: Wed, 26 Jun 2024 02:11:05 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 2554065408
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:10 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 80
                                                2024-07-03 13:47:10 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:10 UTC79INData Raw: 00 00 50 73 69 64 78 00 00 00 00 00 00 00 01 00 00 ac 44 00 00 00 00 00 00 00 00 00 00 00 04 00 00 45 25 00 01 5c 3e 90 00 00 00 00 00 3f 9d 00 01 58 00 90 00 00 00 00 00 3f b0 00 01 58 00 90 00 00 00 00 00 0a c9 00 00 37 82 90 00 00 00
                                                Data Ascii: PsidxDE%\>?X?X7


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                90192.168.2.549823157.240.252.354432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC619OUTGET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=3&__rev=1014647652&__s=hnigsi%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C3 HTTP/1.1
                                                Host: www.facebook.com
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC948INHTTP/1.1 200 OK
                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown&brsid=7387405727639166939", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown&brsid=7387405727639166939"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                2024-07-03 13:47:11 UTC1859INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27
                                                Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net '
                                                2024-07-03 13:47:11 UTC1824INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 61 74 74 65 72 79 3d 28 73 65 6c 66 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f
                                                Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewpo


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                91192.168.2.54983331.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC683OUTGET /v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=0&byteend=825 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:10 UTC676INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 15:30:05 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 147437747
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:10 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Edge-Debug: ks1i3oA4PLAb-0RZWJ9lZuMhQlgHZTDrXJKPpVDhzEuJMeagqgC6Qya4QdzeO2mqhbv_MCtb55fKNVV-TS_S0xxFM5aeZIKw2prD3brnxDY
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=3, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=41, ullat=0
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 826
                                                2024-07-03 13:47:10 UTC826INData Raw: 00 00 00 28 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 61 76 30 31 63 6d 66 63 00 00 03 12 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 a9 cd 7c e2 a9 cd 7c 00 00 3c 00 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68
                                                Data Ascii: (ftypmp41iso8isommp41dashav01cmfcmoovlmvhd||<@meta hdlrID32`ID32ID3HPRIV>https://github.com/sh


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                92192.168.2.549830157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC902OUTGET /v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=0&byteend=825 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC588INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 02:15:43 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 874196207
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:10 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 826
                                                2024-07-03 13:47:11 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:11 UTC825INData Raw: 00 00 28 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 61 76 30 31 63 6d 66 63 00 00 03 12 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 a9 13 4f e2 a9 13 4f 00 00 3c 00 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61
                                                Data Ascii: (ftypmp41iso8isommp41dashav01cmfcmoovlmvhdOO<@meta hdlrID32`ID32ID3HPRIV>https://github.com/sha


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                93192.168.2.549834157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:10 UTC716OUTGET /v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=0&byteend=823 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC700INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=0&byteend=823
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:10 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                94192.168.2.549838157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC904OUTGET /v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=826&byteend=905 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC587INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 02:15:43 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 874196207
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:11 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=37, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 80
                                                2024-07-03 13:47:11 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:11 UTC79INData Raw: 00 00 50 73 69 64 78 00 00 00 00 00 00 00 01 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 04 00 08 fc c8 00 01 2c 00 10 00 00 00 00 08 b9 dc 00 01 2c 00 10 00 00 00 00 0b e8 b3 00 01 2c 00 10 00 00 00 00 02 85 b8 00 00 54 00 10 00 00 00
                                                Data Ascii: Psidx<,,,T


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                95192.168.2.549825157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC907OUTGET /v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=906&byteend=589905 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC591INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 02:15:43 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 874196207
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:11 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=37, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 589000
                                                2024-07-03 13:47:11 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:11 UTC1500INData Raw: 00 02 bc 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 02 a4 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 02 00 00 01 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 02 70 74 72 75 6e 00 00 02 05 00 00 00 96 00 00 02 c4 00 00 00 00 00 01 9a 56 00 00 a9 fd 00 00 00 03 00 00 01 b5 00 00 00 03 00 00 05 b7 00 00 00 03 00 00 01 fa 00 00 00 03 00 00 0e e6 00 00 00 03 00 00 01 ef 00 00 00 03 00 00 06 4f 00 00 00 03 00 00 02 24 00 00 00 03 00 00 a8 4d 00 00 00 03 00 00 02 49 00 00 00 03 00 00 07 7d 00 00 00 03 00 00 02 07 00 00 00 03 00 00 0f 2f 00 00 00 03 00 00 01 f8 00 00 00 03 00 00 06 6e 00 00 00 03 00 00 01 db 00 00 00 03 00 00 ae 88 00 00 00 03 00 00 02 27 00 00 00 03 00 00 06 f6 00 00 00 03
                                                Data Ascii: moofmfhdtraftfhd*tfdtptrunVO$MI}/n'
                                                2024-07-03 13:47:12 UTC15426INData Raw: aa 7d 55 2f b7 cf f6 cd f3 41 54 c0 b1 43 08 df 1f 79 e6 f2 83 cf 37 bf cc c8 ff fc e4 d2 eb 56 5b bc 44 ca 4d 6f b3 1e 65 13 1f 3c 6f 29 c2 7c c2 66 35 19 da 06 46 1e 67 c4 f8 4b 2b 39 2e e0 cd bf 1b f7 2e 1c 3e 7b e4 98 eb c2 f2 c2 c4 89 ff 12 e5 30 51 4e b2 19 54 54 38 89 7b 83 5b eb 53 b8 b5 f4 44 e9 cc c0 b3 53 a7 b2 b3 69 1e e9 a3 82 f9 44 e2 7a 29 f2 55 14 87 ba f2 b9 e2 a5 f1 12 61 b9 04 f0 47 f5 46 b4 20 6e ca ab eb d2 36 b0 9f 22 8f dd ff 78 fa d0 c2 18 74 f5 a4 19 12 ed 97 ce 92 41 6f bc b5 e3 9c d6 88 48 07 3b 22 ce c7 1e ed 32 38 13 46 bf a8 4d 89 da d6 7c 01 16 c9 33 c0 2d cf 00 02 5a cd a4 d8 e1 11 02 c3 76 8c c7 fa b1 cb dc 00 b2 49 a4 92 e1 cb ee 24 5e ac 4f ad b7 6c 7c cf fb 0b fe ee 23 77 8a 9e 47 c9 eb 25 1d 04 bc 8e cb 3c fc f6 f2 f3
                                                Data Ascii: }U/ATCy7V[DMoe<o)|f5FgK+9..>{0QNTT8{[SDSiDz)UaGF n6"xtAoH;"28FM|3-ZvI$^Ol|#wG%<
                                                2024-07-03 13:47:12 UTC16384INData Raw: 1c f5 76 e1 77 40 66 1a 9e 71 f5 e6 2d 2a 3c cf f0 08 16 ec 91 cc bf 13 ea 56 ac a1 6f bd 80 d0 95 9d 46 36 e1 c0 8e c6 53 d9 8b c8 95 65 98 f6 f7 7e 74 76 ad 2e 98 8a 74 ea 0a 9b 14 0c 96 dc 70 50 83 b1 1c c8 a3 8a 62 0f 75 68 1f a6 01 31 56 45 1a 5e 96 0b 94 c6 b6 40 6c 52 3b d1 1d 17 3d 13 1e 64 e5 e0 c3 ea 51 d7 65 37 f8 3c 97 a9 1d 99 7c e4 e2 2d 65 36 95 36 d5 98 6e 14 6b 6c 4b 4a 46 18 d1 e2 59 7c 7c cd 6e 76 20 36 7a c6 a6 7a dc ae 4c 01 5a 10 a9 46 29 8e 58 79 5d 3f 3f 59 f0 4e 5c fd fb 72 4e 12 3c 32 5e eb a2 b3 f4 a4 9b 2b 6f b5 52 17 9f 85 89 ed c2 e3 ad be 8c 6a 66 39 d0 c4 5a 66 3b 10 32 ca 1f ba cd 8f db 86 6a 37 9c 8e 77 44 cf 29 d7 ae 50 43 81 1e 87 a5 d2 11 1d 00 11 4e a0 93 15 4b 5b ed 59 5e e9 94 77 0d 13 47 97 dc 70 7f 29 fb 02 d7 01
                                                Data Ascii: vw@fq-*<VoF6Se~tv.tpPbuh1VE^@lR;=dQe7<|-e66nklKJFY||nv 6zzLZF)Xy]??YN\rN<2^+oRjf9Zf;2j7wD)PCNK[Y^wGp)
                                                2024-07-03 13:47:12 UTC16384INData Raw: 7d d1 f3 bb 4e 92 ae 63 5b 46 5d 95 3a 57 a7 92 08 a0 ee d0 ac c9 5d 2b bf aa 71 79 7c da ec 84 f4 b9 24 40 72 f4 78 ef 8b 06 21 bd 1f 0e 4b 4e db 8d d5 6d e1 8f ef 73 95 6d e5 0e a9 50 81 1a dc 11 9d d4 fb 89 3d a6 f5 99 88 98 35 82 f2 6e b8 af b6 e7 73 b4 7d a1 a4 64 c2 96 0e 88 2e 1d 63 c5 3e 46 30 71 bd 5e 46 15 df e9 83 fc 49 79 ac 6a 69 54 c6 12 b3 f4 17 b8 f9 a3 ad bf b7 f0 6e 9a 69 39 a0 93 8a 23 98 2c ac 56 05 ae 6e 5c 79 11 9e 60 32 f7 b3 1b 03 84 8e c3 c4 9d c3 89 a9 53 ae 53 4e fa a5 ae a6 13 2e 2f 82 07 8f 81 35 b5 84 49 3b 07 d0 56 4c 96 48 ce 4d 3a 35 dc 66 23 3e fd c0 d2 cd 78 5a 68 3e 83 dd 3b a3 67 b0 5f 22 cd 6d 35 f9 0e 5d 7b 4a 3c 8b 29 32 0c 6d 4a 24 0f 41 6a 4a 3f fd 32 32 ce dc 1c 9c 5d 4c 8d c6 87 bc 88 f3 87 62 13 84 7f 86 86 cd
                                                Data Ascii: }Nc[F]:W]+qy|$@rx!KNmsmP=5ns}d.c>F0q^FIyjiTni9#,Vn\y`2SSN./5I;VLHM:5f#>xZh>;g_"m5]{J<)2mJ$AjJ?22]Lb
                                                2024-07-03 13:47:12 UTC14935INData Raw: 81 9a 5b 43 6b 44 9f 2b a7 9a dc 31 3a c5 5e ff 91 a0 13 55 55 dc f0 b3 44 51 8b fd 1d fa 9e d6 9a 44 7b af 8f f2 b9 c0 e5 3f ee 12 cd 22 2b ed 25 a9 f9 b8 21 0b 94 f2 fe 1a b2 f4 fe 16 1f 52 92 be bf 4f 4d c0 fe 07 ff c3 b0 8e 10 9a c7 81 08 46 bb aa 83 14 a6 f3 b5 42 fc c2 41 cc 64 4c 34 6a 6c ab a0 08 79 98 08 1b 5d d9 8c dd 3e 4e 78 a4 c6 2f b1 a1 fe aa c3 f3 f8 10 ff ac fa 92 40 fb cb eb 24 e5 db 1d c3 dd 50 23 52 62 d2 e3 55 7d 09 19 8c 8d b0 61 79 9a a1 1e fe 9c 00 af ad 50 1b 6c 8b fd b9 dd 63 88 3a ca be df e2 b9 04 8a d1 c1 03 81 3e 5c 35 01 48 a5 f0 e5 7e 87 85 c2 bc 32 44 bb 58 02 a6 01 ea 46 65 86 74 aa af f4 8d f0 ab 23 3a b0 6d 5a c0 89 e6 bc 44 79 7f e0 89 cf ba f6 e7 08 3b 8a a4 ab a4 51 59 94 b2 76 4f 5b 59 c9 01 cd 75 99 83 5b 06 85 5f
                                                Data Ascii: [CkD+1:^UUDQD{?"+%!ROMFBAdL4jly]>Nx/@$P#RbU}ayPlc:>\5H~2DXFet#:mZDy;QYvO[Yu[_
                                                2024-07-03 13:47:12 UTC1500INData Raw: e3 a6 6e 51 83 7a 37 42 fd 2e 98 22 fa 27 2c 12 a9 89 c4 1d be 2d 3c 73 7e 31 b9 15 0e 66 67 2a f2 c5 7e 90 8c cf dc a7 f9 7c 0a 39 8f b5 54 9c f8 89 8b 6b f3 73 dc 94 01 01 db b7 ee 84 f4 89 7b a6 44 3b 98 f0 1c a6 08 0e 32 2b 4a ab f4 a0 55 84 de e1 c4 90 88 dd 6f 2e f1 74 b1 ca 5b 2f 57 fc 98 a9 f8 bc 25 8c ae 32 59 44 b2 c1 63 93 b3 f0 20 ce 92 17 eb fe e4 5d 2c bb 27 5c 25 9b 76 a6 ab 65 a2 74 9c 42 33 66 5c 75 42 e0 e0 fc b5 b8 d8 b9 43 e4 c6 ef a3 4f 13 be 8d 7d 50 e5 d2 e9 28 b6 a3 ee a9 51 d1 81 67 8d 0d 9b 91 8f 14 de 46 3b 25 51 da 30 ae 39 ec 17 4d 1e 89 1b 24 cd 48 3b 3b d5 06 65 d3 99 c6 84 3d ae c2 e1 af a5 33 3c fd db f2 16 f4 94 2b 94 41 b6 90 c3 9f 1d 1f 6f 14 0f 5f 3e c1 cd 6b 05 97 56 36 b4 d6 38 68 9d 1e 0f 24 70 1b d9 e1 5f a6 fe aa
                                                Data Ascii: nQz7B."',-<s~1fg*~|9Tks{D;2+JUo.t[/W%2YDc ],'\%vetB3f\uBCO}P(QgF;%Q09M$H;;e=3<+Ao_>kV68h$p_
                                                2024-07-03 13:47:12 UTC16333INData Raw: d5 a3 92 94 f3 83 d7 25 2a 6a 30 71 8f ee 45 fe 13 00 de 4e 43 ff 16 fe d2 e4 07 3b 7f a7 03 d8 5b 95 46 27 18 25 e5 70 ec 41 90 13 60 aa 31 c7 ec fb ee 2a ed e9 23 0b db 8c 9a 81 87 86 26 6b 33 4b e3 c1 90 b3 f8 2e 06 b0 de 48 bd ed 71 bf 53 1f cd d0 aa d3 6c b1 ac c1 49 3f a3 46 aa 5b de b3 ae 8f fe c5 56 b0 5c de 56 c2 ae a9 26 72 31 6c 23 69 fd 8d 9e 20 78 7d 8b 09 5b ce f6 43 c7 de 3c 45 95 3b 2e 2b 06 77 11 e4 07 fc 89 c0 7a 1a 62 f9 0f cf b8 af 9d 54 45 6f 01 3e 53 08 da 63 96 41 21 0b 2b 38 40 ab ff 05 b4 4d d3 80 f6 d3 7e 7a 08 ad 10 60 b3 8d 1f af a8 bd 6f 75 9a e2 cd 75 87 58 61 6c 56 8d 09 18 c9 bc 2c 51 63 42 31 8e 5c 72 95 a2 10 35 91 69 61 de ec 17 c1 3e b2 1c 45 8c 3a 1e 42 b9 8a bb 85 f5 7f e0 11 ee 57 60 d3 3a ce 5f 61 02 3d 43 fa aa 5d
                                                Data Ascii: %*j0qENC;[F'%pA`1*#&k3K.HqSlI?F[V\V&r1l#i x}[C<E;.+wzbTEo>ScA!+8@M~z`ouuXalV,QcB1\r5ia>E:BW`:_a=C]
                                                2024-07-03 13:47:12 UTC16384INData Raw: 55 1f 23 29 53 09 46 0f b6 79 e7 4e bd 75 59 4c ce e9 ae d6 57 c0 74 46 cb ab 93 8d 21 b5 b8 3a a6 6e 9b a0 d1 60 c7 39 18 fc 58 bc 57 a8 ea ff 9d 84 9e ac 5c d4 c6 06 16 f5 4c 74 22 17 af 2a 02 66 25 ab da 07 9b 16 e4 c4 ad 0f ea 75 a3 3b c7 13 2c d2 4a 16 ec 48 2f c6 5a 0f 13 51 03 2a 4a 1e f4 16 67 5d ac cb d8 28 95 3d 6f c5 59 39 fd de a4 2d 06 fd 73 b7 97 4b 8c f0 45 e2 ae 68 73 bf 89 fe de 63 6f 63 48 f8 50 d4 4a 29 1c 74 8b ee 3d 23 10 44 b5 80 31 3f de 56 c2 78 4c 60 8b 1d d8 59 f8 7e 92 f3 2b 44 4d 3d 69 df 2a 62 5a e2 2f 91 50 96 3b c8 f7 c7 dc 30 e8 e9 e6 69 8d 3f 44 39 da 7b f0 fa c2 20 f9 c3 6a d1 10 0f 78 72 74 ae 0e b1 15 74 28 d4 fd a9 85 94 1c b3 2f a3 25 c4 36 3d df b3 bb 28 52 75 ca c7 fc 8a 6a e2 4a 86 02 de 9a 94 00 7a 56 97 ff 55 d5
                                                Data Ascii: U#)SFyNuYLWtF!:n`9XW\Lt"*f%u;,JH/ZQ*Jg](=oY9-sKEhscocHPJ)t=#D1?VxL`Y~+DM=i*bZ/P;0i?D9{ jxrtt(/%6=(RujJzVU
                                                2024-07-03 13:47:12 UTC16384INData Raw: 28 84 2e 5e 1d b3 ba c9 f3 91 b0 1e 22 0e 17 1f b9 99 91 36 ef f8 e6 1d 42 82 c8 42 6d 9a 44 2c ab 4f 73 17 d0 84 e8 fb 95 12 a9 69 7d 84 25 31 bb 0f 1a ec f7 2f 40 ad ff 7e b0 53 3f 82 df 27 68 5a dd 5a 8f ce 7c 63 04 a7 5f 22 34 fd 94 89 86 8f 62 58 c8 3b c3 80 b6 e1 94 18 13 5d 34 d1 17 d3 56 bf a1 d4 6e 2d a0 1f a0 be 9e 7f 1d 14 dc b2 6d ff 0a ad 9b fc ab fe 77 ac 1d d1 46 47 e1 d2 24 f0 44 01 f9 48 ed 79 33 f9 dd b7 a1 f3 66 5c 13 e0 47 0e ca c5 02 0c a1 1a 85 7b 6a 5a f5 1d bb 9e 8b f5 7f 9f 68 01 7f fe d2 c8 1a ad 17 b5 67 4d c6 07 58 18 c8 e5 fa a6 4e 74 8f 71 1d f6 f5 bb 29 a1 7f 61 4c 86 b5 21 9c 8b ce 54 1d 3d aa 31 9f 24 67 34 2c 16 38 75 0f 59 cc b5 36 57 cb 3f ee 37 45 93 a0 0f 72 03 57 0e e5 b9 f3 46 79 f8 ab 54 6e 5b 5e 7e ea 19 4b ef 8e
                                                Data Ascii: (.^"6BBmD,Osi}%1/@~S?'hZZ|c_"4bX;]4Vn-mwFG$DHy3f\G{jZhgMXNtq)aL!T=1$g4,8uY6W?7ErWFyTn[^~K


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                96192.168.2.549824157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC700OUTGET /v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=882&byteend=43004 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC684INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=882&byteend=43004
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:11 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                97192.168.2.549844157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC718OUTGET /v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=824&byteend=915 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC702INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=824&byteend=915
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:11 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=37, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                98192.168.2.54984531.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC685OUTGET /v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=826&byteend=905 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC549INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 15:30:05 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 147437747
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:11 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=4, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 80
                                                2024-07-03 13:47:11 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:11 UTC79INData Raw: 00 00 50 73 69 64 78 00 00 00 00 00 00 00 01 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 04 00 01 58 63 00 01 2c 00 10 00 00 00 00 01 1a 08 00 01 2c 00 10 00 00 00 00 01 21 af 00 01 2c 00 10 00 00 00 00 00 42 7b 00 00 24 00 10 00 00 00
                                                Data Ascii: Psidx<Xc,,!,B{$


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                99192.168.2.54984031.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC703OUTGET /v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=0&byteend=823 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC551INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 09:01:20 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 1747466157
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:11 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 824
                                                2024-07-03 13:47:11 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:11 UTC823INData Raw: 00 00 24 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 63 6d 66 63 00 00 03 14 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 a9 72 5f e2 a9 72 5f 00 00 ac 44 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61 6b 61 2d 70
                                                Data Ascii: $ftypmp41iso8isommp41dashcmfcmoovlmvhdr_r_D@meta hdlrID32`ID32ID3HPRIV>https://github.com/shaka-p


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                100192.168.2.549848157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC720OUTGET /v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=916&byteend=18724 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC704INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=916&byteend=18724
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:11 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=37, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                101192.168.2.549846157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC922OUTGET /v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=0&byteend=823 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC589INHTTP/1.1 200 OK
                                                Last-Modified: Wed, 12 Jun 2024 22:03:05 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 1772760883
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:11 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=37, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 824
                                                2024-07-03 13:47:11 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:11 UTC823INData Raw: 00 00 24 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 63 6d 66 63 00 00 03 14 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 8f cb 98 e2 8f cb 98 00 00 ac 44 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61 6b 61 2d 70
                                                Data Ascii: $ftypmp41iso8isommp41dashcmfcmoovlmvhdD@meta hdlrID32`ID32ID3HPRIV>https://github.com/shaka-p


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                102192.168.2.549841142.250.186.1104432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC1225OUTGET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1110236877&timestamp=1720014429579 HTTP/1.1
                                                Host: accounts.youtube.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                sec-ch-ua-full-version: "117.0.5938.132"
                                                sec-ch-ua-arch: "x86"
                                                sec-ch-ua-platform: "Windows"
                                                sec-ch-ua-platform-version: "10.0.0"
                                                sec-ch-ua-model: ""
                                                sec-ch-ua-bitness: "64"
                                                sec-ch-ua-wow64: ?0
                                                sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                Upgrade-Insecure-Requests: 1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: navigate
                                                Sec-Fetch-Dest: iframe
                                                Referer: https://accounts.google.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC1953INHTTP/1.1 200 OK
                                                Content-Type: text/html; charset=utf-8
                                                X-Frame-Options: ALLOW-FROM https://accounts.google.com
                                                Content-Security-Policy: frame-ancestors https://accounts.google.com
                                                Content-Security-Policy: script-src 'report-sample' 'nonce-B6JURhKCsAUSOP5vlZCRUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Wed, 03 Jul 2024 13:47:11 GMT
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Cross-Origin-Opener-Policy: same-origin
                                                Cross-Origin-Resource-Policy: cross-origin
                                                reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzj0tDikmLw1ZBikPj6kkkLiJ3SZ7CGAHHSv_OsJUC8JOIi65HEi6xCPBz310zdwibwY82_WUxKekn5hfGZKal5JZkllSn5uYmZecn5-dmZqcXFqUVlqUXxRgZGJgZmRsZ6BhbxBQYADpUnIw"
                                                Server: ESF
                                                X-XSS-Protection: 0
                                                X-Content-Type-Options: nosniff
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Accept-Ranges: none
                                                Vary: Accept-Encoding
                                                Connection: close
                                                Transfer-Encoding: chunked
                                                2024-07-03 13:47:11 UTC1953INData Raw: 37 36 36 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 42 36 4a 55 52 68 4b 43 73 41 55 53 4f 50 35 76 6c 5a 43 52 55 67 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f
                                                Data Ascii: 7665<html><head><script nonce="B6JURhKCsAUSOP5vlZCRUg">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
                                                2024-07-03 13:47:11 UTC1953INData Raw: 66 75 6e 63 74 69 6f 6e 28 64 29 7b 72 65 74 75 72 6e 20 64 20 69 6e 20 62 7d 29 5d 7c 7c 22 22 7d 7d 2c 71 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 0a 66 61 28 29 3b 69 66 28 61 3d 3d 3d 22 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 22 29 7b 69 66 28 6a 61 28 29 29 69 66 28 28 61 3d 2f 72 76 3a 20 2a 28 5b 5c 64 5c 2e 5d 2a 29 2f 2e 65 78 65 63 28 62 29 29 26 26 61 5b 31 5d 29 62 3d 61 5b 31 5d 3b 65 6c 73 65 7b 61 3d 22 22 3b 76 61 72 20 63 3d 2f 4d 53 49 45 20 2b 28 5b 5c 64 5c 2e 5d 2b 29 2f 2e 65 78 65 63 28 62 29 3b 69 66 28 63 26 26 63 5b 31 5d 29 69 66 28 62 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74
                                                Data Ascii: function(d){return d in b})]||""}},qa=function(a){var b=fa();if(a==="Internet Explorer"){if(ja())if((a=/rv: *([\d\.]*)/.exec(b))&&a[1])b=a[1];else{a="";var c=/MSIE +([\d\.]+)/.exec(b);if(c&&c[1])if(b=/Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])swit
                                                2024-07-03 13:47:11 UTC1953INData Raw: 76 6f 69 64 20 30 3b 69 66 28 61 3d 3d 6e 75 6c 6c 29 7b 76 61 72 20 64 3d 39 36 3b 63 3f 28 61 3d 5b 63 5d 2c 64 7c 3d 35 31 32 29 3a 61 3d 5b 5d 3b 62 26 26 28 64 3d 64 26 2d 31 36 37 36 30 38 33 33 7c 28 62 26 31 30 32 33 29 3c 3c 31 34 29 7d 65 6c 73 65 7b 69 66 28 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6e 22 29 3b 64 3d 7a 28 61 29 3b 69 66 28 64 26 32 30 34 38 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6f 22 29 3b 69 66 28 64 26 0a 36 34 29 72 65 74 75 72 6e 20 61 3b 64 7c 3d 36 34 3b 69 66 28 63 26 26 28 64 7c 3d 35 31 32 2c 63 21 3d 3d 61 5b 30 5d 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 70 22 29 3b 61 3a 7b 63 3d 61 3b 76 61 72 20 65 3d 63 2e 6c 65 6e 67 74 68 3b 69 66 28 65 29 7b 76 61 72
                                                Data Ascii: void 0;if(a==null){var d=96;c?(a=[c],d|=512):a=[];b&&(d=d&-16760833|(b&1023)<<14)}else{if(!Array.isArray(a))throw Error("n");d=z(a);if(d&2048)throw Error("o");if(d&64)return a;d|=64;if(c&&(d|=512,c!==a[0]))throw Error("p");a:{c=a;var e=c.length;if(e){var
                                                2024-07-03 13:47:11 UTC1953INData Raw: 73 74 72 75 63 74 6f 72 2e 63 61 3b 76 61 72 20 65 3d 4b 61 28 63 3f 61 2e 43 3a 62 29 3b 69 66 28 61 3d 62 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 66 3d 62 5b 61 2d 31 5d 2c 68 3d 77 61 28 66 29 3b 68 3f 61 2d 2d 3a 66 3d 76 6f 69 64 20 30 3b 65 3d 2b 21 21 28 65 26 35 31 32 29 2d 31 3b 76 61 72 20 67 3d 62 3b 69 66 28 68 29 7b 62 3a 7b 76 61 72 20 6b 3d 66 3b 76 61 72 20 6c 3d 7b 7d 3b 68 3d 21 31 3b 69 66 28 6b 29 66 6f 72 28 76 61 72 20 6d 20 69 6e 20 6b 29 69 66 28 69 73 4e 61 4e 28 2b 6d 29 29 6c 5b 6d 5d 3d 6b 5b 6d 5d 3b 65 6c 73 65 7b 76 61 72 20 71 3d 6b 5b 6d 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 71 29 26 26 28 41 28 71 2c 64 2c 0a 2b 6d 29 7c 7c 76 61 28 71 29 26 26 71 2e 73 69 7a 65 3d 3d 3d 30 29 26 26 28 71 3d 6e 75 6c 6c 29 3b 71
                                                Data Ascii: structor.ca;var e=Ka(c?a.C:b);if(a=b.length){var f=b[a-1],h=wa(f);h?a--:f=void 0;e=+!!(e&512)-1;var g=b;if(h){b:{var k=f;var l={};h=!1;if(k)for(var m in k)if(isNaN(+m))l[m]=k[m];else{var q=k[m];Array.isArray(q)&&(A(q,d,+m)||va(q)&&q.size===0)&&(q=null);q
                                                2024-07-03 13:47:11 UTC1953INData Raw: 7b 76 61 72 20 64 3d 50 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 45 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 51 61 28 4e 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 0a 76 61 72 20 51 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 2c 47
                                                Data Ascii: {var d=Pa[b[c]];typeof d==="function"&&typeof d.prototype[a]!="function"&&E(d.prototype,a,{configurable:!0,writable:!0,value:function(){return Qa(Na(this))}})}return a});var Qa=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a},G
                                                2024-07-03 13:47:11 UTC1953INData Raw: 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 48 28 6b 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6a 60 22 2b 6b 29 3b 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3d 6c 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 48 28 6b 2c 66 29 3f 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3a 76 6f 69 64 20 30 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 48 28 6b 2c 66 29 26 26 48 28 6b 5b 66 5d 2c 74 68 69 73 2e 67 29 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65
                                                Data Ascii: et=function(k,l){if(!c(k))throw Error("i");d(k);if(!H(k,f))throw Error("j`"+k);k[f][this.g]=l;return this};g.prototype.get=function(k){return c(k)&&H(k,f)?k[f][this.g]:void 0};g.prototype.has=function(k){return c(k)&&H(k,f)&&H(k[f],this.g)};g.prototype.de
                                                2024-07-03 13:47:11 UTC1953INData Raw: 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 3f 6c 3d 62 2e 67 65 74 28 6b 29 3a 28 6c 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6b 2c 6c 29 29 3a 6c 3d 22 70 5f 22 2b 6b 3b 76 61 72 20 6d 3d 67 5b 30 5d 5b 6c 5d 3b 69 66 28 6d 26 26 48 28 67 5b 30 5d 2c 6c 29 29 66 6f 72 28 67 3d 30 3b 67 3c 6d 2e 6c 65 6e 67 74 68 3b 67 2b 2b 29 7b 76 61 72 20 71 3d 6d 5b 67 5d 3b 69 66 28 6b 21 3d 3d 6b 26 26 71 2e 6b 65 79 21 3d 3d 71 2e 6b 65 79 7c 7c 6b 3d 3d 3d 71 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 67 2c 6c 3a 71 7d 7d 72 65 74 75
                                                Data Ascii: s;var d=function(g,k){var l=k&&typeof k;l=="object"||l=="function"?b.has(k)?l=b.get(k):(l=""+ ++h,b.set(k,l)):l="p_"+k;var m=g[0][l];if(m&&H(g[0],l))for(g=0;g<m.length;g++){var q=m[g];if(k!==k&&q.key!==q.key||k===q.key)return{id:l,list:m,index:g,l:q}}retu
                                                2024-07-03 13:47:11 UTC1953INData Raw: 78 74 28 29 29 2e 64 6f 6e 65 3b 29 65 2e 70 75 73 68 28 63 2e 63 61 6c 6c 28 64 2c 66 2e 76 61 6c 75 65 2c 68 2b 2b 29 29 7d 65 6c 73 65 20 66 6f 72 28 66 3d 62 2e 6c 65 6e 67 74 68 2c 68 3d 30 3b 68 3c 66 3b 68 2b 2b 29 65 2e 70 75 73 68 28 63 2e 63 61 6c 6c 28 64 2c 62 5b 68 5d 2c 68 29 29 3b 72 65 74 75 72 6e 20 65 7d 7d 29 3b 76 61 72 20 5a 61 3d 5a 61 7c 7c 7b 7d 2c 72 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 61 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 24 61 28 22 57 49 5a 5f 67 6c 6f 62 61 6c 5f 64 61 74 61 2e 6f 78 4e 33 6e 62 22 29 3b 61 3d 63 26 26 63 5b 61 5d 3b 72 65 74 75 72 6e 20 61 21 3d 6e 75 6c 6c 3f 61 3a 62 7d 2c 49 3d 72 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 24 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61
                                                Data Ascii: xt()).done;)e.push(c.call(d,f.value,h++))}else for(f=b.length,h=0;h<f;h++)e.push(c.call(d,b[h],h));return e}});var Za=Za||{},r=this||self,ab=function(a,b){var c=$a("WIZ_global_data.oxN3nb");a=c&&c[a];return a!=null?a:b},I=r._F_toggles||[],$a=function(a){a
                                                2024-07-03 13:47:12 UTC1953INData Raw: 22 3f 61 2e 73 70 6c 69 74 28 22 22 29 3a 61 2c 66 3d 30 3b 66 3c 64 3b 66 2b 2b 29 66 20 69 6e 20 65 26 26 62 2e 63 61 6c 6c 28 63 2c 65 5b 66 5d 2c 66 2c 61 29 7d 3b 76 61 72 20 63 61 3d 22 63 6f 6e 73 74 72 75 63 74 6f 72 20 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 20 69 73 50 72 6f 74 6f 74 79 70 65 4f 66 20 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 20 74 6f 4c 6f 63 61 6c 65 53 74 72 69 6e 67 20 74 6f 53 74 72 69 6e 67 20 76 61 6c 75 65 4f 66 22 2e 73 70 6c 69 74 28 22 20 22 29 3b 76 61 72 20 6a 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 72 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 67 2c 6b 2c 6c 29 7b 64 26 26
                                                Data Ascii: "?a.split(""):a,f=0;f<d;f++)f in e&&b.call(c,e[f],f,a)};var ca="constructor hasOwnProperty isPrototypeOf propertyIsEnumerable toLocaleString toString valueOf".split(" ");var jb=function(a,b,c){c=c||r;var d=c.onerror,e=!!b;c.onerror=function(f,h,g,k,l){d&&
                                                2024-07-03 13:47:12 UTC1953INData Raw: 6e 67 74 68 3b 65 2b 2b 29 7b 65 3e 30 26 26 63 2e 70 75 73 68 28 22 2c 20 22 29 3b 76 61 72 20 66 3d 64 5b 65 5d 3b 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 66 29 7b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 66 3d 66 3f 22 6f 62 6a 65 63 74 22 3a 22 6e 75 6c 6c 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 73 74 72 69 6e 67 22 3a 62 72 65 61 6b 3b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 6c 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a 74 79 70 65 6f 66 20 66 7d 66 2e 6c 65
                                                Data Ascii: ngth;e++){e>0&&c.push(", ");var f=d[e];switch(typeof f){case "object":f=f?"object":"null";break;case "string":break;case "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=lb(f))?f:"[fn]";break;default:f=typeof f}f.le


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                103192.168.2.54983931.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC705OUTGET /v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=824&byteend=951 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC551INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 09:01:20 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 1747466157
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:11 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=4, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 128
                                                2024-07-03 13:47:11 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:11 UTC127INData Raw: 00 00 80 73 69 64 78 00 00 00 00 00 00 00 01 00 00 ac 44 00 00 00 00 00 00 00 00 00 00 00 08 00 00 46 11 00 01 5c 3e 90 00 00 00 00 00 3f 5e 00 01 58 00 90 00 00 00 00 00 3f e0 00 01 58 00 90 00 00 00 00 00 3f 97 00 01 58 00 90 00 00 00 00 00 3f e9 00 01 58 00 90 00 00 00 00 00 3f 26 00 01 58 00 90 00 00 00 00 00 3f 8a 00 01 58 00 90 00 00 00 00 00 30 b9 00 01 08 00 90 00 00 00
                                                Data Ascii: sidxDF\>?^X?X?X?X?&X?X0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                104192.168.2.549835157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC698OUTGET /v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=826&byteend=893 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC682INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=826&byteend=893
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:11 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=36, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                105192.168.2.54985331.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC687OUTGET /v/t39.25447-2/449469933_999248815154664_2459728092857196365_n.mp4?_nc_cat=107&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E1MCIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=53ON0wakUEUQ7kNvgH8fCLD&_nc_ht=video-hou1-1.xx&oh=00_AYDI6Iik_LOD4NehQyFV0UzqSJ9I68i96GyPpRl1VB4biA&oe=668B3465&bytestart=906&byteend=89068 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC552INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 15:30:05 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 147437747
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:11 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 88163
                                                2024-07-03 13:47:11 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:11 UTC1500INData Raw: 00 02 bc 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 02 a4 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 02 00 00 01 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 02 70 74 72 75 6e 00 00 02 05 00 00 00 96 00 00 02 c4 00 00 00 00 00 00 77 81 00 00 09 30 00 00 00 03 00 00 00 2f 00 00 00 03 00 00 00 3b 00 00 00 03 00 00 00 17 00 00 00 03 00 00 01 94 00 00 00 03 00 00 00 2d 00 00 00 03 00 00 00 e3 00 00 00 03 00 00 00 41 00 00 00 03 00 00 09 2f 00 00 00 03 00 00 00 2e 00 00 00 03 00 00 00 91 00 00 00 03 00 00 00 23 00 00 00 03 00 00 00 ff 00 00 00 03 00 00 00 1e 00 00 00 03 00 00 00 9b 00 00 00 03 00 00 00 27 00 00 00 03 00 00 09 1e 00 00 00 03 00 00 00 28 00 00 00 03 00 00 00 78 00 00 00 03
                                                Data Ascii: moofmfhdtraftfhd*tfdtptrunw0/;-A/.#'(x
                                                2024-07-03 13:47:11 UTC15426INData Raw: 75 ce ce e4 90 41 21 46 2f 5e 78 f4 df 78 c7 d5 f3 eb 1f a1 16 95 11 09 78 c0 1e 68 0d f2 2e a0 87 45 38 4d 06 9b cf 55 c0 b0 c9 eb 3b 0c e4 d0 9d a8 f5 31 d6 b3 cd 2c 55 89 4f 11 de 1c 1c 33 cb cd fb 80 97 7e 24 1e fa a6 f6 fb 3b 89 b2 7a 47 99 f2 73 33 96 86 49 d7 fe d4 5e d9 80 64 52 25 41 8c f8 18 77 d4 53 51 02 18 a3 67 df 67 98 6a af d3 65 0f 0f 6b 97 a4 7c dd d2 21 cb df c6 b2 a2 f6 ef 36 f4 34 fa 3c 42 19 c0 3f d7 f8 60 c2 f7 6f 67 5b 9a 85 27 09 e2 29 28 45 e0 48 88 ea e6 66 38 7c ca 42 65 62 3b 54 37 f9 82 95 fd 5a f6 d6 26 31 ab 3f a8 ae 78 89 19 06 0f c5 57 d4 1b bc 88 71 7d d8 82 8c 0b da 63 88 cd 4c e3 f6 11 bf 6f 3e 5c c1 02 a7 06 ac f6 44 51 1f 72 88 82 b8 11 5a fb 8d 40 36 08 72 ac 7b ab d0 0f 07 cf 75 94 87 a2 15 40 d9 74 dd 89 21 ea ab
                                                Data Ascii: uA!F/^xxxh.E8MU;1,UO3~$;zGs3I^dR%AwSQggjek|!64<B?`og[')(EHf8|Beb;T7Z&1?xWq}cLo>\DQrZ@6r{u@t!
                                                2024-07-03 13:47:11 UTC16384INData Raw: 08 8b 54 1d 79 25 2d 83 68 65 e1 1b 46 b9 6b 12 d9 78 e5 55 c6 bc e2 7f 96 92 69 96 7e 65 00 d0 fc d7 ec ad e4 2e e0 2f 05 03 94 6f 9f c1 96 1d f3 5d a4 39 3a 5d e8 0e 7e 94 3e 29 6f 05 92 87 5e 7a 5c c0 0b 36 49 d9 c8 25 a0 cf 76 91 5d 94 85 19 f9 90 26 f1 e4 f4 67 85 04 83 6f a1 d0 87 62 d3 2a 58 5f 6f 6f ad 8f b6 f8 53 77 32 e2 aa 8c 8f 10 f6 69 f5 15 f9 9f 18 6b e6 67 40 0a 17 d2 ab 73 3f c2 e0 1b d8 72 5c 13 dc 2e 35 c7 de 96 56 77 8c 5d 77 79 54 bd e7 9e 35 99 cd 48 a6 0e 6f 08 d6 1d 8b 60 62 6f ef 80 87 07 72 9a 62 73 f9 aa 09 f7 32 de a5 22 61 51 19 b1 77 d4 dc 73 2d b5 1d b9 ce d6 35 20 6b 98 94 c2 96 cc 0c d5 6f e6 69 6f 5a d2 b9 1b 56 1f 63 ca 28 aa aa e3 d0 0c 56 9f aa f3 6f 55 41 3c 8e 69 96 22 de 8b 52 12 d7 0b b4 71 42 bc 79 a2 df 61 ea b3
                                                Data Ascii: Ty%-heFkxUi~e./o]9:]~>)o^z\6I%v]&gob*X_ooSw2ikg@s?r\.5Vw]wyT5Ho`borbs2"aQws-5 koioZVc(VoUA<i"RqBya
                                                2024-07-03 13:47:11 UTC16384INData Raw: 14 2f 7f a0 c4 23 98 02 d6 50 50 62 69 eb bf 10 01 4b f7 d9 49 51 e4 26 e5 42 9c e8 c0 90 4b 0b 2b 83 56 04 32 6f 28 04 84 04 92 61 9d 33 53 13 00 00 03 02 00 07 00 f6 b8 b0 d7 50 74 8f a9 59 3b c0 ab 25 30 f3 d4 10 29 1b 69 e0 d9 56 d7 76 79 94 00 b3 3f ef 05 f6 11 18 53 8f 2a 03 e6 30 62 33 21 2c 8d 21 76 6b 7f f0 7e 29 75 be cd a2 6c be 50 1f 2a d9 fb 0a d9 a3 b6 c7 f0 4f dc 74 5d 6a 5b 7a fc 13 d6 06 5d 7d 80 b9 e3 55 d5 71 3c 26 36 44 88 32 83 01 28 02 88 04 92 ae 9d 36 d3 13 00 00 03 3e f0 07 00 fa d5 4b a3 3c 6c 40 92 ec b2 1d 48 39 21 4e 9d 54 8d 1e d7 61 3a ba c1 aa 71 3f 24 d5 13 fc 47 73 60 b8 01 31 1b 8e f1 b0 74 f2 c0 0a f8 a1 de 93 1d c7 0b cb 2a 7c fb f7 56 7f 36 5b 1d 21 f5 b6 dc 1b 5b 44 6c 04 48 44 49 5a 57 6d 19 72 17 46 d8 15 71 f3 ef
                                                Data Ascii: /#PPbiKIQ&BK+V2o(a3SPtY;%0)iVvy?S*0b3!,!vk~)ulP*Ot]j[z]}Uq<&6D2(6>K<l@H9!NTa:q?$Gs`1t*|V6[![DlHDIZWmrFq
                                                2024-07-03 13:47:11 UTC14935INData Raw: 59 4c c6 ba dd 43 5d 18 84 49 93 da 58 8f ca 6c cd 28 86 a5 62 55 66 a3 bf 84 7c 4e 00 40 c0 74 85 18 11 59 ca 07 a4 37 30 7d d4 cb 60 f3 22 7a 45 19 07 07 b7 94 1b 9f df 46 86 ee 15 99 ed a9 2a 24 f3 61 aa 76 c7 5d d5 2d 66 da f7 0b 0c 40 fc 68 3d 36 a6 2b da 80 0e 56 84 bc 70 11 e7 49 73 6f 63 d2 72 bc 6e 4e 6e 67 66 81 e1 5e 4b bd f1 f5 6e ca 3f 9a 16 2f b9 3c df 05 0a 82 76 ba ef fe b4 75 77 ae 71 4c b7 f4 95 44 d3 0b 82 0b 0f 20 71 09 6e f7 e4 71 36 f4 01 63 d6 e6 40 bd 89 be f7 0b 69 d7 8b 86 90 13 f7 b1 2f 00 3b 7b e4 1e 00 51 aa c2 6a 7b ae 02 a7 4c a7 c9 9c 0e 1d 19 b4 c2 dc 06 d8 5e f5 7d 3b 86 0e 30 33 32 85 f8 19 83 f0 6e 7c 23 95 2f e3 62 2e 50 34 2b 42 f5 8a 79 1f dd b1 dc 32 b8 01 28 54 24 03 59 8a 1d 34 53 13 00 00 03 3e f0 07 00 fe eb f2
                                                Data Ascii: YLC]IXl(bUf|N@tY70}`"zEF*$av]-f@h=6+VpIsocrnNngf^Kn?/<vuwqLD qnq6c@i/;{Qj{L^};032n|#/b.P4+By2(T$Y4S>
                                                2024-07-03 13:47:11 UTC1500INData Raw: 6b 12 e2 22 bf 3d f7 7b e0 31 d1 1a ea d7 30 bc 6b 77 34 6f 0e 30 a6 c9 5c 12 ec d3 46 23 a5 fe c3 13 5a 75 ab 8d ae 63 fa e5 91 d1 0b 4a 50 53 8a 05 9f 62 cc 19 18 c5 31 db ea 21 d7 91 67 8e 35 8d f6 a7 27 3a 70 63 1f 2e 77 91 85 b0 2b b4 8f 74 d6 82 3e bc f4 2f af d8 32 71 4f fb d0 15 27 cf 4b 88 0b 91 d1 3f 78 77 c9 f9 d5 9c 7d ee fa 18 7f d2 54 1a 06 25 ea b5 de 10 15 56 73 e8 75 1f 2c 8f 72 52 38 d2 f7 d9 82 f9 48 84 46 57 3a b4 2e e3 90 41 d8 93 ad a1 7b 53 e7 77 ac d8 0f ac 1f 75 c0 23 2d d5 a7 31 47 b2 fc 7f ae 2c 81 ac ab 5e 20 b5 a0 bf ff b9 2b c9 d2 4b 3b e3 39 b3 2c 77 a1 50 06 be e8 2b b2 f7 d6 93 77 7c 25 ab db 1b 12 11 96 35 ed 4f 5a 34 eb ac 48 aa 5b 04 d6 38 6a 09 50 ce d2 8a 39 de f1 29 9b 61 e2 8c c7 45 e7 2f 45 ad c0 fd af cd d7 c6 e6
                                                Data Ascii: k"={10kw4o0\F#ZucJPSb1!g5':pc.w+t>/2qO'K?xw}T%Vsu,rR8HFW:.A{Swu#-1G,^ +K;9,wP+w|%5OZ4H[8jP9)aE/E
                                                2024-07-03 13:47:11 UTC14884INData Raw: 54 a7 3a 17 de f2 02 ca 64 95 75 ef 51 19 e0 b1 8b 44 b3 42 81 34 40 09 6c e0 1e 4d 29 46 80 48 73 37 65 4d 78 74 ac 4d 91 37 cf f3 bb dd ab 20 9f 64 10 3e f5 61 10 8a 8d 53 1a 15 37 f9 50 35 4b c7 49 f4 95 d4 c0 68 40 f7 1f f7 d8 51 6b 33 46 0d e0 21 71 d1 23 cf 2f 18 aa 09 78 56 34 f3 02 06 6d 9b a8 ba c3 87 ad 38 7d 0c 23 78 e9 0e f7 9e c1 21 32 76 71 92 b7 05 b4 30 58 15 53 dc 87 dd a8 bc 45 cd 03 99 a3 a3 8d 1e d8 3c aa a4 ec d0 82 f0 41 e8 9e 99 de ea 38 1d ff 8a 65 f0 a2 9a 88 26 d2 98 ae 39 4a aa 93 9d ef 4e 26 0c 5d d4 04 9d 30 ad 72 e9 22 fc b1 57 9a 11 b0 8b 66 42 2d 78 42 09 12 ef 5a 80 8d ac 71 5b 76 8c 7b f4 c8 70 41 c2 4b c0 c9 21 12 18 db bc c5 f6 ac 6a 1b c9 4a 55 eb 4e 2f 47 59 12 9c 48 4f 63 8a 90 a2 0b 4d f5 88 78 09 48 14 db 93 4e 01
                                                Data Ascii: T:duQDB4@lM)FHs7eMxtM7 d>aS7P5KIh@Qk3F!q#/xV4m8}#x!2vq0XSE<A8e&9JN&]0r"WfB-xBZq[v{pAK!jJUN/GYHOcMxHN
                                                2024-07-03 13:47:11 UTC1491INData Raw: ea 2c 82 a8 c5 5e 6b a8 87 ef 24 3a 01 46 f9 17 bb 86 44 b4 87 84 da f1 b3 46 c6 53 16 ab d8 ba 5c 53 99 d1 60 a4 52 0f df 08 94 88 fb 6f 2f e8 c4 2d 70 18 c7 7e 4f 8d 9f 0c da 31 6b 92 dc 65 4f 80 32 b7 01 28 72 28 01 98 b2 9d 36 d3 13 00 00 03 00 00 07 00 fd 96 30 3f d7 6a 9c 32 3d 95 d7 3c 9d 54 19 68 a4 5b da 43 b8 9e 62 ea 68 4a 0b 25 2d 4d 36 f2 9a ab 65 63 ee 62 1f 14 8e f6 83 aa 80 ff cd ed c3 4f d7 15 63 13 64 d0 01 5f a7 15 23 37 ee f1 71 b2 46 ea b5 3b d8 33 f8 20 09 08 9e 69 65 79 7b 66 bd c1 91 7a 5f f3 3a 45 a5 dd 44 47 4d 8b f5 4a c0 e6 2a 98 f7 2b ef d6 a7 c9 bc e3 6f ef cf 2d f0 41 53 81 cb 82 d8 55 ef 01 23 47 7d 30 2b 10 2c 30 42 e0 04 bb 2e 05 83 37 5b 12 70 e9 ea 5d e3 01 db a2 03 0f 10 7a 9f a3 68 f9 68 1b 58 be 08 e8 24 80 32 57 30
                                                Data Ascii: ,^k$:FDFS\S`Ro/-p~O1keO2(r(60?j2=<Th[CbhJ%-M6ecbOcd_#7qF;3 iey{fz_:EDGMJ*+o-ASU#G}0+,0B.7[p]zhhX$2W0
                                                2024-07-03 13:47:11 UTC5658INData Raw: 18 a4 a1 90 25 b7 0d eb 02 a3 38 4a a1 b1 02 33 9b 83 ee c5 08 db 97 f2 0d 98 cd 6e 7d 07 f1 65 83 99 22 99 33 66 6b 53 6c 44 0d 0a 45 62 21 fa 5f 92 7a 7d fe f1 ae 13 cb a4 7e 38 86 6f 39 57 53 4d 26 45 da d3 ef 56 e7 69 ec 11 c4 7f 85 73 28 a8 1a f4 47 61 78 70 20 94 ee fe c8 0f 17 8a e9 79 97 5d 24 b1 de dc 19 dd 7a bd 3f 57 18 a7 20 c1 dd e0 9e 93 20 50 92 89 c2 fb 0e 10 94 b1 64 55 74 14 6a 2a 46 16 51 b9 68 95 2f aa 16 65 cf be 09 1f 7c 71 a5 a5 8b d1 55 37 4b 59 35 14 44 85 b5 71 5b e0 de 52 86 e0 7f 6c 25 8f 7e c5 0b 0d 53 d6 70 90 18 8f 51 62 2a 3b ca 6d 36 51 9e 76 02 e5 a2 ca 65 c7 f6 69 44 94 b4 f2 0e 17 5f fb 95 a6 3b b0 bc d1 48 a9 54 0b ad ed 51 66 e1 ce 71 0a e3 0a 26 93 bd d4 2e 7b 8b 7b e6 8d d2 8c 73 8d 4e 9c 77 5e 4a 62 f7 c4 e9 3e b8
                                                Data Ascii: %8J3n}e"3fkSlDEb!_z}~8o9WSM&EVis(Gaxp y]$z?W PdUtj*FQh/e|qU7KY5Dq[Rl%~SpQb*;m6QveiD_;HTQfq&.{{sNw^Jb>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                106192.168.2.549842157.240.252.354432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC368OUTGET /ajax/bulk-route-definitions/ HTTP/1.1
                                                Host: www.facebook.com
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC1171INHTTP/1.1 404 Not Found
                                                Vary: Accept-Encoding
                                                Set-Cookie: fr=0n05Gv3yihyyN8BYN..BmhVZf..AAA.0.0.BmhVZf.AWVKscIayw4; expires=Tue, 01-Oct-2024 13:47:11 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=None
                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387405730665132324", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387405730665132324"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                2024-07-03 13:47:12 UTC1859INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27
                                                Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net '
                                                2024-07-03 13:47:12 UTC1662INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 61 74 74 65 72 79 3d 28 73 65 6c 66 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f
                                                Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewpo
                                                2024-07-03 13:47:12 UTC2560INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 71 75 65 73 74 5f 65 72 72 6f 72 3b 20 65 5f 66 62 5f 63 6f 6e 66 69 67 76 65 72 73 69 6f 6e 3d 22 41 63 4b 72 74 6e 4c 31 4e 45 72 4b 54 47 79 5a 50 53 4d 71 74 72 6e 70 63 4e 6c 74 4b 56 43 51 74 59 58 6d 75 4d 67 67 52 6b 42 50 6e 7a 38 5f 33 4d 7a 34 79 4e 39 63 33 36 79 51 77 77 22 3b 20 65 5f 63 6c 69 65 6e 74 61 64 64 72 3d 22 41 63 4b 4e 38 35 56 49 38 38 41 72 34 70 63 4e 5a 55 44 72 36 72 32 72 69 56 6f 47 4f 47 53 5a 6f 68 76 2d 46 58 4e 37 63 54 4a 52 78 39 5a 57 58 65 4b 39 76 39 33 79 4e 54 76 78 6d 7a 4c 33 48 51 68 73 52 37 74 75 34 58 38 4c 43 49 68 4f 62 73 64 51 5a 69 79 45 52 65 4f 41 78 61 42 70 73 46 4b 30 62 46 6f 47 79 41 44 63 69 77 30 52 38 41 22 3b 20 65 5f 66 62 5f
                                                Data Ascii: Proxy-Status: http_request_error; e_fb_configversion="AcKrtnL1NErKTGyZPSMqtrnpcNltKVCQtYXmuMggRkBPnz8_3Mz4yN9c36yQww"; e_clientaddr="AcKN85VI88Ar4pcNZUDr6r2riVoGOGSZohv-FXN7cTJRx9ZWXeK9v93yNTvxmzL3HQhsR7tu4X8LCIhObsdQZiyEReOAxaBpsFK0bFoGyADciw0R8A"; e_fb_
                                                2024-07-03 13:47:12 UTC170INData Raw: 58 2d 46 42 2d 43 6f 6e 6e 65 63 74 69 6f 6e 2d 51 75 61 6c 69 74 79 3a 20 4d 4f 44 45 52 41 54 45 3b 20 71 3d 30 2e 33 2c 20 72 74 74 3d 31 36 30 2c 20 72 74 78 3d 30 2c 20 63 3d 31 30 2c 20 6d 73 73 3d 31 33 39 32 2c 20 74 62 77 3d 33 34 30 33 2c 20 74 70 3d 2d 31 2c 20 74 70 6c 3d 2d 31 2c 20 75 70 6c 61 74 3d 31 38 35 2c 20 75 6c 6c 61 74 3d 30 0d 0a 41 6c 74 2d 53 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a
                                                Data Ascii: X-FB-Connection-Quality: MODERATE; q=0.3, rtt=160, rtx=0, c=10, mss=1392, tbw=3403, tp=-1, tpl=-1, uplat=185, ullat=0Alt-Svc: h3=":443"; ma=86400Connection: close
                                                2024-07-03 13:47:12 UTC1330INData Raw: 33 30 63 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 6a 73 22 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 6f 72 69 67 69 6e 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 20 2f 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 67 4f 50 64 46 37 70 35 22 3e 66 75 6e 63 74 69 6f 6e 20 65 6e 76 46 6c 75 73 68 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 62 5b 63 5d 3d 61
                                                Data Ascii: 30c9<!DOCTYPE html><html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8" /><meta name="referrer" content="origin-when-crossorigin" id="meta_referrer" /><script nonce="gOPdF7p5">function envFlush(a){function b(b){for(var c in a)b[c]=a
                                                2024-07-03 13:47:12 UTC1500INData Raw: 2b 78 6d 6c 22 20 68 72 65 66 3d 22 2f 6f 73 64 2e 78 6d 6c 22 20 74 69 74 6c 65 3d 22 46 61 63 65 62 6f 6f 6b 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 6d 65 64 69 61 3d 22 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 36 34 30 70 78 29 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 61 6a 61 78 2f 62 75 6c 6b 2d 72 6f 75 74 65 2d 64 65 66 69 6e 69 74 69 6f 6e 73 2f 3f 6c 6f 63 61 6c 65 32 3d 65 6e 5f 47 42 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 6d 65 64 69 61 3d 22 68 61 6e 64 68 65 6c 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 61 6a
                                                Data Ascii: +xml" href="/osd.xml" title="Facebook" /><link rel="alternate" media="only screen and (max-width: 640px)" href="https://www.facebook.com/ajax/bulk-route-definitions/?locale2=en_GB" /><link rel="alternate" media="handheld" href="https://www.facebook.com/aj
                                                2024-07-03 13:47:12 UTC1500INData Raw: 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 30 34 33 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 39 39 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 37 37 34 32 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 30 39 33 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 30 39 34 38 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 35 35 37 32 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 35 35 37 31 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68
                                                Data Ascii: ash":null},"21043":{"result":false,"hash":null},"2199":{"result":false,"hash":null},"7742":{"result":false,"hash":null},"20936":{"result":false,"hash":null},"20948":{"result":true,"hash":null},"25572":{"result":true,"hash":null},"25571":{"result":false,"h
                                                2024-07-03 13:47:12 UTC1500INData Raw: 2c 5b 22 63 72 3a 36 36 36 39 22 2c 5b 22 44 61 74 61 53 74 6f 72 65 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 44 61 74 61 53 74 6f 72 65 22 2c 6e 75 6c 6c 5d 7d 2c 2d 31 5d 2c 5b 22 53 65 72 76 65 72 4e 6f 6e 63 65 22 2c 5b 5d 2c 7b 22 53 65 72 76 65 72 4e 6f 6e 63 65 22 3a 22 30 52 51 45 6e 66 71 79 59 7a 4a 39 7a 64 49 79 51 48 44 6f 71 36 22 7d 2c 31 34 31 5d 2c 5b 22 4b 53 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 22 6b 69 6c 6c 65 64 22 3a 7b 22 5f 5f 73 65 74 22 3a 5b 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 43 52 45 41 54 45 22 2c 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 44 45 4c 45 54 45 22 2c 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 55 50 44 41 54 45 5f 4e 41 4d 45 22 2c 22 57 4f 52 4b 52 4f 4f 4d 53 5f 52 45 51 55 45 53 54
                                                Data Ascii: ,["cr:6669",["DataStore"],{"__rc":["DataStore",null]},-1],["ServerNonce",[],{"ServerNonce":"0RQEnfqyYzJ9zdIyQHDoq6"},141],["KSConfig",[],{"killed":{"__set":["POCKET_MONSTERS_CREATE","POCKET_MONSTERS_DELETE","POCKET_MONSTERS_UPDATE_NAME","WORKROOMS_REQUEST
                                                2024-07-03 13:47:12 UTC1500INData Raw: 74 22 3a 7b 22 74 22 3a 33 31 35 33 36 30 30 30 2c 22 73 22 3a 22 53 74 72 69 63 74 22 7d 2c 22 68 63 6b 64 22 3a 7b 22 73 22 3a 22 4e 6f 6e 65 22 7d 2c 22 69 5f 75 73 65 72 22 3a 7b 22 74 22 3a 33 31 35 33 36 30 30 30 2c 22 73 22 3a 22 4e 6f 6e 65 22 7d 2c 22 6c 6f 63 61 6c 65 22 3a 7b 22 74 22 3a 36 30 34 38 30 30 2c 22 73 22 3a 22 4e 6f 6e 65 22 7d 2c 22 6d 5f 6c 73 22 3a 7b 22 74 22 3a 33 34 35 36 30 30 30 30 2c 22 73 22 3a 22 4e 6f 6e 65 22 7d 2c 22 6d 5f 70 69 78 65 6c 5f 72 61 74 69 6f 22 3a 7b 22 74 22 3a 36 30 34 38 30 30 2c 22 73 22 3a 22 4e 6f 6e 65 22 7d 2c 22 6e 6f 73 63 72 69 70 74 22 3a 7b 22 73 22 3a 22 4e 6f 6e 65 22 7d 2c 22 70 72 65 73 65 6e 63 65 22 3a 7b 22 74 22 3a 32 35 39 32 30 30 30 2c 22 73 22 3a 22 4e 6f 6e 65 22 7d 2c 22 73 66
                                                Data Ascii: t":{"t":31536000,"s":"Strict"},"hckd":{"s":"None"},"i_user":{"t":31536000,"s":"None"},"locale":{"t":604800,"s":"None"},"m_ls":{"t":34560000,"s":"None"},"m_pixel_ratio":{"t":604800,"s":"None"},"noscript":{"s":"None"},"presence":{"t":2592000,"s":"None"},"sf
                                                2024-07-03 13:47:12 UTC1500INData Raw: 62 22 3a 22 74 72 75 6e 6b 22 2c 22 5f 5f 73 70 69 6e 5f 74 22 3a 31 37 32 30 30 31 34 34 33 31 2c 22 76 69 70 22 3a 22 31 35 37 2e 32 34 30 2e 32 35 32 2e 33 35 22 7d 2c 33 31 37 5d 2c 5b 22 53 70 72 69 6e 6b 6c 65 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 22 70 61 72 61 6d 5f 6e 61 6d 65 22 3a 22 6a 61 7a 6f 65 73 74 22 2c 22 76 65 72 73 69 6f 6e 22 3a 32 2c 22 73 68 6f 75 6c 64 5f 72 61 6e 64 6f 6d 69 7a 65 22 3a 66 61 6c 73 65 7d 2c 32 31 31 31 5d 2c 5b 22 55 73 65 72 41 67 65 6e 74 44 61 74 61 22 2c 5b 5d 2c 7b 22 62 72 6f 77 73 65 72 41 72 63 68 69 74 65 63 74 75 72 65 22 3a 22 36 34 22 2c 22 62 72 6f 77 73 65 72 46 75 6c 6c 56 65 72 73 69 6f 6e 22 3a 22 31 31 37 2e 30 2e 30 2e 30 22 2c 22 62 72 6f 77 73 65 72 4d 69 6e 6f 72 56 65 72 73 69 6f 6e 22 3a 30
                                                Data Ascii: b":"trunk","__spin_t":1720014431,"vip":"157.240.252.35"},317],["SprinkleConfig",[],{"param_name":"jazoest","version":2,"should_randomize":false},2111],["UserAgentData",[],{"browserArchitecture":"64","browserFullVersion":"117.0.0.0","browserMinorVersion":0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                107192.168.2.549852157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC924OUTGET /v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=824&byteend=963 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC589INHTTP/1.1 200 OK
                                                Last-Modified: Wed, 12 Jun 2024 22:03:05 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 1772760883
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:11 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 140
                                                2024-07-03 13:47:11 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:11 UTC139INData Raw: 00 00 8c 73 69 64 78 00 00 00 00 00 00 00 01 00 00 ac 44 00 00 00 00 00 00 00 00 00 00 00 09 00 00 45 de 00 01 5c 3e 90 00 00 00 00 00 3f 23 00 01 58 00 90 00 00 00 00 00 3f 8f 00 01 58 00 90 00 00 00 00 00 3f cd 00 01 58 00 90 00 00 00 00 00 3f c0 00 01 58 00 90 00 00 00 00 00 3f 89 00 01 58 00 90 00 00 00 00 00 3f 4f 00 01 58 00 90 00 00 00 00 00 40 ee 00 01 60 00 90 00 00 00 00 00 0c 07 00 00 40 00 90 00 00 00
                                                Data Ascii: sidxDE\>?#X?X?X?X?X?OX@`@


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                108192.168.2.549854157.240.24.134432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC831OUTGET /v/t15.5256-10/449787338_1668205580611896_7394166591359421737_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=BUim_norTLQQ7kNvgEK7JpK&_nc_ht=scontent-hou1-1.xx&oh=00_AYDjf2G2a0j2jV1UdQewqITyeaa1J826aL0FRlEI43_NPw&oe=668B281B HTTP/1.1
                                                Host: scontent-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC553INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 13:17:59 GMT
                                                X-Needle-Checksum: 1443259912
                                                Content-Type: image/jpeg
                                                content-digest: adler32=2021012266
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: max-age=1209600, no-transform
                                                Accept-Ranges: bytes
                                                Date: Wed, 03 Jul 2024 13:47:11 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 85137
                                                2024-07-03 13:47:11 UTC1INData Raw: ff
                                                Data Ascii:
                                                2024-07-03 13:47:11 UTC1500INData Raw: d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ed 00 84 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 68 1c 02 28 00 62 46 42 4d 44 30 61 30 30 30 61 37 31 30 31 30 30 30 30 35 37 32 32 30 30 30 30 34 38 35 37 30 30 30 30 65 37 35 64 30 30 30 30 33 31 36 37 30 30 30 30 61 33 38 65 30 30 30 30 33 33 63 64 30 30 30 30 37 30 64 33 30 30 30 30 34 35 64 63 30 30 30 30 35 64 65 36 30 30 30 30 39 31 34 63 30 31 30 30 00 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28
                                                Data Ascii: JFIFPhotoshop 3.08BIMh(bFBMD0a000a710100005722000048570000e75d000031670000a38e000033cd000070d3000045dc00005de60000914c0100C%# , #&')*)-0-(0%()(C(((((((((((((((
                                                2024-07-03 13:47:11 UTC16332INData Raw: d0 7a 3f 07 93 55 7b 77 07 89 7b 53 f8 32 58 5f 67 e0 c0 50 7a f7 07 8f ea f6 bc 1e 2f ae dd 70 78 f8 fe d1 c1 e2 57 9e a3 c1 e3 fe 8d 75 c1 0f 84 fb e7 07 8f ef 74 7c 1e 33 1f b5 70 79 b5 f6 af 83 cb eb fd 83 83 c7 64 f5 ee 0f 25 37 d3 78 32 b8 ef 5b e0 ef 1e f6 1e 0f 2b 03 d8 f8 33 35 fb 6e 0f 37 a1 f6 6e 0f 14 5f 6a e0 c8 e1 fd 9b 83 cb 04 f5 ee 0f 14 f5 f3 38 3c 7f d8 3b 83 bc 97 d6 bc 97 0f 47 3a 9d cb 15 73 64 4e dc 43 1b d1 9e 5f 4b 98 d1 7a 5c d7 0a 38 f3 be c3 63 8a bd f2 f7 b8 ef 9f fd 13 5e 2d e7 78 b4 61 ed bc dc 78 6c bb c5 2c 43 d6 bb cf 2b c3 d4 fb ce 2b c3 d5 fb cc ac 43 79 de 0f e8 c1 b2 ee f3 10 f4 ee f3 4f 4b 0e ec 25 88 6a bb c8 a3 0f 61 ef 26 d1 06 df bc 53 62 1b ae f0 0d f8 7a 07 77 8c 07 b3 f6 1b ca 03 e9 0e f3 c4 0f 44 ef 14 be 0f
                                                Data Ascii: z?U{w{S2X_gPz/pxWut|3pyd%7x2[+35n7n_j8<;G:sdNC_Kz\8c^-xaxl,C++CyOK%ja&SbzwD
                                                2024-07-03 13:47:11 UTC16384INData Raw: 5f 86 3d 12 8e 1d 3b 3a 1c 26 c2 6c 2d ab 96 88 3a 70 c2 ee e1 da 9b 0b a3 ad 89 87 6b c8 26 46 21 84 13 32 67 67 e1 11 ed 6e 6b 7f e2 ba 3b a1 07 41 ee 3e e6 2e 9b a2 0f 83 13 ba 32 c3 5d 1c 8d 63 c1 0f b2 74 5e bc af 7e 0c a7 14 fc 70 ce 87 a2 82 3d ea 58 5c 51 65 96 1d 13 3b 26 77 5d cf c3 0b d9 0b ac ad cb 19 58 44 c9 9d c5 05 97 41 28 92 cf fe 29 1b 21 8c 48 cb 77 50 2c 8a 1f 88 fb cc ff 00 76 46 df 5e 26 fb cd c1 d1 27 6c 33 93 2d cd c3 af a3 0b f9 21 cb 38 ac 2c 26 14 cc 83 a2 69 1b 6b f5 91 a3 53 8f 42 15 ec b2 fc 31 c1 b8 7b 2c e5 17 1f 64 d3 93 37 e4 cf aa d8 ed 9d bd 93 65 94 5b 9c c7 d8 8b 0a 6c f3 41 9d c2 b0 66 66 67 58 5b 19 6c 15 86 4f eb 74 eb f8 95 bb 99 61 7b 21 eb c1 cb a5 7e d3 91 f7 39 0f 69 74 7f 75 b0 53 c6 b0 eb 6b ac 3a ea b0 b1
                                                Data Ascii: _=;:&l-:pk&F!2ggnk;A>.2]ct^~p=X\Qe;&w]XDA()!HwP,vF^&'l3-!8,&ikSB1{,d7e[lAffgX[lOta{!~9ituSk:
                                                2024-07-03 13:47:11 UTC16384INData Raw: 57 57 31 85 92 16 cc ed 1f 66 07 52 38 20 82 a7 b0 e1 9f 4b 31 b2 aa 8b 15 30 89 2a a1 48 d1 53 d9 4e 65 16 16 cd 02 a5 ab ae 64 ed c2 da ba 56 e1 6d 65 65 0e a2 8b 49 50 fb 19 08 8c d1 65 db 1b e3 9b 88 58 d9 81 ce 1a 89 39 72 b3 0f f0 23 2b 68 84 ed 9c 93 82 f0 58 ac 4d 98 7b 1c d5 2c ad b4 39 98 66 d7 d9 67 6d 02 9e eb 1b c1 03 61 3c 75 d8 a9 6a 29 6d 14 8b 55 42 c1 61 66 3e d3 cf 38 d8 2c 1e d1 4c cd 31 ed b2 6e 78 b0 58 79 1f 62 c3 55 21 6c fd e3 ed 15 cc a6 60 cd 3e c5 3d 5e 2b 1c da 0b 36 96 3e c1 4c ce 5a 99 7b 1c b3 68 16 0b 77 55 57 85 de 2d ab 76 96 33 5a 34 42 f3 8c 96 25 4f 72 9b 0c d4 ac 9e b6 9a e9 fb 06 05 49 54 85 8a ba 09 9a a8 2a 8d 53 a0 0b bc 52 9a 9d e2 a8 ab a8 94 f0 b2 f3 55 5f 5e 05 1d 2b 24 7f c0 b7 2a b8 2c 54 a7 64 c0 9a 9b 5a
                                                Data Ascii: WW1fR8 K10*HSNedVmeeIPeX9r#+hXM{,9fgma<uj)mUBaf>8,L1nxXybU!l`>=^+6>LZ{hwUW-v3Z4B%OrIT*SRU_^+$*,TdZ
                                                2024-07-03 13:47:11 UTC14935INData Raw: 9f 30 dc a0 20 af 51 41 98 33 22 dd 4d 23 c8 8d 7b ba 94 b4 f7 26 5d 87 85 84 5d 1a ed 1a 89 98 d2 3b 35 55 98 48 2e f3 b9 41 1c 54 43 b0 46 b8 ab f6 99 c5 44 54 8b 4d b2 fc 99 35 2e 5b d0 f4 a2 19 08 6b 99 46 e5 58 da 63 11 8b 35 ea 3a 1b 9a 9f 0c 06 99 93 09 31 08 6b 98 54 b5 70 53 81 9c 31 45 48 5b cc a5 ca 91 0c 3e 58 3e 10 05 ed 6a 09 dd 7c cd fd 67 68 e9 85 12 99 84 c9 8e 6d 4b 71 a8 01 51 39 3b c6 0c 89 f1 1a cb e2 97 68 5b cc 0d 3d ac a7 e7 d5 7d 59 33 04 f2 c2 55 99 0a 91 89 67 59 f0 81 97 8f 11 41 89 89 33 9a 80 5b 0c d9 ee 61 ec f7 88 2d 2c 80 1c 18 e6 4f 74 32 34 a9 88 b9 9d 5c 30 64 bd 3a d3 82 10 39 25 d3 4a 83 83 82 28 34 78 21 d8 51 2e 7b 9f 43 d0 e9 8f 95 88 a5 6d f6 94 33 4c 70 17 89 99 71 9d e5 cd fa 4c 43 31 57 59 28 5e 11 60 10 ed 2f
                                                Data Ascii: 0 QA3"M#{&]];5UH.ATCFDTM5.[kFXc5:1kTpS1EH[>X>j|ghmKqQ9;h[=}Y3UgYA3[a-,Ot24\0d:9%J(4x!Q.{Cm3LpqLC1WY(^`/
                                                2024-07-03 13:47:11 UTC1500INData Raw: 94 3c fb cb 32 e6 9f b9 70 63 b0 15 51 da a5 26 d8 03 6a 9f 62 0b 77 22 54 c1 b9 bf 58 c0 42 be 9d d4 ce 18 fe e8 83 c8 4b c6 58 33 75 fa 4b f0 2d 8c e6 1f a0 f1 a8 12 95 71 ab 2f 1d c6 c9 17 4c 33 3b 55 a8 40 34 71 99 b2 ec df 68 d1 38 b5 d2 12 07 aa ac a9 a1 5a e6 78 75 af a9 71 4d 15 e2 ea f3 2a 47 56 cc 4d fe 8e 7b fc 83 82 13 48 ff 00 e2 a3 b2 5d 70 00 fb b9 89 3e 18 e1 9f 40 43 b2 36 03 47 b4 1e 8e a2 e7 d4 3d 14 5d ac 15 f0 31 5a 1a ed b4 ff 00 31 30 b8 5f 6c 1f e0 83 84 75 14 b4 b6 b3 ae 63 29 4a 07 c2 35 d2 4f d4 cb 54 d3 3f 99 84 44 a3 f3 0e 07 00 23 d2 38 10 50 29 50 8b cf 02 3e 18 29 cd fe 16 20 72 54 90 98 56 c3 2d 05 df a3 43 d1 0e 30 d9 34 9f 9d 1b 4d a8 ab a8 2c 1e 4f ee 20 11 b6 ee 53 59 ac a6 66 75 12 ca 73 18 25 2e 1e 12 1c 44 74 6d 44
                                                Data Ascii: <2pcQ&jbw"TXBKX3uK-q/L3;U@4qh8ZxuqM*GVM{H]p>@C6G=]1Z10_luc)J5OT?D#8P)P>) rTV-C04M,O SYfus%.DtmD
                                                2024-07-03 13:47:12 UTC16384INData Raw: 33 0d 4a f4 57 b8 4c 92 93 63 4d 3e 62 e9 e1 4f b3 2d e2 a9 7d 4b ba d8 97 d9 4a d7 84 a8 8c 2d 6f ab ff 00 91 31 eb 05 a8 bd 1a fe 60 23 9a 2f 9b 88 39 b7 0e 7b 83 01 5e 4b cc 1e 3c e3 c4 6c d0 e0 af 72 3b 52 bb 3e 65 4a c6 32 37 a9 98 f9 9b b0 d0 f2 fd 91 29 d4 19 23 cc 55 71 d4 c3 dc db c3 de 18 94 d1 5b 62 92 36 42 ae 31 ac 52 fa 1f 69 84 b3 cd 7f a8 59 60 ea af fd 44 5c d5 fb 21 08 93 6b fe e9 bc 43 b1 fd cd 95 a3 c2 fe e0 9a 06 26 4d fb 41 48 d2 d3 79 a5 ac 10 c3 30 fa aa b8 b7 98 9b 84 a0 15 97 0b 2f 3e 85 85 c4 a8 34 44 df fd 07 50 bc 2d 6b ed 99 ab f9 65 b4 b8 94 bf 22 11 c8 85 1f b8 ba 56 21 ac 5a 8f 6d 44 a9 1b 09 57 8c c5 71 d4 56 30 1f 76 8f 43 bf c4 b0 3a c4 5f 49 79 da ea bf bf 43 d4 07 89 70 89 88 a3 00 56 2a 11 bb 8b 7d 38 4f 0b 59 88 4b
                                                Data Ascii: 3JWLcM>bO-}KJ-o1`#/9{^K<lr;R>eJ27)#Uq[b6B1RiY`D\!kC&MAHy0/>4DP-ke"V!ZmDWqV0vC:_IyCpV*}8OYK
                                                2024-07-03 13:47:12 UTC1717INData Raw: e1 8d 56 a2 d7 72 f9 82 d0 ac 2d 52 d2 f5 0c b3 40 d5 e0 9a 0b ab 31 b8 a0 76 31 9e 48 9a 35 55 f8 85 80 e4 02 aa 1d a6 ce e3 b9 a5 a0 99 6b 9e 25 2a bb cf ee 16 81 30 4c 1d 38 d5 dc 22 2d 63 2a 33 11 71 04 3d c2 19 18 20 43 9f b4 0e 71 5e 38 a8 81 8d 59 66 21 e6 39 b9 68 02 8b b4 82 2f ea e2 21 52 36 8d 4a c9 a7 03 9f b8 bb 05 da f1 dc bc 41 b8 bd 4c e1 64 72 52 45 21 ba 32 0d 22 14 d8 17 b8 95 d2 cc 62 39 af 85 0f e6 36 4d bd 46 cb cd fa 90 5d 60 8e 09 0c 12 8a a5 a1 28 96 ad e6 54 63 22 0d 0c 45 75 0a 68 80 a6 37 d7 99 b4 13 03 d0 c9 03 b4 e0 06 51 8a 19 ac d4 10 70 1c 44 3a 82 ba 89 b8 c6 eb 86 35 fa 62 3f 1b ec e4 fc 40 7d 63 13 cc 64 6e 0a 7a 46 15 91 98 1e 65 c9 36 8e 73 03 48 2f c1 28 96 9b 6a 3a 6c ea dd 43 82 a6 78 31 5d 05 90 85 54 19 96 f7 0e
                                                Data Ascii: Vr-R@1v1H5Uk%*0L8"-c*3q= Cq^8Yf!9h/!R6JALdrRE!2"b96MF]`(Tc"Euh7QpD:5b?@}cdnzFe6sH/(j:lCx1]T


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                109192.168.2.549855157.240.24.134432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC830OUTGET /v/t15.5256-10/438220461_424871197194934_3396704185190857494_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=rYamK1Zi3UYQ7kNvgF_kTN7&_nc_ht=scontent-hou1-1.xx&oh=00_AYBC-JiaCx3bZCMFQ1PaIuHFgTdKR9QvXqhvkBZ_t8j1EA&oe=668B1B74 HTTP/1.1
                                                Host: scontent-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC552INHTTP/1.1 200 OK
                                                Last-Modified: Wed, 26 Jun 2024 02:10:59 GMT
                                                X-Needle-Checksum: 764804187
                                                Content-Type: image/jpeg
                                                content-digest: adler32=2554059394
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: max-age=1209600, no-transform
                                                Accept-Ranges: bytes
                                                Date: Wed, 03 Jul 2024 13:47:11 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 42758
                                                2024-07-03 13:47:11 UTC1INData Raw: ff
                                                Data Ascii:
                                                2024-07-03 13:47:11 UTC15145INData Raw: d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ed 00 84 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 68 1c 02 28 00 62 46 42 4d 44 30 61 30 30 30 61 36 66 30 31 30 30 30 30 36 39 31 36 30 30 30 30 36 62 33 36 30 30 30 30 62 39 33 37 30 30 30 30 64 37 33 38 30 30 30 30 62 39 35 30 30 30 30 30 39 36 36 65 30 30 30 30 63 35 37 34 30 30 30 30 66 32 37 36 30 30 30 30 30 35 37 39 30 30 30 30 30 36 61 37 30 30 30 30 00 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28
                                                Data Ascii: JFIFPhotoshop 3.08BIMh(bFBMD0a000a6f010000691600006b360000b9370000d7380000b9500000966e0000c5740000f27600000579000006a70000C%# , #&')*)-0-(0%()(C(((((((((((((((
                                                2024-07-03 13:47:11 UTC16384INData Raw: 60 ff 00 68 6d 31 d9 39 44 e8 1d 4a 94 1f 1f cb 6d 3d 54 96 5b 41 ab c0 c0 a8 f5 e6 b2 7e 0a 43 69 da 93 f1 57 c3 b5 43 a2 f8 4b 76 27 aa b3 26 78 69 9b cc 50 50 f9 06 8b 3a b3 ce dd e6 00 a3 32 62 18 14 7f c2 b3 91 80 ea 9a 59 6b 17 68 85 a6 59 5a ef f2 d1 03 9f b9 82 04 52 88 98 72 af 25 1a 9f ca a5 f3 68 b2 a9 3f fc d4 be 65 64 56 62 32 4c 74 36 b6 dc a2 8e 79 a6 6b 8b 4e 87 8f c9 b8 84 60 af cd ad df e1 7f be f1 55 33 60 9b 56 fa f3 45 92 5a 9a 5a 73 53 c5 21 aa ff 00 89 59 dc ed d4 d7 30 8b b4 4f a1 a8 c5 38 35 f7 1e 4e 04 af fe 5b 68 a5 32 3c 3a ff 00 4d 15 9b 2a e1 54 e2 72 a2 b4 39 bb 88 78 e8 92 51 98 c9 7c 43 ad 4e 6d 4e 0a 16 da 1d 79 f5 18 e8 99 33 c4 a7 21 e6 51 dd e8 87 c2 da 43 5b d1 33 5f 68 6b ae e4 ac cd 39 85 0f 94 29 bf 95 65 fe 13 e5
                                                Data Ascii: `hm19DJm=T[A~CiWCKv'&xiPP:2bYkhYZRr%h?edVb2Lt6ykN`U3`VEZZsS!Y0O85N[h2<:M*Tr9xQ|CNmNy3!QC[3_hk9)e
                                                2024-07-03 13:47:11 UTC11228INData Raw: 00 31 69 d5 53 08 35 8f b4 1b b9 68 e6 15 c7 03 80 c1 32 59 50 92 a1 e1 2e 6a c8 18 a2 e9 b3 64 33 28 7c e9 9a cc 21 ef a3 13 d8 96 54 4a 5b ee a9 b2 34 f4 63 63 d0 54 a2 2a 26 73 d8 7b ca 5a 81 2c bd f9 65 1e b4 1d 58 ad 6e 22 16 84 03 65 43 fe 05 b0 f7 6e f1 5f b5 54 0e 17 98 bb 80 a1 30 69 2a e8 56 fd d0 c0 c4 7c fb 1a d1 63 8a 87 18 a2 6a 0d 63 3c 91 5f bb fc 21 bf 81 88 90 67 3e 53 be 7d 8a 7c cf 67 4c 93 f1 72 f8 0a 79 9b 0c fb 46 cc f0 f8 1c 7d 58 45 98 19 f6 8f 56 89 ce 5f 88 c0 0a 66 05 31 17 71 a7 0b 5a f0 ce 08 07 13 75 d6 33 97 ae 4a c3 0a 97 60 a6 40 62 9f bc 06 b8 af da 1d bf 89 08 11 c1 fe 3a 0d da 4f e9 0b ab e0 43 40 dd c5 cb 94 ff 00 08 5a 81 85 a1 45 5c 11 63 d4 69 da 50 ac 91 48 1d 10 31 07 88 d1 cd 91 41 02 a2 f3 dd fe 4c e7 90 ac 8a
                                                Data Ascii: 1iS5h2YP.jd3(|!TJ[4ccT*&s{Z,eXn"eCn_T0i*V|cjc<_!g>S}|gLryF}XEV_f1qZu3J`@b:OC@ZE\ciPH1AL


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                110192.168.2.549858157.240.24.134432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC829OUTGET /v/t15.5256-10/446046520_970955458109515_333034421707538801_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=RS0G25oWr9QQ7kNvgGxHCeo&_nc_ht=scontent-hou1-1.xx&oh=00_AYC-vaZU89WpZdj_BjufXnH3BeZBz93wiAZj1m38xs565g&oe=668B136D HTTP/1.1
                                                Host: scontent-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC551INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 07:58:11 GMT
                                                X-Needle-Checksum: 64081107
                                                Content-Type: image/jpeg
                                                content-digest: adler32=1938718717
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: max-age=1209600, no-transform
                                                Accept-Ranges: bytes
                                                Date: Wed, 03 Jul 2024 13:47:11 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 58084
                                                2024-07-03 13:47:11 UTC1INData Raw: ff
                                                Data Ascii:
                                                2024-07-03 13:47:11 UTC15116INData Raw: d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ed 00 84 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 68 1c 02 28 00 62 46 42 4d 44 30 61 30 30 30 61 36 66 30 31 30 30 30 30 65 39 31 61 30 30 30 30 62 34 33 64 30 30 30 30 34 66 34 30 30 30 30 30 32 62 34 33 30 30 30 30 33 38 36 31 30 30 30 30 36 64 38 63 30 30 30 30 61 31 39 32 30 30 30 30 34 32 39 37 30 30 30 30 63 61 39 62 30 30 30 30 65 34 65 32 30 30 30 30 00 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28
                                                Data Ascii: JFIFPhotoshop 3.08BIMh(bFBMD0a000a6f010000e91a0000b43d00004f4000002b430000386100006d8c0000a192000042970000ca9b0000e4e20000C%# , #&')*)-0-(0%()(C(((((((((((((((
                                                2024-07-03 13:47:11 UTC16384INData Raw: 50 c5 93 0c 78 00 20 10 e8 1d 23 d6 b2 8c b4 e4 a8 54 6f c2 a3 39 a6 ea da 4f b6 df 2a 68 dc d5 0a 89 35 04 d1 92 c6 e0 63 73 93 93 d3 93 ca 71 44 ef 1b 86 fc a2 56 56 56 77 15 14 af 85 fe 5a 84 62 7b 55 46 72 d1 85 10 ef 03 13 46 10 1d 3f d0 e9 1e ae 4f a5 6e ae 11 0e 03 c9 6f 39 a3 ea da 4f b6 de 7b bd bb 82 88 a8 8a 62 6a 85 98 18 dc 53 93 93 d3 ca 79 4e 3d 03 a3 2b 2b 3d 45 54 4e e8 9f 41 51 51 53 25 c2 1e 1a 0a 99 85 c6 16 e0 04 3a 87 43 57 f6 77 48 c4 e6 15 40 31 49 d5 b4 7f 6d b9 fe d6 30 a6 c6 57 08 a1 12 64 78 51 61 34 85 4c dc a6 35 63 71 4e 4f 29 e5 48 53 8a 3b c2 1b f2 b2 b2 b2 b2 b3 bc aa 89 74 b7 49 79 b5 c4 61 96 a9 af 9e 68 69 da 10 0e 09 8c 90 a1 1c 8b 84 f5 c1 7a e0 bd 36 17 a2 c7 a2 c9 51 12 af d4 5e 65 a9 71 1b 91 20 3b b2 8f 74 14 1f
                                                Data Ascii: Px #To9O*h5csqDVVVwZb{UFrF?Ono9O{bjSyN=++=ETNAQQS%:CWwH@1Im0WdxQa4L5cqNO)HS;tIyahiz6Q^eq ;t
                                                2024-07-03 13:47:11 UTC16384INData Raw: 0a 8f 23 fb fe 99 e1 92 0e ed 40 17 a0 51 15 83 74 da 1c 33 3e 21 a5 ed 28 f3 4c 7d 6c b6 96 3a 99 66 6e 12 30 a6 1a 6d 19 40 ac f8 65 a6 ab 61 37 af f2 5e c4 8d 5d dc f6 83 54 b1 c8 60 42 b0 60 d0 fc a6 ad ae 07 2e f3 3c 67 79 95 3b 20 df 78 c7 99 8e 96 d0 5e fb c1 a5 19 94 b9 1b d0 8e 17 5d 68 69 ef 2b 5b 6f da 05 6b 58 d6 46 04 2a 30 d0 ff 00 31 d2 e9 2d 22 ee e3 25 87 09 9a d8 05 dc 58 2b 35 c5 be 92 76 a3 71 29 02 2a a0 38 e9 ec b7 bc 30 bc b0 cb 94 98 84 0b 98 3a 3b df 40 36 0c 4a a3 10 18 25 90 ef b0 0f bb e8 5e 85 d4 0c d8 d6 66 6c 98 97 a9 a2 b4 e2 51 ec 83 32 86 a0 a2 57 8e 0b de 26 f2 e6 84 5d 82 52 ad d2 5c 48 9a 59 ac 30 2a 1a d1 cb 00 8b a8 9e 38 96 60 d0 e4 d7 f9 36 58 a8 bf b4 03 59 b0 77 f3 2e 54 39 4f 31 a5 3b 77 99 64 ab 56 49 a8 77 81
                                                Data Ascii: #@Qt3>!(L}l:fn0m@ea7^]T`B`.<gy; x^]hi+[okXF*01-"%X+5vq)*80:;@6J%^flQ2W&]R\HY0*8`6XYw.T9O1;wdVIw
                                                2024-07-03 13:47:12 UTC10199INData Raw: f8 90 10 fa 4b 4b 55 af 98 8a 54 62 d7 70 26 d4 7a 80 77 aa 50 c3 94 2f dc 00 02 a8 12 b6 36 59 29 80 12 fe 20 11 a6 f7 50 36 27 bd 77 2a d1 08 6d 00 f3 05 90 73 78 88 16 b3 77 de 08 26 09 63 78 86 a9 19 50 79 86 a6 a7 6a d7 10 b2 cb 3c c3 70 1a cb 95 84 90 6d 0e eb 37 c5 c5 59 bb 95 ac 01 b9 89 da a9 84 8a bc 2f 1d e5 71 e4 1f 74 0b 31 47 13 48 43 a5 e7 ea 18 a7 42 3b c4 1c 90 56 44 4b 99 93 98 27 35 15 d2 b3 da 7b cf 79 ed 29 3d 62 7b c7 ce 57 bc 6f 2f da 65 9f 81 01 0f a4 ad 03 71 3e 9c 42 62 f3 b3 05 c0 61 f2 46 31 56 6b b4 2d be 31 15 c7 2f f4 40 92 38 a4 87 cc 30 29 37 dc cd ff 00 88 e3 d0 6b 1e e0 33 0b 4b 7c 63 1d f3 28 35 37 4e a5 cc 83 e2 16 19 ef cc 4f 03 45 83 bf 89 54 f6 66 9e e0 37 ed 00 3f 69 d9 e2 37 a0 fb 16 4a 5a 8f 25 d2 51 dd 91 24 c3
                                                Data Ascii: KKUTbp&zwP/6Y) P6'w*msxw&cxPyj<pm7Y/qt1GHCB;VDK'5{y)=b{Wo/eq>BbaF1Vk-1/@80)7k3K|c(57NOETf7?i7JZ%Q$


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                111192.168.2.54984731.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC689OUTGET /v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=0&byteend=825 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC277INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 15:40:18 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 90417318
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                2024-07-03 13:47:11 UTC2915INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 73 70 6f 6e 73 65 5f 6f 6b 3b 20 65 5f 70 72 6f 78 79 3d 22 41 63 49 2d 73 55 37 41 4f 68 56 6e 6d 67 31 61 33 68 73 2d 78 79 56 39 6a 4a 57 6c 62 65 6f 36 54 78 4a 4a 39 47 5f 42 6d 71 76 77 66 6d 31 7a 4e 68 5a 6e 52 34 36 59 49 78 69 30 61 65 4e 4d 71 63 44 73 73 78 54 41 69 70 35 62 46 68 5a 48 61 72 34 22 3b 20 65 5f 66 62 5f 62 69 6e 61 72 79 76 65 72 73 69 6f 6e 3d 22 41 63 49 31 65 73 76 33 50 32 69 55 35 30 71 54 5f 34 30 5f 50 39 38 75 70 50 49 30 6d 61 42 65 75 4f 71 63 75 69 68 67 46 34 45 46 5a 4d 48 6c 6d 5a 4c 76 43 6b 33 44 6c 46 6b 47 6a 78 53 2d 7a 61 75 43 35 61 6c 33 4c 76 70 32 53 53 6c 58 43 55 30 66 5a 6b 5f 59 66 61 48 53 52 34 4b 33 5f 7a 38 22 3b 20 65 5f 66 62 5f 68
                                                Data Ascii: Proxy-Status: http_response_ok; e_proxy="AcI-sU7AOhVnmg1a3hs-xyV9jJWlbeo6TxJJ9G_Bmqvwfm1zNhZnR46YIxi0aeNMqcDssxTAip5bFhZHar4"; e_fb_binaryversion="AcI1esv3P2iU50qT_40_P98upPI0maBeuOqcuihgF4EFZMHlmZLvCk3DlFkGjxS-zauC5al3Lvp2SSlXCU0fZk_YfaHSR4K3_z8"; e_fb_h
                                                2024-07-03 13:47:11 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:11 UTC825INData Raw: 00 00 28 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 61 76 30 31 63 6d 66 63 00 00 03 12 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 a8 7e 62 e2 a8 7e 62 00 00 3c 00 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61
                                                Data Ascii: (ftypmp41iso8isommp41dashav01cmfcmoovlmvhd~b~b<@meta hdlrID32`ID32ID3HPRIV>https://github.com/sha


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                112192.168.2.549837157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC696OUTGET /v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=0&byteend=825 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC680INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=0&byteend=825
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:11 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                113192.168.2.549850157.240.252.354432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC685OUTGET /ajax/bz?__a=1&__aaid=0&__ccg=GOOD&__comet_req=15&__hs=19907.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7387405675209508329&__req=8&__rev=1014647652&__s=hnigsi%3Awf9jed%3Aqcwyo5&__spin_b=trunk&__spin_r=1014647652&__spin_t=1720014418&__user=0&dpr=1&jazoest=2985&lsd=AVqIzvvP8QI&ph=C3 HTTP/1.1
                                                Host: www.facebook.com
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                Cookie: fr=0hu7hFfQ2JeKOfcN7..BmhVZe..AAA.0.0.BmhVZe.AWWM1Pe9py0
                                                2024-07-03 13:47:12 UTC948INHTTP/1.1 200 OK
                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown&brsid=7387405731206354453", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown&brsid=7387405731206354453"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                2024-07-03 13:47:12 UTC1859INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27
                                                Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net '
                                                2024-07-03 13:47:12 UTC1824INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 61 74 74 65 72 79 3d 28 73 65 6c 66 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f
                                                Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewpo


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                114192.168.2.549849142.250.186.464432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:11 UTC1092OUTPOST /log?hasfast=true&authuser=0&format=json HTTP/1.1
                                                Host: play.google.com
                                                Connection: keep-alive
                                                Content-Length: 642
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-arch: "x86"
                                                sec-ch-ua-full-version: "117.0.5938.132"
                                                Content-Type: text/plain;charset=UTF-8
                                                sec-ch-ua-platform-version: "10.0.0"
                                                sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                sec-ch-ua-bitness: "64"
                                                sec-ch-ua-model: ""
                                                sec-ch-ua-wow64: ?0
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://accounts.google.com
                                                X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                Sec-Fetch-Site: same-site
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://accounts.google.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:11 UTC642OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 2d 55 53 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 33 2c 31 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 30 30 31 34 34 32 38 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75
                                                Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en-US",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[3,1,0,0,0]]],558,[["1720014428000",null,null,nu
                                                2024-07-03 13:47:12 UTC925INHTTP/1.1 200 OK
                                                Access-Control-Allow-Origin: https://accounts.google.com
                                                Cross-Origin-Resource-Policy: cross-origin
                                                Access-Control-Allow-Credentials: true
                                                Access-Control-Allow-Headers: X-Playlog-Web
                                                Set-Cookie: NID=515=L88xvZKaI7iRGzfqXxrxATkRu97BOaaTnBIb9aShnOTMIkniu0k2h2Qlobgks0pT_gYtiNnf_AxzKwA9o2CgeojffejKEvr1NVLI3td5gu2JHLVVvqm0iLCp-JIUbkXKhGis3vEY_hlpzc0dtGNZvr7B9TlifjFpm_gqZlu65Sg; expires=Thu, 02-Jan-2025 13:47:11 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                Content-Type: text/plain; charset=UTF-8
                                                Date: Wed, 03 Jul 2024 13:47:11 GMT
                                                Server: Playlog
                                                Cache-Control: private
                                                X-XSS-Protection: 0
                                                X-Frame-Options: SAMEORIGIN
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Accept-Ranges: none
                                                Vary: Accept-Encoding
                                                Expires: Wed, 03 Jul 2024 13:47:11 GMT
                                                Connection: close
                                                Transfer-Encoding: chunked
                                                2024-07-03 13:47:12 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                2024-07-03 13:47:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                115192.168.2.54984331.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC707OUTGET /v/t39.25447-2/449465471_440850985581863_5155597547120900898_n.mp4?_nc_cat=110&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjo4MjY5OTY3OTI4OTg1MDh9&_nc_ohc=DnfXP9cBdX8Q7kNvgFwHbsK&_nc_ht=video-hou1-1.xx&oh=00_AYDeGuFic0j-K3vTOP0TX06A-vRpnesZJT0wl_ZhjExPoQ&oe=668B3AB7&bytestart=952&byteend=18888 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC553INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 09:01:20 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 1747466157
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 17937
                                                2024-07-03 13:47:12 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:12 UTC1500INData Raw: 00 01 34 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 01 1c 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 08 00 00 00 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 00 cc 74 72 75 6e 00 00 02 01 00 00 00 2e 00 00 01 3c 00 00 01 73 00 00 01 74 00 00 01 73 00 00 02 50 00 00 01 f8 00 00 01 b2 00 00 01 df 00 00 01 c4 00 00 01 d4 00 00 01 53 00 00 01 87 00 00 01 a3 00 00 01 9c 00 00 01 87 00 00 01 6c 00 00 01 42 00 00 01 40 00 00 01 55 00 00 01 69 00 00 01 9a 00 00 01 96 00 00 01 42 00 00 01 4d 00 00 01 55 00 00 01 51 00 00 01 6c 00 00 01 8e 00 00 01 5b 00 00 01 7a 00 00 01 5d 00 00 01 7c 00 00 01 62 00 00 01 75 00 00 01 7f 00 00 01 76 00 00 01 70 00 00 01 75 00 00 01 6a 00 00 01 6e 00 00 01 74
                                                Data Ascii: 4moofmfhdtraftfhd*tfdttrun.<stsPSlB@UiBMUQl[z]|buvpujnt
                                                2024-07-03 13:47:12 UTC15380INData Raw: 3a 9e 28 76 fa 1a 5c 93 3f 23 4e 91 e8 67 18 96 09 80 90 26 78 de 04 46 88 3e 15 dd c3 12 4c 77 42 be 37 7d c7 6d b8 d2 4b f0 0e 4f a4 56 31 ad a9 0d 9c 7e 02 ec f9 c9 6f c0 10 88 13 39 7e b5 45 1d ff c8 94 ed d2 6c 95 59 87 93 eb 63 66 e4 f4 b3 1b 77 6c 86 d2 ad 78 ad 25 4a 55 d9 7d 26 60 bd fd 5a 6d bd a3 e1 f1 57 de 3a 46 f4 9d b4 9e 73 a4 24 ae 8f 9a e5 93 fe e6 83 71 78 5b 29 2c 7a ba f7 86 b0 1e c1 a9 4b be e2 25 b7 6c 79 1b fa 07 7e 87 8e e8 c4 2c 10 19 da 01 99 38 57 a1 25 c1 4c 49 77 e3 f0 ff 67 bb 95 52 7c 34 01 0c 47 55 ce 14 02 20 09 95 2e 3e b9 d1 16 60 9e 26 27 e5 c9 86 90 fd dc 9d 6c 81 e1 e3 7a a3 ce 8e c3 57 ca 9b 25 87 7e f4 1d 63 ed 0d ae 14 0e 49 64 89 15 23 ca 81 b3 7e 6e 26 68 1b f5 83 a3 45 9d 40 6b 7c 1c c8 37 85 0c 33 8f e1 e2 70
                                                Data Ascii: :(v\?#Ng&xF>LwB7}mKOV1~o9~ElYcfwlx%JU}&`ZmW:Fs$qx[),zK%ly~,8W%LIwgR|4GU .>`&'lzW%~cId#~n&hE@k|73p
                                                2024-07-03 13:47:12 UTC1056INData Raw: d3 6c b6 18 eb 13 10 0d 89 af 86 94 9f 2a 61 d4 fe 23 85 a5 ab 7a 91 0b ca c0 18 f2 7c c7 02 d7 2c 6b 00 4e 15 8c e3 cf fc f7 e5 9b 2b 39 9b c2 c0 05 46 ae 99 28 00 7b 85 4d 79 89 d5 d4 f8 fa 1a 88 c6 73 c1 57 72 ca d9 35 6e fe 67 26 e7 38 dc eb 7a 37 1c ee 64 ac f8 48 2f 37 17 6a c9 11 2e 8f 64 85 d2 69 a5 45 df 2a 6b df e1 bd eb a0 4d 05 fe 42 c4 2a e7 88 10 63 e6 f6 de 53 d4 aa bd dc 1c 7e 35 f3 63 0c bb 80 31 0d ce b9 df 7b 51 c7 79 73 86 e3 2c 22 9d af 49 da 12 16 8a ee 52 89 01 02 20 45 56 e0 01 14 42 16 7b 50 3b a5 08 52 70 57 15 a9 45 8d c4 92 86 c4 3c 07 ba 7b 18 48 00 5a d3 18 e1 8c 65 f7 fd ff b5 c0 a0 24 ae 9e 0c 0c 6b 2e 02 b5 ac 18 67 d8 ae ea 6f 09 cb f3 ab 5f 7b bb 82 70 00 54 31 03 0d ce c0 11 8a f6 6c 00 19 7f 10 08 80 fc 3d dd e3 49 c3
                                                Data Ascii: l*a#z|,kN+9F({MysWr5ng&8z7dH/7j.diE*kMB*cS~5c1{Qys,"IR EVB{P;RpWE<{HZe$k.go_{pT1l=I


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                116192.168.2.549859157.240.24.134432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC830OUTGET /v/t15.5256-10/449712644_816422753527500_4620893420354803502_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=w3LX7afKrBsQ7kNvgEQ5S8s&_nc_ht=scontent-hou1-1.xx&oh=00_AYDgVlUrnI3YVIhnU4Rtviyi17Z7BWHmT7t4HLp7HtBchg&oe=668B44F5 HTTP/1.1
                                                Host: scontent-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC553INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 14:25:46 GMT
                                                X-Needle-Checksum: 1532211297
                                                Content-Type: image/jpeg
                                                content-digest: adler32=3467554255
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: max-age=1209600, no-transform
                                                Accept-Ranges: bytes
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 57986
                                                2024-07-03 13:47:12 UTC1INData Raw: ff
                                                Data Ascii:
                                                2024-07-03 13:47:12 UTC15141INData Raw: d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ed 00 84 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 68 1c 02 28 00 62 46 42 4d 44 30 61 30 30 30 61 37 30 30 31 30 30 30 30 39 31 31 37 30 30 30 30 64 34 33 38 30 30 30 30 31 37 33 62 30 30 30 30 36 63 33 64 30 30 30 30 37 37 35 39 30 30 30 30 63 63 38 38 30 30 30 30 66 62 38 65 30 30 30 30 34 65 39 32 30 30 30 30 63 63 39 35 30 30 30 30 38 32 65 32 30 30 30 30 00 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28
                                                Data Ascii: JFIFPhotoshop 3.08BIMh(bFBMD0a000a7001000091170000d4380000173b00006c3d000077590000cc880000fb8e00004e920000cc95000082e20000C%# , #&')*)-0-(0%()(C(((((((((((((((
                                                2024-07-03 13:47:12 UTC16384INData Raw: ec 4c bd d5 c2 f3 5c 11 f2 cf d4 38 34 4b 62 ce f2 b2 f8 e8 a2 b8 17 62 c4 35 96 98 e2 8d 06 92 b3 45 f3 be 14 51 42 f0 5e ca e7 6f 89 76 57 05 14 36 97 35 96 2d f1 ec a2 8a c9 15 9d 88 c4 5e 44 bd 68 f6 6a 14 8b c9 16 5e 4c 44 97 35 66 f7 2e c7 9d 9a 8b 35 1a 8d 46 a1 be 5a ca f3 7b 50 d9 79 5e d6 5f a0 c4 3d cb b1 f0 3d 96 59 65 97 e8 ae c9 6f b2 f8 74 a3 4a 34 23 42 1c 37 a5 66 93 41 a5 9a 58 a2 fd 39 cc 8b 91 fb 1b f0 2c d6 c8 64 f1 19 19 bf 52 f5 f6 55 9f 54 68 45 78 a1 46 b7 45 78 18 e3 f6 5b 21 2d 22 92 65 96 8f 07 83 c6 ca 28 d2 69 65 32 b6 43 ca 19 62 de 90 90 d1 a4 9e 18 a4 d3 23 5b 96 4f 75 96 cd 4c d4 2f 05 e5 0e b3 ad 91 5b 67 14 fb 14 7d 5c 2d 94 69 34 ee 97 42 db 26 2c 37 d9 52 fa 44 96 98 d8 9d f2 61 72 4f a1 6d 9b f2 60 bd 51 bc b1 64 9a
                                                Data Ascii: L\84Kbb5EQB^ovW65-^Dhj^LD5f.5FZ{Py^_==YeotJ4#B7fAX9,dRUThExFEx[!-"e(ie2Cb#[OuL/[g}\-i4B&,7RDarOm`Qd
                                                2024-07-03 13:47:12 UTC16384INData Raw: 75 9c 8d 1a 74 32 b2 1e 59 98 00 7d e5 fb 0e 35 1d 0d 03 ba 88 85 dd 1d 32 ab 91 f6 cc 62 a0 3e 4c a3 5b 6a 50 a1 8e a0 62 5f cc c0 b2 28 54 5a d2 66 dd 81 0b 70 22 4a 96 49 c2 f4 d2 64 e5 05 e1 2a 2c 3c 5e 8d 70 0c 91 23 a9 72 4e 49 97 a3 73 37 7a 01 7e df 4b c1 69 f4 5c f3 34 c2 e8 47 40 ff 00 92 ce 0f 79 97 2b d2 b5 31 ad c6 92 50 6c 1d e2 09 28 ad c4 0f 26 94 dc b0 6f 51 09 89 98 af 89 71 40 ee 27 b1 e7 70 d5 00 25 35 0d b8 04 99 0b 89 04 4b 0b 88 bf 7e 89 ab bc b5 85 4c bf 75 99 66 ca 5f 24 4d 97 ee 4c a0 f3 32 02 5f 50 68 be e4 8b 6e ef a8 00 a4 7d 27 0d fd ca ed ac f2 42 81 21 c8 d4 1f da 6d 2c 32 94 18 cf 98 2c 17 16 e9 67 06 68 4f 4e 21 b9 f9 31 62 28 33 48 29 98 af 0c 81 04 b4 98 69 51 97 a3 28 25 1a c3 6f a0 3c a3 98 37 3d 05 cf c8 f5 b7 62 66
                                                Data Ascii: ut2Y}52b>L[jPb_(TZfp"JId*,<^p#rNIs7z~Ki\4G@y+1Pl(&oQq@'p%5K~Luf_$ML2_Phn}'B!m,2,ghON!1b(3H)iQ(%o<7=bf
                                                2024-07-03 13:47:12 UTC10076INData Raw: 3b 3c 4a 63 b5 5f 12 c5 ad 38 62 91 47 38 88 09 4e e0 43 5b 5a af 98 b5 05 dc 54 2a f0 9a 8d d9 c6 aa 88 68 31 7b 20 34 3a c7 69 7d 89 43 75 34 1a f8 ab fb c1 dc bf 30 29 a7 58 a2 51 42 a5 a7 06 f3 8a 24 0a 74 8e 9e e2 d5 5d 64 8d 6c 15 cc 62 ab d5 9f 78 6d 27 ff 00 33 05 2f c0 be 3d 41 50 cb c5 5c ba 2a f2 0a 94 e9 b3 a1 57 da 1a 12 1d ba 98 d5 c5 b1 11 db 1c c3 07 d7 f5 e2 57 68 80 02 5d e5 60 34 00 b0 28 95 0a b1 bd 20 63 63 69 8d 9c 4b c0 e6 0d 3f d8 38 8c cf 6f cc 00 65 48 9e 0c fe d0 d1 73 aa 4b 9b 79 9d 7c dc c8 3a 82 b3 a9 51 b4 f5 1a 99 96 58 04 b2 62 e2 27 91 72 86 1c d6 72 4a 80 d9 1e 4d 3a 85 76 0b 6b 2f 32 d3 d9 7e df a7 04 3c 2e 01 0b 63 48 18 66 82 21 e7 92 39 42 dc 72 c7 85 0b d0 9f f8 1d 51 9a c0 36 8f e6 7f 38 86 43 50 d1 25 a4 5b 98 54
                                                Data Ascii: ;<Jc_8bG8NC[ZT*h1{ 4:i}Cu40)XQB$t]dlbxm'3/=AP\*WWh]`4( cciK?8oeHsKy|:QXb'rrJM:vk/2~<.cHf!9BrQ68CP%[T


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                117192.168.2.549864157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC926OUTGET /v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=964&byteend=18849 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC591INHTTP/1.1 200 OK
                                                Last-Modified: Wed, 12 Jun 2024 22:03:05 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 1772760883
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 17886
                                                2024-07-03 13:47:12 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:12 UTC1500INData Raw: 00 01 34 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 01 1c 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 08 00 00 00 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 00 cc 74 72 75 6e 00 00 02 01 00 00 00 2e 00 00 01 3c 00 00 01 73 00 00 01 8e 00 00 01 f0 00 00 01 fa 00 00 01 ce 00 00 01 ce 00 00 01 b5 00 00 01 f6 00 00 01 8d 00 00 01 8d 00 00 01 80 00 00 01 8a 00 00 01 89 00 00 01 74 00 00 01 8c 00 00 01 6d 00 00 01 47 00 00 01 8e 00 00 01 56 00 00 01 5d 00 00 01 6b 00 00 01 57 00 00 01 5a 00 00 01 55 00 00 01 5a 00 00 01 70 00 00 01 5d 00 00 01 a6 00 00 01 48 00 00 01 3b 00 00 01 48 00 00 01 49 00 00 01 52 00 00 01 58 00 00 01 62 00 00 01 71 00 00 01 78 00 00 01 65 00 00 01 76 00 00 01 d5
                                                Data Ascii: 4moofmfhdtraftfhd*tfdttrun.<stmGV]kWZUZp]H;HIRXbqxev
                                                2024-07-03 13:47:12 UTC15368INData Raw: 74 17 8f 48 0b ec 50 65 c9 f8 e3 b7 c2 e9 91 87 64 94 56 a3 ed a4 e7 74 13 4f e1 56 71 37 70 ac 2d 7e c3 ce 99 0c 81 45 3a 65 ae eb d2 a9 d2 fa be 91 84 40 00 f5 82 45 f1 5e d1 12 4c 4e c0 98 0d da 02 10 56 50 00 00 00 00 00 00 01 22 58 1c 21 1b 54 35 9a ad 61 a1 c0 98 48 26 22 0d 80 46 f8 b2 ef 31 71 62 f2 e9 2c 20 a5 86 6b b2 ff 30 6b 09 fc 95 30 c9 34 fd f5 a4 24 6c b3 6d 31 54 83 ef fc 9f 57 60 de fe f2 1e 2d 33 75 58 b6 69 8d 55 43 58 2d ad 4c 8d 66 82 94 45 1b 84 34 fd 68 a7 83 c6 69 47 ae 64 0e 99 1e 66 7c da 6c ba 03 1c a5 6c e3 32 a9 9e d9 33 c1 f5 f9 1d 1e 3a 16 a4 c7 00 f8 a0 85 f8 57 e8 f1 6c 4a 58 32 85 22 25 81 a5 22 3a 0e 30 a6 36 6b 6b 8d b1 14 f5 f7 4d 06 4d 69 07 71 be 8d d4 21 3c 67 82 19 df cf 86 59 10 4d 29 37 46 d9 8d c8 02 24 17 7c
                                                Data Ascii: tHPedVtOVq7p-~E:e@E^LNVP"X!T5aH&"F1qb, k0k04$lm1TW`-3uXiUCX-LfE4hiGdf|ll23:WlJX2"%":06kkMMiq!<gYM)7F$|
                                                2024-07-03 13:47:12 UTC1017INData Raw: b5 00 18 9f c5 01 45 1a 06 33 8c bc 16 1a 68 e3 80 03 22 22 26 89 cd 9b a9 67 15 81 80 06 8e 8f 0f 9f 87 f0 dc dc e4 c2 f2 c2 32 db fc 7f b0 eb 61 4b 0b 9b 01 a9 e0 78 ee 85 23 b5 8c 61 04 29 16 b6 b0 b0 05 e7 66 1a 98 63 9e 7d 5f fe fc b1 4f 26 ff b4 79 9f 27 22 9a 05 00 00 01 09 37 b3 e6 24 f2 cf cd f7 2f e5 78 b7 28 59 50 17 99 8d da a6 67 5a 14 e3 f1 fa 3f 8a 7c fb ae 42 30 09 00 44 17 21 77 9e 7e 73 e5 bd c7 10 28 13 6d bd 07 03 a7 e2 88 85 2f 3d 7e 3f 2b c8 78 38 cb 21 84 63 40 00 32 0c f3 cf 4f a8 ea 7a 1d 13 0d f9 b2 8a b9 05 02 d1 13 29 00 8e df c0 06 36 0f 00 1b 50 ba 7c 0c f1 35 28 80 26 10 08 84 0c 80 0b 3d c0 c0 5c 02 ad 49 bd 40 06 9e 89 59 74 60 00 c6 40 16 c7 af d1 da 01 1e c4 09 21 cd 01 a6 07 e7 22 00 c9 52 40 00 02 ba fe 37 3e 5d 37 f1
                                                Data Ascii: E3h""&g2aKx#a)fc}_O&y'"7$/x(YPgZ?|B0D!w~s(m/=~?+x8!c@2Oz)6P|5(&=\I@Yt`@!"R@7>]7


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                118192.168.2.549863157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC717OUTGET /v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=0&byteend=823 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC701INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=0&byteend=823
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                119192.168.2.549851157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC904OUTGET /v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=0&byteend=825 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC589INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 21:08:27 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 1432437444
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 826
                                                2024-07-03 13:47:12 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:12 UTC825INData Raw: 00 00 28 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 61 76 30 31 63 6d 66 63 00 00 03 12 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 aa 1c cb e2 aa 1c cb 00 00 32 00 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61
                                                Data Ascii: (ftypmp41iso8isommp41dashav01cmfcmoovlmvhd2@meta hdlrID32`ID32ID3HPRIV>https://github.com/sha


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                120192.168.2.54986631.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC691OUTGET /v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=826&byteend=881 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC277INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 15:40:18 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 90417318
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                2024-07-03 13:47:12 UTC2913INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 73 70 6f 6e 73 65 5f 6f 6b 3b 20 65 5f 70 72 6f 78 79 3d 22 41 63 49 2d 73 55 37 41 4f 68 56 6e 6d 67 31 61 33 68 73 2d 78 79 56 39 6a 4a 57 6c 62 65 6f 36 54 78 4a 4a 39 47 5f 42 6d 71 76 77 66 6d 31 7a 4e 68 5a 6e 52 34 36 59 49 78 69 30 61 65 4e 4d 71 63 44 73 73 78 54 41 69 70 35 62 46 68 5a 48 61 72 34 22 3b 20 65 5f 66 62 5f 62 69 6e 61 72 79 76 65 72 73 69 6f 6e 3d 22 41 63 49 31 65 73 76 33 50 32 69 55 35 30 71 54 5f 34 30 5f 50 39 38 75 70 50 49 30 6d 61 42 65 75 4f 71 63 75 69 68 67 46 34 45 46 5a 4d 48 6c 6d 5a 4c 76 43 6b 33 44 6c 46 6b 47 6a 78 53 2d 7a 61 75 43 35 61 6c 33 4c 76 70 32 53 53 6c 58 43 55 30 66 5a 6b 5f 59 66 61 48 53 52 34 4b 33 5f 7a 38 22 3b 20 65 5f 66 62 5f 68
                                                Data Ascii: Proxy-Status: http_response_ok; e_proxy="AcI-sU7AOhVnmg1a3hs-xyV9jJWlbeo6TxJJ9G_Bmqvwfm1zNhZnR46YIxi0aeNMqcDssxTAip5bFhZHar4"; e_fb_binaryversion="AcI1esv3P2iU50qT_40_P98upPI0maBeuOqcuihgF4EFZMHlmZLvCk3DlFkGjxS-zauC5al3Lvp2SSlXCU0fZk_YfaHSR4K3_z8"; e_fb_h
                                                2024-07-03 13:47:12 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:12 UTC55INData Raw: 00 00 38 73 69 64 78 00 00 00 00 00 00 00 01 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 a4 8b 00 01 2c 00 10 00 00 00 00 00 ba 64 00 01 1a 00 10 00 00 00
                                                Data Ascii: 8sidx<,d


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                121192.168.2.54987131.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC709OUTGET /v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=0&byteend=823 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC551INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 15:27:32 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 3780638177
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 824
                                                2024-07-03 13:47:12 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:12 UTC823INData Raw: 00 00 24 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 63 6d 66 63 00 00 03 14 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 a8 7b 64 e2 a8 7b 64 00 00 ac 44 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61 6b 61 2d 70
                                                Data Ascii: $ftypmp41iso8isommp41dashcmfcmoovlmvhd{d{dD@meta hdlrID32`ID32ID3HPRIV>https://github.com/shaka-p


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                122192.168.2.549868157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC906OUTGET /v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=826&byteend=917 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC588INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 21:08:27 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 1432437444
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 92
                                                2024-07-03 13:47:12 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:12 UTC91INData Raw: 00 00 5c 73 69 64 78 00 00 00 00 00 00 00 01 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 05 00 01 d1 99 00 00 fa 00 10 00 00 00 00 00 61 7e 00 00 fa 00 10 00 00 00 00 00 56 32 00 00 fa 00 10 00 00 00 00 00 61 60 00 00 fa 00 10 00 00 00 00 00 50 01 00 00 d6 00 10 00 00 00
                                                Data Ascii: \sidx2a~V2a`P


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                123192.168.2.549867157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC719OUTGET /v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=824&byteend=939 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC703INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=824&byteend=939
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                124192.168.2.549872157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC909OUTGET /v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=918&byteend=120110 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC592INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 21:08:27 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 1432437444
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 119193
                                                2024-07-03 13:47:12 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:12 UTC1500INData Raw: 00 02 58 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 02 40 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 02 00 00 01 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 02 0c 74 72 75 6e 00 00 02 05 00 00 00 7d 00 00 02 60 00 00 00 00 00 00 1c 02 00 00 4b 53 00 00 00 03 00 00 05 59 00 00 00 03 00 00 08 ed 00 00 00 03 00 00 01 fc 00 00 00 03 00 00 0f 74 00 00 00 03 00 00 02 41 00 00 00 03 00 00 06 39 00 00 00 03 00 00 01 fa 00 00 00 03 00 00 26 ad 00 00 00 03 00 00 02 00 00 00 00 03 00 00 06 14 00 00 00 03 00 00 01 e4 00 00 00 03 00 00 0c e4 00 00 00 03 00 00 01 f8 00 00 00 03 00 00 05 84 00 00 00 03 00 00 01 b3 00 00 00 03 00 00 27 91 00 00 00 03 00 00 01 e6 00 00 00 03 00 00 07 04 00 00 00 03
                                                Data Ascii: Xmoofmfhd@traftfhd*tfdttrun}`KSYtA9&'
                                                2024-07-03 13:47:12 UTC15414INData Raw: d2 f4 e7 58 7a ba 3f 30 58 af 1c a1 40 ae fc 99 73 36 b2 d9 4f a1 27 a8 88 91 76 b1 aa 5e 3b 29 98 ae c6 40 c5 78 b7 b4 0b 0b 81 f8 fc f6 bb 10 42 5b 3f 17 16 36 2c 5c 91 59 be 16 ac d4 70 59 f0 b8 05 86 ff cc 79 90 7f 32 54 5e 44 ae 10 10 87 89 28 a1 63 42 27 12 84 20 c7 9b aa 1f 16 e6 0c 89 25 ce 54 83 4f 43 df 6b 9a 1d 02 6e 3c ca b3 56 6f 8f 6f 91 fa 62 ec 58 a5 72 8d f2 49 a1 a6 8c a1 17 50 7f be 14 ae 58 1e b5 2d 42 a5 4c 11 2a d3 f0 48 f2 b4 47 e6 db a6 d2 48 48 aa f7 1e 8d bf 10 43 2d a1 15 fd 8f bf 57 d4 e5 e8 a2 04 0b 2a 8b 53 da 16 81 41 e0 fb 9c 80 02 e2 31 d6 40 49 e6 6c 73 15 f6 4d 2b fc 39 90 3c e1 b5 92 fc b2 bb 06 f9 d6 8a 12 43 5a 17 40 60 14 01 de 5b 30 38 e8 de 22 24 98 4b 99 7e af a8 fc 66 f9 89 cd 0e 9c ee 47 f9 80 d5 94 a3 f3 eb 1b
                                                Data Ascii: Xz?0X@s6O'v^;)@xB[?6,\YpYy2T^D(cB' %TOCkn<VoobXrIPX-BL*HGHHC-W*SA1@IlsM+9<CZ@`[08"$K~fG
                                                2024-07-03 13:47:12 UTC16384INData Raw: 40 ef d8 d5 c8 88 b5 25 62 a9 93 38 c5 f5 43 e8 9d 35 7d 26 74 96 03 fc c3 0a 4b d2 29 d1 dd 53 10 76 e2 02 c5 fd 5a 97 4f b3 88 93 56 b1 52 89 15 cf e7 3b 1c 65 f9 66 3b 76 67 94 31 41 ab 2a 73 bd fc f8 48 be 82 05 07 bd 10 84 19 47 c2 86 33 70 67 a4 53 66 10 df 61 92 17 7c c8 75 f9 3b 03 0b f0 b4 ec e9 94 74 75 b1 94 7f 8e 68 ff 72 04 49 15 f4 5e 01 83 09 14 e1 24 42 4e 64 8f 33 7b 77 4d 88 46 26 86 e3 60 f9 91 b3 6f 81 c5 60 df ee 53 78 46 33 b3 08 44 a0 35 20 13 b5 1b 98 41 33 2e 7f dc 75 75 ba 17 1a f9 03 b9 d1 47 8d e0 bf a4 b1 19 cf 83 be 72 71 78 b6 bb 75 66 b2 f5 b0 be 0a 44 0d 64 36 79 a1 8b 6f cc 09 bd 13 ee 29 41 0c ec fe c1 f6 77 6a ee bd d7 c7 22 67 91 ae c0 97 78 9c 70 cf f2 a3 74 12 a4 6c aa 6e 29 e2 94 3f 4c fc 20 71 ab d3 e7 38 06 65 5e
                                                Data Ascii: @%b8C5}&tK)SvZOVR;ef;vg1A*sHG3pgSfa|u;tuhrI^$BNd3{wMF&`o`SxF3D5 A3.uuGrqxufDd6yo)Awj"gxptln)?L q8e^
                                                2024-07-03 13:47:12 UTC16384INData Raw: a2 8d ae cb 52 9e 06 5d a3 8e 9a 80 ee 7b d8 47 af fd 4e 85 4a 87 fe 0d 4b 61 a6 0c 62 26 55 d2 fc 69 41 5a 52 58 2a 56 97 d3 5d 18 93 7b af 25 d3 71 7b 04 ae 1f 76 f3 23 8e f2 fc 70 fa 61 93 e0 28 47 f0 90 23 3d cf 51 3b 55 e1 c1 f1 f9 0f ba cc f6 7c 59 95 15 27 42 0d 08 10 c8 3d c8 98 35 33 c2 59 d3 11 e1 dd b3 09 e0 32 f6 09 28 0a 28 07 93 a2 9d 3a d2 92 83 ae 9f 60 33 ef 00 70 00 75 48 d9 38 ab b7 14 b6 8d 13 13 08 55 9c c9 68 26 e0 11 da 12 fd f5 07 e8 63 31 aa ed c2 66 e0 8d 7f 0e 34 6a 52 9e 6e bd b4 3e f3 79 d2 f7 32 ef 90 79 a2 9a 13 f7 b7 33 27 79 e9 51 ac 78 87 c2 c4 c6 60 20 42 cd bf cc 47 1b c8 b6 d8 a7 78 09 51 58 dd de 60 94 48 57 13 d8 d9 37 1b 50 59 18 e7 c5 68 59 5d a7 b8 7a 14 6d 1c 5a eb 14 42 93 98 96 eb dd db ad cd 1c be f0 5e 56 80
                                                Data Ascii: R]{GNJKab&UiAZRX*V]{%q{v#pa(G#=Q;U|Y'B=53Y2((:`3puH8Uh&c1f4jRn>y2y3'yQx` BGxQX`HW7PYhY]zmZB^V
                                                2024-07-03 13:47:12 UTC14935INData Raw: 56 c4 02 4e 88 20 7a 3e 55 12 32 fd f2 c1 2b 49 4c c1 e3 aa ba 9d 5a 12 a9 ba 68 82 a7 97 29 b0 e5 d5 b7 2b 78 e7 90 91 2d 1e ca 42 75 2e 91 63 e1 58 db e6 e3 50 ad 42 88 78 c7 fe e3 12 68 09 b0 dd 76 70 fc 47 bb 31 bb 02 21 cb 0e f9 50 e7 ef de 04 3f d7 11 a4 9c af 6f 6e 3c f8 5c 06 a4 aa 44 3f 98 f7 4c c0 bf 89 04 36 4c ab 70 41 84 14 92 fe 35 4d f1 da 94 ee 0d db b8 96 5d e9 52 b9 b5 28 ee 64 45 eb 29 02 4a 45 7b 46 82 c1 36 b4 14 ef 33 5c e1 99 7c db 4f c5 b6 74 2e f1 74 0d 40 6c e9 f7 7f f2 a2 33 e8 60 1a 01 e8 32 e1 03 30 2e a0 1a fd 0c 3a 7a 22 e2 c6 59 36 b8 67 de 00 e0 00 5f 9c 3d 3a be 74 29 21 c6 a9 35 af e8 0e f3 2c 5d 39 6c d8 1b cd 66 7e 66 c6 25 01 9e 58 4e c1 7f 3c a0 d4 74 0b 09 ae 04 56 45 eb ea 50 f8 6f 11 0b 56 ff 08 24 c0 47 65 f3 ce
                                                Data Ascii: VN z>U2+ILZh)+x-Bu.cXPBxhvpG1!P?on<\D?L6LpA5M]R(dE)JE{F63\|Ot.t@l3`20.:z"Y6g_=:t)!5,]9lf~f%XN<tVEPoV$Ge
                                                2024-07-03 13:47:12 UTC1500INData Raw: 61 f2 ac 40 7c 40 f0 ca 05 3b 3a de a6 3f ba ed 0e 7f 31 0e 79 2d 6a fc b5 f2 59 a6 1a a3 56 e8 df f7 a9 da 84 db 12 57 e1 3e 29 c7 60 29 37 9a 79 23 e3 74 96 32 e8 07 28 22 28 03 a1 ae 9d 3b d2 12 03 5d 5a 5c 33 e0 00 70 00 7d 8e 1f 86 c6 14 a5 6f 12 d0 cb ac 2b 7d 33 c3 13 dc 91 a7 1a cc c3 ca 7c 6b 0f 5d 37 0c 2f 13 42 4d bc 22 4e a0 c9 07 13 36 46 ac 88 74 8a dd dd 7d e3 98 68 41 8a 70 a2 f5 6e a3 34 16 4d 01 a8 00 56 26 e6 4c e3 21 97 d5 e1 77 be 9a 57 f3 62 4c 7e 36 7e 93 98 5f 50 42 03 38 73 ba 24 4e f8 77 3d 7b e7 36 46 a8 6b 48 01 e7 79 0d 6b 3a f3 20 a7 17 83 92 8c e0 13 0d 98 fe 36 c9 01 23 27 19 4f 9c 50 bb 87 11 66 a5 b8 0a e8 27 a7 9a 76 cf d1 ed 40 f0 90 4e bc f1 10 1a 25 13 fb 59 81 4e 66 30 d6 29 89 f5 00 1b 9f 80 a7 79 db 94 8e bc 5b 85
                                                Data Ascii: a@|@;:?1y-jYVW>)`)7y#t2("(;]Z\3p}o+}3|k]7/BM"N6Ft}hApn4MV&L!wWbL~6~_PB8s$Nw={6FkHyk: 6#'OPf'v@N%YNf0)y[
                                                2024-07-03 13:47:12 UTC16333INData Raw: 26 96 16 a0 5b eb 38 cf eb 49 3e 46 16 f9 fa 02 fe a0 1a 01 e8 32 e3 03 30 46 a0 18 fd 5d 3a 7a 22 e2 c4 30 b4 b8 67 cf 00 e0 00 59 e5 49 f1 39 6d 45 2a 9f b0 17 31 dc bd c8 4d 3f 3f 32 dc 23 5d d8 ef ed 6a e9 73 51 cd 86 5e cc b0 12 8a ee f5 de 60 ee 3d 97 27 50 81 0e d4 fa 31 a6 bd 76 3c 88 88 4a 22 fd b4 cf f2 26 29 5b eb 92 c3 e1 65 ee b0 8d 59 d3 08 b6 ff 61 d7 87 ea 41 f3 f4 53 ca 80 c1 58 0b c2 e6 a0 cb 53 94 06 f1 29 24 94 4e f1 05 f5 b5 ab ab ed 6a d0 cb 6b bf 59 66 e9 60 1a 62 54 b1 17 46 f1 d6 47 73 81 69 f9 cc d7 d0 cb 56 57 b4 20 62 06 d1 f6 c5 9a e3 03 8a 3d 1d 4d f0 1f c4 e4 97 f0 33 77 f5 8c 98 73 86 89 b9 0f ab 70 fe 30 2e b7 75 9c a3 92 e5 ef 5e 3b 45 ea 49 22 55 6f 5b b7 49 dc aa 4a 79 c3 c6 22 b8 73 2b c4 19 4b f0 08 b3 7d 86 b4 e0 e5
                                                Data Ascii: &[8I>F20F]:z"0gYI9mE*1M??2#]jsQ^`='P1v<J"&)[eYaASXS)$NjkYf`bTFGsiVW b=M3wsp0.u^;EI"Uo[IJy"s+K}
                                                2024-07-03 13:47:12 UTC16384INData Raw: 65 eb 39 e8 32 9c 84 f8 7b 28 60 3a 2d 3d 8e 7c 34 7f fd 78 43 c0 50 13 b2 f9 1e 88 fa d2 b3 8d 49 f0 8a 34 6c e2 ff ed 1d 07 85 bf dc a2 60 93 f6 7c f9 f7 24 98 99 55 b0 9b e8 09 50 1b 72 49 2f 70 89 55 39 f3 92 2e a1 55 d6 b8 b4 a5 15 0d 40 d1 59 99 a4 0d a4 7e 5a 88 87 71 74 20 6b 3c de ac 19 0a 8e ad ce 97 73 22 9f 56 ff 0b a4 7b 06 fc cc 6e 8e c7 d5 15 4c 9a 4f 7d bf ba f1 b2 3d 8f b8 93 2a 0c 84 07 7b e8 35 d5 9a 3a 88 e8 a9 b6 64 08 75 e1 67 b8 81 0c 9e 53 de 5f 54 4d 01 bf ee 25 68 08 d8 fb 37 87 4f 07 d1 a8 56 11 da 3e 03 9e 7e 90 b2 17 ed b2 f8 ff 65 48 52 62 15 10 00 3a 8c 81 2a 03 19 6d f8 0a ed 23 aa 55 4f d2 4b eb e1 ee a9 5f 11 60 7d 04 a8 7d 72 14 f9 ac 94 9c 15 55 6c ac f4 4f eb 41 9f cb da fc f9 93 ae e8 c9 a5 f2 c4 0d 0b 82 c8 2e c5 90
                                                Data Ascii: e92{(`:-=|4xCPI4l`|$UPrI/pU9.U@Y~Zqt k<s"V{nLO}=*{5:dugS_TM%h7OV>~eHRb:*m#UOK_`}}rUlOA.
                                                2024-07-03 13:47:12 UTC16384INData Raw: 2d a8 79 e6 42 a9 2c be 82 f5 4d c3 1c 19 67 a2 9f 65 eb a8 50 dc 72 09 6b 14 d0 ac 79 f1 a2 db 63 a4 01 19 4e da 5a 16 1c d4 0c ee 66 77 9a ee 02 40 b6 1d 0d 8e a3 50 a7 59 99 7c 07 f4 b8 69 b0 5e ae 20 3a ae 1d 21 21 f9 35 59 08 b0 f0 b4 e2 87 84 6e 95 1e 14 57 89 1d 32 de 78 23 13 b0 a0 2d d9 14 a3 3c ca c6 ac 4a 5b 7c 8b 91 8c e9 ca 0e 16 7b 9b c8 e8 e2 ed 6f 41 17 f7 16 2c 4d d7 3b dd 9a 2e 2a 65 15 e2 69 fe d7 ed 48 83 25 48 c7 a2 b8 4e 32 be 73 a3 65 e9 8d 2a f1 eb d2 28 71 ac 73 ec c7 b9 67 5c 5d 85 95 0c ad 7f c6 03 31 9b 7e 0e 43 11 9d 0e 1a 2d 23 df 46 ab 16 7a 95 3b da 15 3a bf de 3f b7 c3 25 ad 46 93 27 86 89 29 7b 1a 05 dd d7 2d 7c cc e7 65 e8 e1 ba ab 30 2d 61 19 14 65 01 37 a6 5b 10 06 3c f5 ac 85 41 b8 87 e0 96 bf cd 0d 9d c6 21 23 50 80
                                                Data Ascii: -yB,MgePrkycNZfw@PY|i^ :!!5YnW2x#-<J[|{oA,M;.*eiH%HN2se*(qsg\]1~C-#Fz;:?%F'){-|e0-ae7[<A!#P


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                125192.168.2.549874157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC701OUTGET /v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=894&byteend=366721 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC685INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=894&byteend=366721
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                126192.168.2.549876157.240.24.134432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC830OUTGET /v/t15.5256-10/442015974_912843267314068_1743771999496193037_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=zkb3Mq01jDsQ7kNvgHbfuPm&_nc_ht=scontent-hou1-1.xx&oh=00_AYDi1cWU_CyeTN-LK4i01f38fd_u6Dcvx_s3QT3qCalc1g&oe=668B155D HTTP/1.1
                                                Host: scontent-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC553INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 00:57:24 GMT
                                                X-Needle-Checksum: 2775589077
                                                Content-Type: image/jpeg
                                                content-digest: adler32=3354964584
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: max-age=1209600, no-transform
                                                Accept-Ranges: bytes
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 90611
                                                2024-07-03 13:47:12 UTC1INData Raw: ff
                                                Data Ascii:
                                                2024-07-03 13:47:12 UTC1500INData Raw: d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ed 00 84 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 68 1c 02 28 00 62 46 42 4d 44 30 61 30 30 30 61 36 66 30 31 30 30 30 30 31 66 31 65 30 30 30 30 31 63 35 33 30 30 30 30 32 32 35 36 30 30 30 30 34 31 35 39 30 30 30 30 62 31 37 66 30 30 30 30 65 39 63 66 30 30 30 30 31 63 64 36 30 30 30 30 36 35 64 62 30 30 30 30 65 33 65 30 30 30 30 30 66 33 36 31 30 31 30 30 00 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28
                                                Data Ascii: JFIFPhotoshop 3.08BIMh(bFBMD0a000a6f0100001f1e00001c5300002256000041590000b17f0000e9cf00001cd6000065db0000e3e00000f3610100C%# , #&')*)-0-(0%()(C(((((((((((((((
                                                2024-07-03 13:47:12 UTC16332INData Raw: 3d d5 94 95 05 c1 9c 61 18 69 3b 9e 91 6c 73 59 b9 a0 9b 13 5a 67 09 74 19 3c db 5d 38 e8 66 d6 9a cd e9 40 96 3e 5e a6 76 aa 25 d6 ce b6 c6 c1 7c 1e e1 1a 91 bc bc aa 0d 58 bf 81 f7 3e 03 79 2d 41 6e 98 33 d8 f5 0e b3 89 33 c1 75 06 4e 45 3a 9f 90 4c 50 a2 22 19 6b 9c 02 ec cd 06 ec 52 29 48 a8 48 5c 95 0c 0c 81 81 2b c3 26 50 63 e2 1f 55 2d 5a 0d ca b6 0c b3 1c 22 c7 1c b8 36 53 9a 25 2f 12 0d 99 62 cd 08 16 8c de cd 0c 8e f2 90 24 fb ce 69 b4 f4 b1 bc 24 bd 66 14 a3 62 d1 73 8e f0 b4 25 d7 38 8d e3 f6 56 2f 54 1a 5d e7 37 8c dc 97 f3 7b 66 f2 3e d6 3a 38 a1 a8 5a cc 5f 39 e9 44 ad c1 a6 ba a7 8a 2c 71 51 18 4e c1 18 ce dc 4c a8 bc 1c ae fe 11 35 2b 15 9e 50 31 54 bc d2 2d 56 28 56 eb 75 16 c2 ac 5e e2 e0 f6 10 d5 f9 55 a9 6d 2c 2d 1c 54 5a b1 cf 57 e7
                                                Data Ascii: =ai;lsYZgt<]8f@>^v%|X>y-An33uNE:LP"kR)HH\+&PcU-Z"6S%/b$i$fbs%8V/T]7{f>:8Z_9D,qQNL5+P1T-V(Vu^Um,-TZW
                                                2024-07-03 13:47:12 UTC16384INData Raw: cc c6 d9 c4 fa 9b 78 1e 7e 8b f0 ae 5a 78 84 c0 d9 8e cc 0e 4c 31 7e 5f 70 43 d7 d1 c6 5f 5d f3 63 82 5b 85 19 e8 be 74 df 18 d3 53 c5 0c 72 53 8b cc 07 33 13 e3 1e c1 3e f7 f6 e2 d9 b8 6e c9 f2 cc db 62 38 63 fe 98 b2 9a 89 30 86 98 68 57 9c 43 c7 47 98 24 9e 0f 4b 51 a0 b0 89 bc 98 8f 99 68 30 58 49 e0 40 d9 99 99 99 cc f1 14 a9 9e 20 40 1f 30 89 c0 98 39 71 98 33 88 27 d8 82 1f 3d 3d 13 ce b7 e4 dc b1 f2 0c 6f 72 57 29 f8 19 89 ab 1f c0 de 6c 22 61 58 2a 0c 1e 27 98 00 c6 de 98 18 50 12 ef 69 2f 5e e9 fc 95 42 a5 a6 d8 17 13 1c 73 09 30 1c a8 7c cc 98 dc c5 e2 58 37 01 c2 88 46 66 c0 61 f6 41 95 99 06 6c 62 43 09 81 14 c6 88 43 4d a4 a2 e5 4f 06 6e db 09 cc 05 e1 e6 2f 4e 3f 62 fe df 43 f9 6a 8f bf 77 bb c9 19 8e 3d f5 7c 6b f8 41 35 9f d6 f1 2c f1 a6
                                                Data Ascii: x~ZxL1~_pC_]c[tSrS3>nb8c0hWCG$KQh0XI@ @09q3'==orW)l"aX*'Pi/^Bs0|X7FfaAlbCCMOn/N?bCjw=|kA5,
                                                2024-07-03 13:47:12 UTC16384INData Raw: 39 80 d4 f9 0b 6c f3 c4 b6 9d b9 40 a2 b2 bb 8b c5 44 85 a5 ea a5 c1 61 9a 5d ea 0c a1 dc 45 6b 6b 38 e5 4a c9 58 c8 0d 4c 2f c5 10 28 e6 19 5a 3a 95 5f 0e 22 3c 86 4c e4 69 4a 98 19 84 7c 49 b9 91 2e 7d 6c ae 16 3c 47 3b cc 40 ce 20 fb 67 84 22 21 36 e7 83 96 27 dd 6d c3 09 59 4d 4f db c1 47 e6 72 74 77 94 ef 73 07 f9 28 6f 13 fb a8 7d 51 52 32 6e 20 c2 f4 bb 8c d2 d7 1d bb f1 11 aa f5 74 7e 7b 9a 86 ca dd 0f 32 e0 68 66 be e0 5a 5b 18 db c5 5d 12 b2 71 25 c7 e6 61 02 f3 d1 ea 64 dc e5 38 f1 33 7e 7f d9 92 c0 c9 77 a9 4c aa d8 bd b3 7a 78 48 5b 93 b1 ca f7 39 23 44 02 b3 26 93 eb 98 57 d3 43 2b 8f 82 b7 95 e7 c4 a5 c1 86 a3 0f 2b bd ba 29 61 de 32 85 fa 46 82 2e f2 75 08 3f 47 33 28 8b 27 f1 1a b9 3c 4f 0c 7a 06 b5 c4 45 93 92 10 3d c0 6b 02 43 64 c9 61
                                                Data Ascii: 9l@Da]Ekk8JXL/(Z:_"<LiJ|I.}l<G;@ g"!6'mYMOGrtws(o}QR2n t~{2hfZ[]q%ad83~wLzxH[9#D&WC++)a2F.u?G3('<OzE=kCda
                                                2024-07-03 13:47:12 UTC14935INData Raw: 32 b2 d4 f0 9a cc 7e 0e ac cb 67 e1 92 66 0e 5c df 52 ec 1e 2e bc b1 82 2d 8e 61 f2 e6 06 fe b4 6b 1c c5 a8 ef 0c 3f 72 05 0d 2c b9 b4 c2 22 59 d0 35 2d 06 c6 d3 bb 99 b0 1a 98 49 c4 38 b4 af 31 4d 81 1c 4b 6a f4 43 e4 c1 a9 4a b8 d7 b3 d4 a5 04 ea 76 13 71 b9 99 f0 f6 21 6b 10 f3 36 54 b8 da 46 3e 97 cc 0b 10 10 87 17 f1 38 16 07 15 2f 29 0b 07 5f 05 65 9b 86 37 07 8d e7 be e0 83 50 e6 02 87 9a a5 2a 52 c7 ea 36 5d 0c a5 d0 14 b2 2c 64 80 56 60 4b b0 f3 33 4a 28 37 00 15 03 a3 30 3d 65 99 60 eb 22 d1 01 93 36 ec 41 0a 8d 8a 37 30 07 dc d5 58 1a 62 8a cc 2c ad 8d 43 a4 c5 81 c3 70 bb 22 ee 29 66 4d 65 3e 93 1b c4 ca 36 f7 0f 2e bc e6 71 e2 30 4a c6 53 ab 33 62 1a 9a 31 03 56 18 03 b4 60 42 dd cb 34 96 20 ba 88 18 39 23 b8 38 88 65 d3 09 c2 43 72 64 d3 17
                                                Data Ascii: 2~gf\R.-ak?r,"Y5-I81MKjCJvq!k6TF>8/)_e7P*R6],dV`K3J(70=e`"6A70Xb,Cp")fMe>6.q0JS3b1V`B4 9#8eCrd
                                                2024-07-03 13:47:12 UTC1500INData Raw: 31 0b 85 d2 ad 37 f1 e6 05 39 e6 ee 2e cd 58 13 86 66 80 5a a6 12 b9 12 cb cd 40 e4 06 9a fe 2b 72 c7 92 da a4 5b 2d ec f3 2f 55 d9 cb ce e8 35 70 a8 94 c0 05 9e fc cb cb 4b 5e 5b 95 d8 c3 bf 10 1c 1a b7 7e 66 ec cb 93 d5 b4 cc e8 9b 55 4f 53 0c 0d 95 b8 40 e9 9e 41 cb 28 a0 ac aa d1 6c 00 31 4a 1b dd 8f a8 3e 60 96 2c 05 96 d1 29 02 9b 28 c6 f6 08 30 52 e6 5c e1 e5 85 5f 99 a0 70 35 6b aa 53 7e e1 96 b6 98 38 25 6a bc c6 5d b8 8a e9 7f 72 e2 b5 cb 7a 5f 9d c5 1c 9e 5b bf 68 0e 45 9e a3 3b 2b c8 ef a6 20 42 66 6a 89 8c 82 5b d9 d4 7e 31 61 bf e2 3a d1 4d 92 eb 9a e2 3e b4 82 ba f0 fa 8a ff 00 23 15 00 f3 7e 25 d9 56 13 73 88 22 b7 f7 6d 35 2d 3c b8 cc f8 f3 03 71 96 40 af 64 aa 9a 09 2a dd 31 bd 31 22 48 d4 5c be ae b8 d9 c1 7d 4c 1d 38 02 80 f3 06 6f 9b
                                                Data Ascii: 179.XfZ@+r[-/U5pK^[~fUOS@A(l1J>`,)(0R\_p5kS~8%j]rz_[hE;+ Bfj[~1a:M>#~%Vs"m5-<q@d*11"H\}L8o
                                                2024-07-03 13:47:12 UTC16333INData Raw: 10 1b a9 00 76 15 f0 84 11 64 8a 44 36 9b 86 76 60 80 3a 66 5c dc 53 2e 8d a3 dd 41 43 50 b2 d5 29 a3 85 3f 19 cf c4 b2 be 0b 33 3c a0 c7 69 36 00 ef cc 56 da 8a 02 ba a1 98 04 88 99 65 a0 72 e6 11 77 06 86 34 5d 18 3b 8c 54 69 3a 94 dd d6 08 0b 00 8e cd 73 88 ac 96 06 e7 dc 58 81 de dd ce 5d 47 f4 02 c5 a9 f3 14 43 70 c9 79 86 6b 32 87 ed 80 2d ac 0d 1f 13 35 23 76 85 f0 c0 18 e1 5d 59 bb 20 85 8d e0 76 55 d8 32 d0 86 44 57 e4 21 c2 00 20 52 bd 62 50 a8 80 f7 8d 80 10 b5 0b 88 1a 15 bc 28 90 37 68 8c 99 d0 d3 ec d4 04 42 85 a8 a7 dd 43 d0 a7 62 05 0c 4d d5 7a 97 ed 25 1b 08 9f 30 f8 21 2c bc cc b6 22 36 0f 94 b8 56 bc b8 f1 05 ac 1c 44 5e a6 7a e9 5c b1 02 a8 e0 14 a8 68 13 0d ee c9 78 01 b8 42 83 2d 45 af a0 da 5e 32 38 62 d5 66 52 4e 29 a9 5d 94 e4 8a
                                                Data Ascii: vdD6v`:f\S.ACP)?3<i6Verw4];Ti:sX]GCpyk2-5#v]Y vU2DW! RbP(7hBCbMz%0!,"6VD^z\hxB-E^28bfRN)]


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                127192.168.2.54986531.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC711OUTGET /v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=824&byteend=915 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC550INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 15:27:32 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 3780638177
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 92
                                                2024-07-03 13:47:12 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:12 UTC91INData Raw: 00 00 5c 73 69 64 78 00 00 00 00 00 00 00 01 00 00 ac 44 00 00 00 00 00 00 00 00 00 00 00 05 00 00 45 91 00 01 5c 3e 90 00 00 00 00 00 40 4b 00 01 58 00 90 00 00 00 00 00 3f 07 00 01 58 00 90 00 00 00 00 00 3f ea 00 01 58 00 90 00 00 00 00 00 35 52 00 01 23 82 90 00 00 00
                                                Data Ascii: \sidxDE\>@KX?X?X5R#


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                128192.168.2.549870157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC721OUTGET /v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=940&byteend=18688 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC705INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=940&byteend=18688
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                129192.168.2.549879157.240.24.134432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC830OUTGET /v/t15.5256-10/441199429_890954462796791_2599688641654411968_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=Ci_SargI4XEQ7kNvgG7ebvt&_nc_ht=scontent-hou1-1.xx&oh=00_AYCzsrsVdh2wmh8OT3jXnKLtKOFIQPVdK7rNhsBe6xLOqw&oe=668B12FF HTTP/1.1
                                                Host: scontent-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC553INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 11 Jun 2024 14:37:36 GMT
                                                X-Needle-Checksum: 483349985
                                                Content-Type: image/jpeg
                                                content-digest: adler32=1470439657
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: max-age=1209600, no-transform
                                                Accept-Ranges: bytes
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 127219
                                                2024-07-03 13:47:12 UTC1INData Raw: ff
                                                Data Ascii:
                                                2024-07-03 13:47:12 UTC1500INData Raw: d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ed 00 84 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 68 1c 02 28 00 62 46 42 4d 44 30 61 30 30 30 61 36 66 30 31 30 30 30 30 64 31 32 31 30 30 30 30 64 66 36 31 30 30 30 30 31 36 36 35 30 30 30 30 64 34 36 62 30 30 30 30 36 38 62 61 30 30 30 30 63 66 32 38 30 31 30 30 66 63 32 65 30 31 30 30 31 31 33 35 30 31 30 30 37 30 33 64 30 31 30 30 66 33 66 30 30 31 30 30 00 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28
                                                Data Ascii: JFIFPhotoshop 3.08BIMh(bFBMD0a000a6f010000d1210000df61000016650000d46b000068ba0000cf280100fc2e010011350100703d0100f3f00100C%# , #&')*)-0-(0%()(C(((((((((((((((
                                                2024-07-03 13:47:13 UTC16332INData Raw: ee d4 8a 58 23 d2 ee e8 76 00 f9 98 42 ba e2 7b 58 da 5b cf e8 5c f4 af fd d6 e6 2d 6c bd 99 48 86 ab d5 9d 16 9f d1 9a 1e a7 d5 95 e6 af c6 46 7a bf 19 9b 2b 4f 45 5c 2d fd 14 41 d1 fa b3 16 36 de 33 ad 5c 78 a9 15 df a5 ae 4a fb d5 46 0d 1f 93 39 68 ff 00 8a 1e de f8 cc bd 71 e2 99 5d 1f 8a 70 5f f8 a8 ed b7 a2 b0 8f fa aa a5 67 e5 a0 f5 ff 00 aa 96 37 9e 8a 03 5c fa aa 25 6b e8 a8 f5 bf aa 97 0f f5 2a 4c be 5a f0 ec 78 dc d2 f2 5b 7a fa 39 eb cb f2 b9 5a 51 b0 3d cf a2 ca 32 fb 3a 4d cf 8f 7d 81 40 4c 0e 8c bf f6 7d 82 e3 d5 2f 87 f2 01 2d 7d ea b2 d3 d9 db 41 ef 56 d6 d6 93 d5 ce 41 7d 54 40 cd fc 97 6a 69 6b 0f 94 36 fe 06 6c d5 fa 14 26 87 d4 f7 07 bd 52 f0 c7 91 01 6b ea ba c3 48 2a 9c e9 b6 6b e5 bb a2 e3 d1 f1 2f 65 6e c7 fc ae 78 d5 f9 1a e2 ff
                                                Data Ascii: X#vB{X[\-lHFz+OE\-A63\xJF9hq]p_g7\%k*LZx[z9ZQ=2:M}@L}/-}AVA}T@jik6l&RkH*k/enx
                                                2024-07-03 13:47:13 UTC16384INData Raw: 5c bc 73 57 a7 f6 2c 2b 31 72 f4 11 d6 c5 ca 3f c2 63 cb 9a 74 5a 4a e3 71 9a 13 c4 d8 9e 67 98 74 d1 ea 85 63 2c e3 0a 02 0d 4e 90 f6 dc e1 a5 74 53 4f 6d e3 51 8c c3 1d 2a 4a d0 1b df 1f 19 31 ab e2 26 bd 77 37 09 10 b4 ce 3b 83 c0 85 94 1e 62 5d 8b 45 f2 fe 99 62 4b 15 eb 60 f0 3c 76 f7 d2 c7 b9 93 73 f7 71 f2 dd 10 e6 3b d9 d5 9f 91 3e 3d 34 0f a5 9f 94 c2 b1 4b 62 37 1c c5 c8 46 b1 3d 1b d3 73 2b 17 8c f9 86 0d 89 8f 91 b6 ba de e2 34 73 08 2f 6a e9 57 73 cc f3 35 1d 79 0e de a5 a5 c4 5b da 77 11 e1 ae 15 9a 9c 27 6c 4b 29 57 43 8a 54 3f 8c 6a f9 eb a4 d5 35 3c 7a 79 9e 66 e2 8e 53 80 85 66 40 e5 9f db 58 ea aa a4 9d f2 78 5d 84 4b 49 85 56 d4 b3 a6 50 f1 fa 4d a2 64 a9 af 23 00 ff 00 99 bd 91 f0 d6 1e 6a e4 97 f8 f4 31 ff 00 39 85 43 30 75 36 1b 5c
                                                Data Ascii: \sW,+1r?ctZJqgtc,NtSOmQ*J1&w7;b]EbK`<vsq;>=4Kb7F=s+4s/jWs5y[w'lK)WCT?j5<zyfSf@Xx]KIVPMd#j19C0u6\
                                                2024-07-03 13:47:13 UTC16384INData Raw: 23 ff 00 6a 7c 39 a8 49 d4 e5 32 bf c2 5a da cc f9 7c 3f 65 47 e2 2b d3 35 7e 16 06 36 f4 42 9b 98 28 3b 69 16 fd d0 6b 7c 20 40 e1 55 dd 23 f7 52 e5 ef c6 2c 66 99 5d 93 c4 b7 59 94 ea 7a b4 91 83 b2 24 0d f9 4f 1f 86 fe 96 ff 00 ea e1 47 ff 00 bb fe 85 52 a2 3c 46 98 8f 54 ef 83 f8 e6 3d b6 9c 18 54 68 7c 23 1d d9 b7 73 fb aa 9f 0e df 95 9c be cb e1 59 53 34 fe 18 12 17 c3 fc 6d 1c 12 0b 0a 35 4e b5 5d 3e dc 3e 0b df f7 41 7c 77 fe 6e 9e 7e 26 87 6b f0 b5 34 31 2b f0 7e 1c 55 7e cd ec a1 0e ce 9f 66 c7 89 b6 21 56 ff 00 87 33 c2 fa a3 1f b2 6f 67 ff 00 f1 e0 8f 45 5f e3 2b 64 b4 7d d7 c1 c6 b0 7f 74 7b 6a 75 59 5c 6b 4e 37 55 7f e2 15 1b 0d cc 7a a6 7b 7f e9 54 ff 00 e2 14 d9 da 33 17 88 9d 15 ce a0 03 bf 4f 64 9d f1 14 7e 17 b1 d4 45 b9 28 b3 fe 23 43
                                                Data Ascii: #j|9I2Z|?eG+5~6B(;ik| @U#R,f]Yz$OGR<FT=Th|#sYS4m5N]>>A|wn~&k41+~U~f!V3ogE_+d}t{juY\kN7Uz{T3Od~E(#C
                                                2024-07-03 13:47:13 UTC14935INData Raw: 4e 20 3c 59 c2 fe e8 a3 74 d9 70 53 58 dc a3 01 a8 58 0a bc 3c c1 b2 8a 0a 0e 39 f3 17 69 67 0c 40 c6 26 32 0e e1 aa 80 5b ce 73 ff 00 22 b9 c6 58 cb af b4 c2 c4 f3 09 96 4d a4 a7 5f dc be 90 03 9b de 3a 94 56 db 5e 6c a7 cb 99 71 39 f6 69 dc 6e f8 6b 4a 83 8c b9 e2 07 6f 23 a3 f1 d4 62 6c 03 4c f7 fc 4b 86 42 69 47 a9 81 9b 00 f3 ff 00 a5 c5 2d 0c 0c 59 73 5f b8 a7 c5 a0 96 07 63 85 14 27 cf 32 8c c1 64 31 ee 1e 54 db 65 5d f5 18 b6 c1 87 c3 e0 a8 e2 10 1b e7 bc 3d c7 a4 97 7c 83 88 06 19 77 cb 8a af 50 f8 40 8a 61 f1 15 2a 56 a5 84 be 2a 5e 79 a1 be 1f de 04 93 e5 56 af 35 50 39 8a 6d ea fa 22 d9 46 d0 79 e2 3a ac 6c 86 33 e7 98 6a 28 be 0b 8f d0 2c f1 9e 7a 99 22 1e 19 b9 82 5a e8 2e b8 ff 00 5c 3e 60 6a 1e af 24 c0 a0 a9 4d 67 d4 29 92 f1 69 a8 1b 8b
                                                Data Ascii: N <YtpSXX<9ig@&2[s"XM_:V^lq9inkJo#blLKBiG-Ys_c'2d1Te]=|wP@a*V*^yV5P9m"Fy:l3j(,z"Z.\>`j$Mg)i
                                                2024-07-03 13:47:13 UTC1500INData Raw: 6e 03 b2 0c 47 4f e6 12 75 51 e6 fc e2 bc 89 ef 9d 51 e2 b8 af 32 9e 66 60 bf 97 11 0e 0b e6 01 30 5e d0 0e 03 dd c3 d7 a5 9e 23 71 6d 79 0b c3 cf e9 01 b4 7b 4b b9 7c 11 de 23 be a7 e4 13 32 f9 31 95 58 cc 81 26 46 0c 69 a6 25 f6 cb 29 92 2f c9 07 32 b2 a7 30 19 90 a9 a1 f9 8c 3a 7b 95 43 a3 1f 13 2a 7c c4 6f 6b 4e a1 fb 49 54 fd e5 cc d1 3e c9 65 71 31 4b 49 4b 09 49 c2 58 17 0b 2c 1d 93 cb bd 49 78 38 54 f9 86 bd 10 fa 15 db 0c ad 31 c8 cb 90 b0 46 59 70 26 3e 52 89 6e 38 65 8c 2b f9 83 0b 5e a2 e2 d6 88 2e b0 b7 8f 71 71 96 27 38 3f 29 be 6c 7f e0 44 d6 0b ed 94 1c b7 98 52 b1 6a ed a7 f5 01 ca 1d 88 87 83 ef 0c 58 e8 77 33 83 31 8b 14 ca 08 66 a1 66 56 72 0b f7 38 40 4e df a2 f1 54 15 79 63 c7 0f 32 dd fc 58 80 ed f3 00 7f 41 08 c7 32 21 e6 7c 4c 04
                                                Data Ascii: nGOuQQ2f`0^#qmy{K|#21X&Fi%)/20:{C*|okNIT>eq1KIKIX,Ix8T1FYp&>Rn8e+^.qq'8?)lDRjXw31ffVr8@NTyc2XA2!|L
                                                2024-07-03 13:47:13 UTC16333INData Raw: 9a 5f a8 17 b7 b6 16 18 23 70 2f cc 59 c1 f0 25 78 3e 62 3c 85 f8 94 d9 7b 76 4b b7 05 86 5f f8 19 5b ba b9 fe 7b c4 b6 71 6b f9 94 ce 6b 7b c4 a3 c4 70 3b 96 31 45 1f 51 01 9c c0 77 28 8d b0 8c 87 d0 99 ca 4f c4 fd bc 84 9b 93 22 cd 63 8f d2 a4 ae 23 b0 fb a8 12 3c 59 30 dd bc 13 9d be e7 00 fc 91 1b 7f 18 89 7b fc cc 1c 92 ad ce e5 e8 b8 6c c5 5d 99 ad d3 dc b3 00 aa 90 c5 8f aa 27 03 01 ba 87 d1 3d 28 b5 40 9d 6a 87 92 ce 54 02 55 ad a7 a9 ce 1f 28 53 6f c1 1d 3f f1 06 d6 6f 77 0d 83 f1 5f b8 37 d6 34 17 6c d2 53 c4 d6 51 f2 8d 9c 1e e2 83 20 f6 cf c3 13 31 0c 63 6b e6 40 b4 a6 fc b3 03 83 f0 81 7f 64 83 34 26 d1 f7 62 af f0 15 3b 2f d9 73 c7 ae 88 eb a4 bf 37 ac cf e4 5c 4e 48 21 f5 f5 6d 7c 99 69 14 d3 6c 7c ba cb 30 66 bd 4e fc b2 ae 89 53 9a 5f 4a
                                                Data Ascii: _#p/Y%x>b<{vK_[{qkk{p;1EQw(O"c#<Y0{l]'=(@jTU(So?ow_74lSQ 1ck@d4&b;/s7\NH!m|il|0fNS_J
                                                2024-07-03 13:47:13 UTC16384INData Raw: 22 38 56 d5 8a 2a fc dc 28 b2 6e 10 2e f1 ce 9a 5b 7a 94 a1 12 90 c0 d9 e4 2b 9d c7 3b 69 e0 84 00 d6 b2 bd 90 3d cd 1e 0a d8 38 a2 ef d6 23 51 48 08 a9 85 7d 99 89 99 34 07 4a 97 96 8c 54 1a 63 51 7e 0c ad 34 0b e2 14 90 56 9c 2d 81 e0 5b d5 44 22 fc d2 8c 1a dd e9 c8 92 87 b9 84 20 b7 4b 4f 2e 21 c6 21 ad 7d a1 5a 2e c8 b5 79 94 f7 8e ca b2 07 79 d8 c4 14 d0 cd 58 24 c5 cd 69 63 a9 71 0a 9e c2 57 ce 46 17 7a 4d 9e e2 78 2a f4 0c 95 7f 70 d9 a8 2c 74 4a ec aa 46 b8 6e 1c 2f 17 b5 58 16 04 12 d0 75 17 eb 47 7f 15 bb 2a 97 87 c4 6e 84 92 d1 20 3e 0a 67 37 51 18 e4 ba 0a 53 39 6d bb d9 12 68 28 0a 06 86 55 c5 f1 59 94 58 e2 9b 6d 83 19 5a 58 75 bc 46 a8 03 67 81 e6 4d 2d f3 58 a8 39 16 ad 9c 80 74 46 6f e2 66 ad 32 04 17 42 f8 b3 1b 20 95 3b c1 2e b6 27 2d
                                                Data Ascii: "8V*(n.[z+;i=8#QH}4JTcQ~4V-[D" KO.!!}Z.yyX$icqWFzMx*p,tJFn/XuG*n >g7QS9mh(UYXmZXuFgM-X9tFof2B ;.'-
                                                2024-07-03 13:47:13 UTC16384INData Raw: 20 29 4b 8a e8 86 f8 1e ba 44 8c d6 b5 bb cb 34 d1 91 be 58 0f 49 31 56 d4 6e ed 7c 4a f8 96 d3 71 a7 1b 3b 97 6a b2 04 2f 37 d7 88 6f 3c 62 c4 37 7c 90 ac a2 0d 52 f2 5e b1 99 55 b7 40 f0 c6 c6 0c 58 da d5 0e e0 70 74 f1 49 76 1d cc a8 ae 41 aa b1 dc bc 81 10 02 68 14 e5 f1 ac 5f 13 22 6e ee 8c 82 c4 2b be e3 a5 87 c2 06 b1 66 ff 00 5c 45 35 35 5b 57 b9 4d 3f 38 8c 7b 17 67 b6 e8 31 83 89 53 4e d0 8c ab 72 bd 55 41 30 3c d0 77 43 40 51 bc b9 8c 00 8e f8 e5 de b6 f0 f5 01 50 c1 25 c8 94 60 58 4d 2e 6e 67 08 00 e4 18 2b 34 a3 46 dc f1 18 81 c0 07 0d 0b d6 36 ae 20 ad c5 54 ad 4f 9b 1d b8 89 48 c0 d0 45 2a 6d 72 00 6e fc 47 45 06 32 9b 83 59 72 a8 d9 02 aa 93 6d 0a 82 62 dc 9c 2c 17 51 90 9e 07 88 8d a8 45 c2 b8 6a f5 71 c2 42 58 00 ca 2b 60 6b b8 21 fb 50
                                                Data Ascii: )KD4XI1Vn|Jq;j/7o<b7|R^U@XptIvAh_"n+f\E55[WM?8{g1SNrUA0<wC@QP%`XM.ng+4F6 TOHE*mrnGE2Yrmb,QEjqBX+`k!P


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                130192.168.2.54988631.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC713OUTGET /v/t39.25447-2/449518986_448740041424809_5919772283050550271_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=23n16DcR66EQ7kNvgHX4UqZ&_nc_ht=video-hou1-1.xx&oh=00_AYCa0PsCLCaN3TaWPeLXaqOCav_pU275cHdSXT7i7EHYZA&oe=668B1C51&bytestart=916&byteend=18724 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC553INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 15:27:32 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 3780638177
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 17809
                                                2024-07-03 13:47:12 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:12 UTC1500INData Raw: 00 01 34 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 01 1c 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 08 00 00 00 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 00 cc 74 72 75 6e 00 00 02 01 00 00 00 2e 00 00 01 3c 00 00 01 73 00 00 01 7f 00 00 01 da 00 00 01 d0 00 00 01 c1 00 00 01 d5 00 00 01 93 00 00 01 92 00 00 01 6e 00 00 01 52 00 00 01 69 00 00 01 88 00 00 01 9c 00 00 01 b3 00 00 01 84 00 00 01 7e 00 00 01 7c 00 00 01 7a 00 00 01 6d 00 00 01 5c 00 00 01 a7 00 00 01 77 00 00 01 50 00 00 01 67 00 00 01 60 00 00 01 68 00 00 01 60 00 00 01 a3 00 00 01 51 00 00 01 54 00 00 01 68 00 00 01 81 00 00 01 9e 00 00 01 bb 00 00 01 9d 00 00 01 4e 00 00 01 52 00 00 01 59 00 00 01 41 00 00 01 56
                                                Data Ascii: 4moofmfhdtraftfhd*tfdttrun.<snRi~|zm\wPg`h`QThNRYAV
                                                2024-07-03 13:47:13 UTC15416INData Raw: 27 50 60 9d 92 bc 8b f2 04 c9 3a 91 b4 cd cb 05 95 22 9d 17 5e 51 b0 0f b8 6f 01 d0 10 85 55 05 04 00 e0 05 04 00 e0 24 48 00 e0 21 1b 54 6d fc 94 2b 1b 84 04 22 36 68 67 85 71 6f 2f 92 de db f2 dd db 5c cd 38 b3 7e 70 6d d9 83 83 dd 2f 75 60 81 a6 48 c1 07 56 3f df a8 e0 7e 70 46 48 2d 22 f1 76 15 cc c9 6f 89 90 fa 4f 92 d2 f4 e6 dc fd 2e 05 13 dc 23 d8 9b 65 57 09 e9 ea 3e 0c d2 7f 22 7d d0 88 81 f7 9b 0e f2 df 8f 8f 9c 26 5a 52 e8 63 2b a4 02 e8 3f 99 40 1b 1d d3 4e 26 dd cb 73 92 62 3a 5a 2b c7 57 ae 85 45 39 fb 2b 06 1b c5 5e 2d 13 d6 9d 89 a4 95 a2 55 47 68 98 9b d0 e5 72 6b 6d 13 9b 32 10 3f 39 2b 15 d6 e1 9e bc 5b f0 3f bd 84 f1 b5 c5 ab 7d e6 83 0e f3 4a ec 55 09 7b 67 35 54 82 9b 5b 1b 99 cb 97 bb 8a 36 6d 41 2d 31 71 87 4c d9 73 1a 06 3e 1d f2
                                                Data Ascii: 'P`:"^QoU$H!Tm+"6hgqo/\8~pm/u`HV?~pFH-"voO.#eW>"}&ZRc+?@N&sb:Z+WE9+^-UGhrkm2?9+[?}JU{g5T[6mA-1qLs>
                                                2024-07-03 13:47:13 UTC892INData Raw: a4 14 b1 ac 48 91 40 0c 50 1f 70 33 d1 30 00 3c e0 d2 45 f2 01 f0 0f 4e 00 0c 36 e9 16 a5 95 8c 03 aa 7f 0e d0 9f c5 f5 2e 5c 38 9d 6c d2 b8 4b 7d bb 13 91 7f 87 a4 aa f3 52 b6 db 0a eb 06 3b b4 4a 06 ff 90 12 d7 59 46 b8 80 02 42 d1 99 b6 f9 bd 99 9f 38 10 d4 5f 6c 6b 1a df 1f 01 99 61 08 ee 12 5c a9 f7 cf 73 98 00 99 29 80 00 2c 25 11 b0 da 38 fe 5a b0 85 77 85 68 08 40 10 8b ce c4 bf ff 28 01 ae 97 3b 9f fe c0 04 ff 9f ea 77 42 00 70 21 1b 4f ff ff af ff 82 28 d0 f4 46 30 8d 89 61 61 89 54 70 2b 0a 84 02 21 01 08 56 15 40 b7 60 0d d9 6a 0b 93 3c f0 2f 73 be 6c f5 30 31 07 0d 94 80 08 1d c2 1a 61 6a 02 0a 19 ec 41 02 ad 17 3a 79 3a 20 5e 49 65 e2 33 63 8b 32 00 19 81 94 47 67 89 c7 3e 1f d7 7e 60 ee 9a b9 04 00 09 25 9e 54 90 29 49 34 ff 02 a8 80 37 f8
                                                Data Ascii: H@Pp30<EN6.\8lK}R;JYFB8_lka\s),%8Zwh@(;wBp!O(F0aaTp+!V@`j</sl01ajA:y: ^Ie3c2Gg>~`%T)I47


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                131192.168.2.54987831.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC691OUTGET /v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=826&byteend=893 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC279INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 01:19:35 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 2477213452
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                2024-07-03 13:47:12 UTC2713INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 73 70 6f 6e 73 65 5f 6f 6b 3b 20 65 5f 66 62 5f 63 6f 6e 66 69 67 76 65 72 73 69 6f 6e 3d 22 41 63 4b 52 64 2d 70 6d 30 47 5a 72 62 74 2d 34 42 56 30 55 59 43 45 62 4d 6e 41 36 2d 4f 6d 69 41 65 56 31 4e 58 69 50 48 30 74 77 57 62 5a 44 4d 57 6b 62 69 52 6d 37 53 61 4b 51 65 67 22 3b 20 65 5f 66 62 5f 76 69 70 70 6f 72 74 3d 22 41 63 4b 51 43 61 7a 4f 76 76 72 71 2d 35 36 6c 33 37 50 71 4b 72 30 78 6c 76 46 6c 6f 54 5f 6a 75 57 49 65 5a 44 77 54 4f 73 69 72 64 35 65 62 65 46 50 6a 48 69 5a 7a 50 30 41 72 22 3b 20 65 5f 66 62 5f 70 72 6f 78 79 63 6f 64 65 3d 22 41 63 4b 6d 42 36 43 34 41 79 69 59 6d 6d 68 79 55 47 53 46 54 42 67 77 61 52 48 7a 77 75 30 63 43 6e 69 64 6f 46 32 43 53 6e 50 47 7a
                                                Data Ascii: Proxy-Status: http_response_ok; e_fb_configversion="AcKRd-pm0GZrbt-4BV0UYCEbMnA6-OmiAeV1NXiPH0twWbZDMWkbiRm7SaKQeg"; e_fb_vipport="AcKQCazOvvrq-56l37PqKr0xlvFloT_juWIeZDwTOsird5ebeFPjHiZzP0Ar"; e_fb_proxycode="AcKmB6C4AyiYmmhyUGSFTBgwaRHzwu0cCnidoF2CSnPGz
                                                2024-07-03 13:47:12 UTC41INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 36 38 0d 0a 0d 0a
                                                Data Ascii: Connection: closeContent-Length: 68
                                                2024-07-03 13:47:12 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:12 UTC67INData Raw: 00 00 44 73 69 64 78 00 00 00 00 00 00 00 01 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 03 00 05 95 04 00 01 2c 00 10 00 00 00 00 05 3e 0e 00 01 2c 00 10 00 00 00 00 03 37 7e 00 00 ce 00 10 00 00 00
                                                Data Ascii: Dsidx<,>,7~


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                132192.168.2.549882157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC696OUTGET /v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=0&byteend=825 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC680INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=0&byteend=825
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                133192.168.2.54987531.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC693OUTGET /v/t39.25447-2/449674164_874555164725584_2448760145427529645_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMjc1Nzc0NTYyODE0Mzk5fQ%3D%3D&_nc_ohc=8rroXHNeUjAQ7kNvgHhLmHL&_nc_ht=video-hou1-1.xx&oh=00_AYARYDY6Y4AYkuTRtfdga0YHpMbfJpH6rSsK7K4Qg6HnnQ&oe=668B2E1F&bytestart=882&byteend=43004 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC277INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 15:40:18 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 90417318
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                2024-07-03 13:47:12 UTC2920INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 73 70 6f 6e 73 65 5f 6f 6b 3b 20 65 5f 70 72 6f 78 79 3d 22 41 63 49 2d 73 55 37 41 4f 68 56 6e 6d 67 31 61 33 68 73 2d 78 79 56 39 6a 4a 57 6c 62 65 6f 36 54 78 4a 4a 39 47 5f 42 6d 71 76 77 66 6d 31 7a 4e 68 5a 6e 52 34 36 59 49 78 69 30 61 65 4e 4d 71 63 44 73 73 78 54 41 69 70 35 62 46 68 5a 48 61 72 34 22 3b 20 65 5f 66 62 5f 62 69 6e 61 72 79 76 65 72 73 69 6f 6e 3d 22 41 63 49 31 65 73 76 33 50 32 69 55 35 30 71 54 5f 34 30 5f 50 39 38 75 70 50 49 30 6d 61 42 65 75 4f 71 63 75 69 68 67 46 34 45 46 5a 4d 48 6c 6d 5a 4c 76 43 6b 33 44 6c 46 6b 47 6a 78 53 2d 7a 61 75 43 35 61 6c 33 4c 76 70 32 53 53 6c 58 43 55 30 66 5a 6b 5f 59 66 61 48 53 52 34 4b 33 5f 7a 38 22 3b 20 65 5f 66 62 5f 68
                                                Data Ascii: Proxy-Status: http_response_ok; e_proxy="AcI-sU7AOhVnmg1a3hs-xyV9jJWlbeo6TxJJ9G_Bmqvwfm1zNhZnR46YIxi0aeNMqcDssxTAip5bFhZHar4"; e_fb_binaryversion="AcI1esv3P2iU50qT_40_P98upPI0maBeuOqcuihgF4EFZMHlmZLvCk3DlFkGjxS-zauC5al3Lvp2SSlXCU0fZk_YfaHSR4K3_z8"; e_fb_h
                                                2024-07-03 13:47:12 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:12 UTC1500INData Raw: 00 02 bc 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 02 a4 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 02 00 00 01 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 02 70 74 72 75 6e 00 00 02 05 00 00 00 96 00 00 02 c4 00 00 00 00 00 00 42 72 00 00 06 63 00 00 00 03 00 00 00 1c 00 00 00 03 00 00 00 3b 00 00 00 03 00 00 00 1a 00 00 00 03 00 00 00 8c 00 00 00 03 00 00 00 17 00 00 00 03 00 00 00 3e 00 00 00 03 00 00 00 16 00 00 00 03 00 00 07 cb 00 00 00 03 00 00 00 19 00 00 00 03 00 00 00 3a 00 00 00 03 00 00 00 19 00 00 00 03 00 00 00 77 00 00 00 03 00 00 00 17 00 00 00 03 00 00 00 32 00 00 00 03 00 00 00 16 00 00 00 03 00 00 05 49 00 00 00 03 00 00 00 17 00 00 00 03 00 00 00 35 00 00 00 03
                                                Data Ascii: moofmfhdtraftfhd*tfdtptrunBrc;>:w2I5
                                                2024-07-03 13:47:13 UTC15450INData Raw: 65 84 75 89 a1 cb a2 c6 ce 92 22 9a 5d b7 0a 8d 5c 4c 1d 66 97 08 e2 9d 85 60 f4 ad c1 5f 7c f7 53 85 d2 23 df fd ce 79 18 07 c9 06 28 5a 3a 89 0f c0 c1 73 18 2c 88 20 e7 25 e1 77 13 65 9e 13 8d 85 1e b1 ef 74 4d 7f 46 23 51 dd 50 13 3d 39 1b ce a8 48 a2 01 7c a4 b9 47 69 27 34 f7 89 c9 35 85 52 2c 69 e8 fd 31 47 ea 06 9e 57 95 f4 fe 89 64 8c f0 eb e7 44 e9 71 6b 9d 1f f3 b6 66 91 52 80 d9 cf 8c 31 0c 00 d4 cb 63 8a 21 34 c2 39 52 37 ad 75 4e 66 aa 6e 74 2a 8e 78 0a 22 83 9c 8b ff 13 67 7c 0c 12 52 94 04 89 d5 d3 fa e7 38 30 df 03 9b 6a dc 1b cd d2 d4 4a 17 aa ab 57 bd cc 92 26 8b ce 97 49 d5 3a 4b d7 d6 45 35 4d f9 4c 83 75 4b 4b 17 49 a4 b8 e2 e4 0e 5c b9 3a e3 97 66 16 1f da c8 31 21 a7 00 1d ea 67 c9 7c 50 59 89 62 51 0d 22 a9 57 0f a1 ba 8e df 23 66
                                                Data Ascii: eu"]\Lf`_|S#y(Z:s, %wetMF#QP=9H|Gi'45R,i1GWdDqkfR1c!49R7uNfnt*x"g|R80jJW&I:KE5MLuKKI\:f1!g|PYbQ"W#f
                                                2024-07-03 13:47:13 UTC16384INData Raw: 13 4c dc 3e 1a a6 9e d7 73 aa 81 73 9a 44 cc a1 01 91 a6 4c 85 80 c7 ae b0 10 4b e5 8f b0 94 9c e8 a2 0c 7a 53 cb c1 de c0 6d a5 da 9f 51 cc 91 98 50 65 5e 11 1a f9 f1 77 73 21 a3 6c 94 4d be 01 63 66 57 71 80 00 3f e6 1b 6c 6d f1 ac 87 35 dc 8b 64 44 d6 6d 54 29 d2 d8 9c 1d f9 4b 82 a5 93 75 1d ed bb 34 9f 4a c1 2f fe b3 65 ee a3 29 9f 18 09 2b 94 2b cf b2 c5 38 7a 15 4d 3d 50 2f a2 38 bc 35 b8 8b c7 f7 e6 ec 54 b9 05 30 95 0d 96 4d 3f 2a 2b e2 56 59 4b 91 cc 9a 27 db 7e 82 7f 1f 31 4a 9c 21 5b 49 eb db b1 f4 7c 7a 39 a5 5d a6 4c 2a 96 18 00 0c 29 d0 02 a0 84 2b 4e 94 a2 6d e5 64 2d b2 05 9b 27 23 a7 44 2a c8 4e 6b 30 89 2c 17 0e 28 43 28 e2 14 b8 4d 0e 5c f2 ba 67 ec 78 e5 4f 21 fd c9 f9 9f 6d e0 6e 24 90 24 ef 6e 59 8f d1 55 40 9f 56 80 c7 1e 13 dd 8c
                                                Data Ascii: L>ssDLKzSmQPe^ws!lMcfWq?lm5dDmT)Ku4J/e)++8zM=P/85T0M?*+VYK'~1J![I|z9]L*)+Nmd-'#D*Nk0,(C(M\gxO!mn$$nYU@V
                                                2024-07-03 13:47:13 UTC8788INData Raw: 83 62 74 da e3 28 cd ac 4f af c2 46 80 58 a7 db 45 8a 73 cd 4e ff ea ea e1 1c 49 24 70 5b bf 0c 37 99 e8 84 f0 1a 53 63 f4 ce 42 6a 9a 68 9c 61 08 c9 99 16 c6 22 19 dc a1 c1 9a ec f5 11 f7 a8 71 29 d6 82 ab 02 76 f8 09 08 1f 61 b9 9a d3 d8 f9 d0 94 44 df 3a 65 8c a6 4f b1 d3 25 4b 3c 43 f1 35 bd b4 7b 9a f5 af f2 80 d7 6b be cd 2e 38 97 95 db a8 2c e0 d8 6a 3c d6 5e 5a 1c c2 a3 5e 66 8f 2f 91 a7 22 21 30 90 44 7f 8b f5 21 1f af 59 e5 ec d7 e4 d9 51 12 a5 cf 0d cc 05 cf a5 d6 36 40 de e9 f2 02 6e 4e 04 17 3e 5e 27 7e c2 65 4e 62 66 fe 2e 53 59 0f 22 6e f0 ba 5b 8a db a5 0e d6 bf 61 41 fb a1 56 bf a4 18 43 03 46 d6 b1 f5 a7 61 0f 86 54 84 03 cb d9 05 c6 af ee b2 fc 78 b9 ba 14 35 71 cb e7 11 d7 b9 84 3c 4f 49 98 c4 3b 5c fb fb a2 47 75 7e 72 ca 4a 5d 3c 7c
                                                Data Ascii: bt(OFXEsNI$p[7ScBjha"q)vaD:eO%K<C5{k.8,j<^Z^f/"!0D!YQ6@nN>^'~eNbf.SY"n[aAVCFaTx5q<OI;\Gu~rJ]<|


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                134192.168.2.549885157.240.24.134432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC594OUTGET /v/t15.5256-10/438220461_424871197194934_3396704185190857494_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=rYamK1Zi3UYQ7kNvgF_kTN7&_nc_ht=scontent-hou1-1.xx&oh=00_AYBC-JiaCx3bZCMFQ1PaIuHFgTdKR9QvXqhvkBZ_t8j1EA&oe=668B1B74 HTTP/1.1
                                                Host: scontent-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:12 UTC552INHTTP/1.1 200 OK
                                                Last-Modified: Wed, 26 Jun 2024 02:10:59 GMT
                                                X-Needle-Checksum: 764804187
                                                Content-Type: image/jpeg
                                                content-digest: adler32=2554059394
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: max-age=1209600, no-transform
                                                Accept-Ranges: bytes
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 42758
                                                2024-07-03 13:47:12 UTC1INData Raw: ff
                                                Data Ascii:
                                                2024-07-03 13:47:12 UTC15145INData Raw: d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ed 00 84 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 68 1c 02 28 00 62 46 42 4d 44 30 61 30 30 30 61 36 66 30 31 30 30 30 30 36 39 31 36 30 30 30 30 36 62 33 36 30 30 30 30 62 39 33 37 30 30 30 30 64 37 33 38 30 30 30 30 62 39 35 30 30 30 30 30 39 36 36 65 30 30 30 30 63 35 37 34 30 30 30 30 66 32 37 36 30 30 30 30 30 35 37 39 30 30 30 30 30 36 61 37 30 30 30 30 00 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28
                                                Data Ascii: JFIFPhotoshop 3.08BIMh(bFBMD0a000a6f010000691600006b360000b9370000d7380000b9500000966e0000c5740000f27600000579000006a70000C%# , #&')*)-0-(0%()(C(((((((((((((((
                                                2024-07-03 13:47:13 UTC16384INData Raw: 60 ff 00 68 6d 31 d9 39 44 e8 1d 4a 94 1f 1f cb 6d 3d 54 96 5b 41 ab c0 c0 a8 f5 e6 b2 7e 0a 43 69 da 93 f1 57 c3 b5 43 a2 f8 4b 76 27 aa b3 26 78 69 9b cc 50 50 f9 06 8b 3a b3 ce dd e6 00 a3 32 62 18 14 7f c2 b3 91 80 ea 9a 59 6b 17 68 85 a6 59 5a ef f2 d1 03 9f b9 82 04 52 88 98 72 af 25 1a 9f ca a5 f3 68 b2 a9 3f fc d4 be 65 64 56 62 32 4c 74 36 b6 dc a2 8e 79 a6 6b 8b 4e 87 8f c9 b8 84 60 af cd ad df e1 7f be f1 55 33 60 9b 56 fa f3 45 92 5a 9a 5a 73 53 c5 21 aa ff 00 89 59 dc ed d4 d7 30 8b b4 4f a1 a8 c5 38 35 f7 1e 4e 04 af fe 5b 68 a5 32 3c 3a ff 00 4d 15 9b 2a e1 54 e2 72 a2 b4 39 bb 88 78 e8 92 51 98 c9 7c 43 ad 4e 6d 4e 0a 16 da 1d 79 f5 18 e8 99 33 c4 a7 21 e6 51 dd e8 87 c2 da 43 5b d1 33 5f 68 6b ae e4 ac cd 39 85 0f 94 29 bf 95 65 fe 13 e5
                                                Data Ascii: `hm19DJm=T[A~CiWCKv'&xiPP:2bYkhYZRr%h?edVb2Lt6ykN`U3`VEZZsS!Y0O85N[h2<:M*Tr9xQ|CNmNy3!QC[3_hk9)e
                                                2024-07-03 13:47:13 UTC11228INData Raw: 00 31 69 d5 53 08 35 8f b4 1b b9 68 e6 15 c7 03 80 c1 32 59 50 92 a1 e1 2e 6a c8 18 a2 e9 b3 64 33 28 7c e9 9a cc 21 ef a3 13 d8 96 54 4a 5b ee a9 b2 34 f4 63 63 d0 54 a2 2a 26 73 d8 7b ca 5a 81 2c bd f9 65 1e b4 1d 58 ad 6e 22 16 84 03 65 43 fe 05 b0 f7 6e f1 5f b5 54 0e 17 98 bb 80 a1 30 69 2a e8 56 fd d0 c0 c4 7c fb 1a d1 63 8a 87 18 a2 6a 0d 63 3c 91 5f bb fc 21 bf 81 88 90 67 3e 53 be 7d 8a 7c cf 67 4c 93 f1 72 f8 0a 79 9b 0c fb 46 cc f0 f8 1c 7d 58 45 98 19 f6 8f 56 89 ce 5f 88 c0 0a 66 05 31 17 71 a7 0b 5a f0 ce 08 07 13 75 d6 33 97 ae 4a c3 0a 97 60 a6 40 62 9f bc 06 b8 af da 1d bf 89 08 11 c1 fe 3a 0d da 4f e9 0b ab e0 43 40 dd c5 cb 94 ff 00 08 5a 81 85 a1 45 5c 11 63 d4 69 da 50 ac 91 48 1d 10 31 07 88 d1 cd 91 41 02 a2 f3 dd fe 4c e7 90 ac 8a
                                                Data Ascii: 1iS5h2YP.jd3(|!TJ[4ccT*&s{Z,eXn"eCn_T0i*V|cjc<_!g>S}|gLryF}XEV_f1qZu3J`@b:OC@ZE\ciPH1AL


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                135192.168.2.549877157.240.24.134432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC595OUTGET /v/t15.5256-10/449787338_1668205580611896_7394166591359421737_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=BUim_norTLQQ7kNvgEK7JpK&_nc_ht=scontent-hou1-1.xx&oh=00_AYDjf2G2a0j2jV1UdQewqITyeaa1J826aL0FRlEI43_NPw&oe=668B281B HTTP/1.1
                                                Host: scontent-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:13 UTC553INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 13:17:59 GMT
                                                X-Needle-Checksum: 1443259912
                                                Content-Type: image/jpeg
                                                content-digest: adler32=2021012266
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: max-age=1209600, no-transform
                                                Accept-Ranges: bytes
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 85137
                                                2024-07-03 13:47:13 UTC1INData Raw: ff
                                                Data Ascii:
                                                2024-07-03 13:47:13 UTC1500INData Raw: d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ed 00 84 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 68 1c 02 28 00 62 46 42 4d 44 30 61 30 30 30 61 37 31 30 31 30 30 30 30 35 37 32 32 30 30 30 30 34 38 35 37 30 30 30 30 65 37 35 64 30 30 30 30 33 31 36 37 30 30 30 30 61 33 38 65 30 30 30 30 33 33 63 64 30 30 30 30 37 30 64 33 30 30 30 30 34 35 64 63 30 30 30 30 35 64 65 36 30 30 30 30 39 31 34 63 30 31 30 30 00 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28
                                                Data Ascii: JFIFPhotoshop 3.08BIMh(bFBMD0a000a710100005722000048570000e75d000031670000a38e000033cd000070d3000045dc00005de60000914c0100C%# , #&')*)-0-(0%()(C(((((((((((((((
                                                2024-07-03 13:47:13 UTC16332INData Raw: d0 7a 3f 07 93 55 7b 77 07 89 7b 53 f8 32 58 5f 67 e0 c0 50 7a f7 07 8f ea f6 bc 1e 2f ae dd 70 78 f8 fe d1 c1 e2 57 9e a3 c1 e3 fe 8d 75 c1 0f 84 fb e7 07 8f ef 74 7c 1e 33 1f b5 70 79 b5 f6 af 83 cb eb fd 83 83 c7 64 f5 ee 0f 25 37 d3 78 32 b8 ef 5b e0 ef 1e f6 1e 0f 2b 03 d8 f8 33 35 fb 6e 0f 37 a1 f6 6e 0f 14 5f 6a e0 c8 e1 fd 9b 83 cb 04 f5 ee 0f 14 f5 f3 38 3c 7f d8 3b 83 bc 97 d6 bc 97 0f 47 3a 9d cb 15 73 64 4e dc 43 1b d1 9e 5f 4b 98 d1 7a 5c d7 0a 38 f3 be c3 63 8a bd f2 f7 b8 ef 9f fd 13 5e 2d e7 78 b4 61 ed bc dc 78 6c bb c5 2c 43 d6 bb cf 2b c3 d4 fb ce 2b c3 d5 fb cc ac 43 79 de 0f e8 c1 b2 ee f3 10 f4 ee f3 4f 4b 0e ec 25 88 6a bb c8 a3 0f 61 ef 26 d1 06 df bc 53 62 1b ae f0 0d f8 7a 07 77 8c 07 b3 f6 1b ca 03 e9 0e f3 c4 0f 44 ef 14 be 0f
                                                Data Ascii: z?U{w{S2X_gPz/pxWut|3pyd%7x2[+35n7n_j8<;G:sdNC_Kz\8c^-xaxl,C++CyOK%ja&SbzwD
                                                2024-07-03 13:47:13 UTC16384INData Raw: 5f 86 3d 12 8e 1d 3b 3a 1c 26 c2 6c 2d ab 96 88 3a 70 c2 ee e1 da 9b 0b a3 ad 89 87 6b c8 26 46 21 84 13 32 67 67 e1 11 ed 6e 6b 7f e2 ba 3b a1 07 41 ee 3e e6 2e 9b a2 0f 83 13 ba 32 c3 5d 1c 8d 63 c1 0f b2 74 5e bc af 7e 0c a7 14 fc 70 ce 87 a2 82 3d ea 58 5c 51 65 96 1d 13 3b 26 77 5d cf c3 0b d9 0b ac ad cb 19 58 44 c9 9d c5 05 97 41 28 92 cf fe 29 1b 21 8c 48 cb 77 50 2c 8a 1f 88 fb cc ff 00 76 46 df 5e 26 fb cd c1 d1 27 6c 33 93 2d cd c3 af a3 0b f9 21 cb 38 ac 2c 26 14 cc 83 a2 69 1b 6b f5 91 a3 53 8f 42 15 ec b2 fc 31 c1 b8 7b 2c e5 17 1f 64 d3 93 37 e4 cf aa d8 ed 9d bd 93 65 94 5b 9c c7 d8 8b 0a 6c f3 41 9d c2 b0 66 66 67 58 5b 19 6c 15 86 4f eb 74 eb f8 95 bb 99 61 7b 21 eb c1 cb a5 7e d3 91 f7 39 0f 69 74 7f 75 b0 53 c6 b0 eb 6b ac 3a ea b0 b1
                                                Data Ascii: _=;:&l-:pk&F!2ggnk;A>.2]ct^~p=X\Qe;&w]XDA()!HwP,vF^&'l3-!8,&ikSB1{,d7e[lAffgX[lOta{!~9ituSk:
                                                2024-07-03 13:47:13 UTC16384INData Raw: 57 57 31 85 92 16 cc ed 1f 66 07 52 38 20 82 a7 b0 e1 9f 4b 31 b2 aa 8b 15 30 89 2a a1 48 d1 53 d9 4e 65 16 16 cd 02 a5 ab ae 64 ed c2 da ba 56 e1 6d 65 65 0e a2 8b 49 50 fb 19 08 8c d1 65 db 1b e3 9b 88 58 d9 81 ce 1a 89 39 72 b3 0f f0 23 2b 68 84 ed 9c 93 82 f0 58 ac 4d 98 7b 1c d5 2c ad b4 39 98 66 d7 d9 67 6d 02 9e eb 1b c1 03 61 3c 75 d8 a9 6a 29 6d 14 8b 55 42 c1 61 66 3e d3 cf 38 d8 2c 1e d1 4c cd 31 ed b2 6e 78 b0 58 79 1f 62 c3 55 21 6c fd e3 ed 15 cc a6 60 cd 3e c5 3d 5e 2b 1c da 0b 36 96 3e c1 4c ce 5a 99 7b 1c b3 68 16 0b 77 55 57 85 de 2d ab 76 96 33 5a 34 42 f3 8c 96 25 4f 72 9b 0c d4 ac 9e b6 9a e9 fb 06 05 49 54 85 8a ba 09 9a a8 2a 8d 53 a0 0b bc 52 9a 9d e2 a8 ab a8 94 f0 b2 f3 55 5f 5e 05 1d 2b 24 7f c0 b7 2a b8 2c 54 a7 64 c0 9a 9b 5a
                                                Data Ascii: WW1fR8 K10*HSNedVmeeIPeX9r#+hXM{,9fgma<uj)mUBaf>8,L1nxXybU!l`>=^+6>LZ{hwUW-v3Z4B%OrIT*SRU_^+$*,TdZ
                                                2024-07-03 13:47:13 UTC14935INData Raw: 9f 30 dc a0 20 af 51 41 98 33 22 dd 4d 23 c8 8d 7b ba 94 b4 f7 26 5d 87 85 84 5d 1a ed 1a 89 98 d2 3b 35 55 98 48 2e f3 b9 41 1c 54 43 b0 46 b8 ab f6 99 c5 44 54 8b 4d b2 fc 99 35 2e 5b d0 f4 a2 19 08 6b 99 46 e5 58 da 63 11 8b 35 ea 3a 1b 9a 9f 0c 06 99 93 09 31 08 6b 98 54 b5 70 53 81 9c 31 45 48 5b cc a5 ca 91 0c 3e 58 3e 10 05 ed 6a 09 dd 7c cd fd 67 68 e9 85 12 99 84 c9 8e 6d 4b 71 a8 01 51 39 3b c6 0c 89 f1 1a cb e2 97 68 5b cc 0d 3d ac a7 e7 d5 7d 59 33 04 f2 c2 55 99 0a 91 89 67 59 f0 81 97 8f 11 41 89 89 33 9a 80 5b 0c d9 ee 61 ec f7 88 2d 2c 80 1c 18 e6 4f 74 32 34 a9 88 b9 9d 5c 30 64 bd 3a d3 82 10 39 25 d3 4a 83 83 82 28 34 78 21 d8 51 2e 7b 9f 43 d0 e9 8f 95 88 a5 6d f6 94 33 4c 70 17 89 99 71 9d e5 cd fa 4c 43 31 57 59 28 5e 11 60 10 ed 2f
                                                Data Ascii: 0 QA3"M#{&]];5UH.ATCFDTM5.[kFXc5:1kTpS1EH[>X>j|ghmKqQ9;h[=}Y3UgYA3[a-,Ot24\0d:9%J(4x!Q.{Cm3LpqLC1WY(^`/
                                                2024-07-03 13:47:13 UTC1500INData Raw: 94 3c fb cb 32 e6 9f b9 70 63 b0 15 51 da a5 26 d8 03 6a 9f 62 0b 77 22 54 c1 b9 bf 58 c0 42 be 9d d4 ce 18 fe e8 83 c8 4b c6 58 33 75 fa 4b f0 2d 8c e6 1f a0 f1 a8 12 95 71 ab 2f 1d c6 c9 17 4c 33 3b 55 a8 40 34 71 99 b2 ec df 68 d1 38 b5 d2 12 07 aa ac a9 a1 5a e6 78 75 af a9 71 4d 15 e2 ea f3 2a 47 56 cc 4d fe 8e 7b fc 83 82 13 48 ff 00 e2 a3 b2 5d 70 00 fb b9 89 3e 18 e1 9f 40 43 b2 36 03 47 b4 1e 8e a2 e7 d4 3d 14 5d ac 15 f0 31 5a 1a ed b4 ff 00 31 30 b8 5f 6c 1f e0 83 84 75 14 b4 b6 b3 ae 63 29 4a 07 c2 35 d2 4f d4 cb 54 d3 3f 99 84 44 a3 f3 0e 07 00 23 d2 38 10 50 29 50 8b cf 02 3e 18 29 cd fe 16 20 72 54 90 98 56 c3 2d 05 df a3 43 d1 0e 30 d9 34 9f 9d 1b 4d a8 ab a8 2c 1e 4f ee 20 11 b6 ee 53 59 ac a6 66 75 12 ca 73 18 25 2e 1e 12 1c 44 74 6d 44
                                                Data Ascii: <2pcQ&jbw"TXBKX3uK-q/L3;U@4qh8ZxuqM*GVM{H]p>@C6G=]1Z10_luc)J5OT?D#8P)P>) rTV-C04M,O SYfus%.DtmD
                                                2024-07-03 13:47:13 UTC16384INData Raw: 33 0d 4a f4 57 b8 4c 92 93 63 4d 3e 62 e9 e1 4f b3 2d e2 a9 7d 4b ba d8 97 d9 4a d7 84 a8 8c 2d 6f ab ff 00 91 31 eb 05 a8 bd 1a fe 60 23 9a 2f 9b 88 39 b7 0e 7b 83 01 5e 4b cc 1e 3c e3 c4 6c d0 e0 af 72 3b 52 bb 3e 65 4a c6 32 37 a9 98 f9 9b b0 d0 f2 fd 91 29 d4 19 23 cc 55 71 d4 c3 dc db c3 de 18 94 d1 5b 62 92 36 42 ae 31 ac 52 fa 1f 69 84 b3 cd 7f a8 59 60 ea af fd 44 5c d5 fb 21 08 93 6b fe e9 bc 43 b1 fd cd 95 a3 c2 fe e0 9a 06 26 4d fb 41 48 d2 d3 79 a5 ac 10 c3 30 fa aa b8 b7 98 9b 84 a0 15 97 0b 2f 3e 85 85 c4 a8 34 44 df fd 07 50 bc 2d 6b ed 99 ab f9 65 b4 b8 94 bf 22 11 c8 85 1f b8 ba 56 21 ac 5a 8f 6d 44 a9 1b 09 57 8c c5 71 d4 56 30 1f 76 8f 43 bf c4 b0 3a c4 5f 49 79 da ea bf bf 43 d4 07 89 70 89 88 a3 00 56 2a 11 bb 8b 7d 38 4f 0b 59 88 4b
                                                Data Ascii: 3JWLcM>bO-}KJ-o1`#/9{^K<lr;R>eJ27)#Uq[b6B1RiY`D\!kC&MAHy0/>4DP-ke"V!ZmDWqV0vC:_IyCpV*}8OYK
                                                2024-07-03 13:47:13 UTC1717INData Raw: e1 8d 56 a2 d7 72 f9 82 d0 ac 2d 52 d2 f5 0c b3 40 d5 e0 9a 0b ab 31 b8 a0 76 31 9e 48 9a 35 55 f8 85 80 e4 02 aa 1d a6 ce e3 b9 a5 a0 99 6b 9e 25 2a bb cf ee 16 81 30 4c 1d 38 d5 dc 22 2d 63 2a 33 11 71 04 3d c2 19 18 20 43 9f b4 0e 71 5e 38 a8 81 8d 59 66 21 e6 39 b9 68 02 8b b4 82 2f ea e2 21 52 36 8d 4a c9 a7 03 9f b8 bb 05 da f1 dc bc 41 b8 bd 4c e1 64 72 52 45 21 ba 32 0d 22 14 d8 17 b8 95 d2 cc 62 39 af 85 0f e6 36 4d bd 46 cb cd fa 90 5d 60 8e 09 0c 12 8a a5 a1 28 96 ad e6 54 63 22 0d 0c 45 75 0a 68 80 a6 37 d7 99 b4 13 03 d0 c9 03 b4 e0 06 51 8a 19 ac d4 10 70 1c 44 3a 82 ba 89 b8 c6 eb 86 35 fa 62 3f 1b ec e4 fc 40 7d 63 13 cc 64 6e 0a 7a 46 15 91 98 1e 65 c9 36 8e 73 03 48 2f c1 28 96 9b 6a 3a 6c ea dd 43 82 a6 78 31 5d 05 90 85 54 19 96 f7 0e
                                                Data Ascii: Vr-R@1v1H5Uk%*0L8"-c*3q= Cq^8Yf!9h/!R6JALdrRE!2"b96MF]`(Tc"Euh7QpD:5b?@}cdnzFe6sH/(j:lCx1]T


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                136192.168.2.549856157.240.24.134432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC831OUTGET /v/t15.5256-10/449786290_1602805117231876_4060912889184558328_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=34Ah_F40SnsQ7kNvgH6BA0K&_nc_ht=scontent-hou1-1.xx&oh=00_AYBllGOcxhYMF3vf4H94uWio-xw5ujSDUZXsOOWKeJbvww&oe=668B3972 HTTP/1.1
                                                Host: scontent-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:13 UTC553INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 21:00:04 GMT
                                                X-Needle-Checksum: 3105918619
                                                Content-Type: image/jpeg
                                                content-digest: adler32=2188513407
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: max-age=1209600, no-transform
                                                Accept-Ranges: bytes
                                                Date: Wed, 03 Jul 2024 13:47:13 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 52708
                                                2024-07-03 13:47:13 UTC1INData Raw: ff
                                                Data Ascii:
                                                2024-07-03 13:47:13 UTC15136INData Raw: d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ed 00 84 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 68 1c 02 28 00 62 46 42 4d 44 30 61 30 30 30 61 37 30 30 31 30 30 30 30 31 65 31 39 30 30 30 30 38 34 32 66 30 30 30 30 36 32 33 33 30 30 30 30 36 30 33 36 30 30 30 30 30 36 34 31 30 30 30 30 35 65 36 35 30 30 30 30 62 34 36 62 30 30 30 30 37 31 37 31 30 30 30 30 36 35 37 36 30 30 30 30 65 34 63 64 30 30 30 30 00 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28
                                                Data Ascii: JFIFPhotoshop 3.08BIMh(bFBMD0a000a700100001e190000842f00006233000060360000064100005e650000b46b00007171000065760000e4cd0000C%# , #&')*)-0-(0%()(C(((((((((((((((
                                                2024-07-03 13:47:13 UTC16384INData Raw: 42 39 39 4b 2b c5 0a 8b b6 0a 0a 3d 91 2a 28 0a e1 be f7 33 53 cd 7b aa 4e 75 1e d8 32 52 d9 45 b9 d4 ea 6a 78 93 19 04 ff 00 86 3e 65 e6 a3 1a ba e7 01 25 1b d1 ac 1d cc ee c5 1f f1 19 a2 f2 3a 46 4b c9 cd 1b b6 5c 89 ef a8 fc e0 c6 a8 6c 54 be 5a a5 54 eb 9e 04 94 06 e8 01 da bf 2a 0a 03 32 ac 0c b7 50 19 04 4d 61 34 ea ff 00 38 76 b7 09 cd 03 29 82 a5 8e 2b 26 b8 9b a5 03 ac fc e0 c2 a2 17 56 d2 4f 17 bd 90 c0 26 a8 d4 6f 84 da f9 1a 9f ce 04 6e 12 1b 14 d3 dc 5c 18 71 18 44 d5 c5 63 53 f9 53 bf 2b 92 4d dc dd 8e c8 01 9e 04 02 b3 50 c0 15 3b 59 0d b0 0a 6c 78 b9 d3 90 b9 25 01 85 1a 82 65 ff 00 6a 8a f7 a9 da 79 e0 ca a7 79 31 ac a7 4a 58 81 15 6b 73 50 a8 54 3c 55 0a c7 37 85 43 5d 15 d3 9a b2 f9 1a cc e5 8c de 2a 65 62 b3 58 ba 57 bd 43 49 3c 30 a2
                                                Data Ascii: B99K+=*(3S{Nu2REjx>e%:FK\lTZT*2PMa48v)+&VO&on\qDcSS+MP;Ylx%ejyy1JXksPT<U7C]*ebXWCI<0
                                                2024-07-03 13:47:13 UTC16384INData Raw: f5 29 ea 53 d4 a7 a9 4f 52 9e a5 3d 4a 7a 83 fe be 60 ff 00 9f 9f e7 67 a9 ff 00 67 cc 41 75 c5 b4 25 04 05 5c 52 97 8b 95 2b f9 1f f7 73 0f 0f 95 58 b8 44 b5 67 ff 00 c5 3d 7f 35 fc 67 f8 46 89 4f 52 9e a5 3d 4a 7a 94 f5 29 ea 53 d4 a7 a9 4f 52 9e a5 3d 4a 7a 94 f5 29 ea 53 d4 a7 a9 4f 52 9e a5 3d 4a 7a 94 f5 29 ea 62 62 62 62 62 62 62 62 62 62 62 62 62 62 62 62 62 62 62 62 7f c7 ee 28 a1 60 d5 8e 0f 51 ab fe f8 3a 5e e5 93 1c 36 87 d5 f8 aa 8d 1a 9c 45 7f 94 72 47 99 6b 43 81 cb 00 cf 0a cd 80 e7 ca 05 00 a0 b2 45 f6 a2 a3 97 ea aa a5 61 61 d1 e7 4d 65 c5 f8 82 e3 60 2c 3c 0f 63 a8 64 02 8d 00 cf f9 dd c2 94 10 05 d2 54 c0 59 50 9a ba 28 5e b6 cb a0 98 14 f0 59 c9 0c 69 8d 62 ae 94 39 80 aa 10 01 78 79 69 d7 f1 71 b3 cd 9b a2 b9 65 d7 5d 76 6f 40 e1 c4
                                                Data Ascii: )SOR=Jz`ggAu%\R+sXDg=5gFOR=Jz)SOR=Jz)SOR=Jz)bbbbbbbbbbbbbbbbbbbb(`Q:^6ErGkCEaaMe`,<cdTYP(^Yib9xyiqe]vo@
                                                2024-07-03 13:47:13 UTC4803INData Raw: 1a 0b cd c2 ad 54 1a f3 0b d4 d8 cd 22 33 18 2c c9 98 eb 18 12 b1 06 5a ee 00 e2 ee 38 d9 4f 30 54 aa 6a 5d 9e 38 87 bc 50 fc 4b 10 cb 50 b8 09 cc d0 6d 66 d0 6d b2 40 38 ee 63 46 d7 c4 d4 83 29 d4 14 c3 7f f2 dc a0 12 8a 8f 0e e5 a1 e6 2f b2 38 61 9b b8 34 67 6c 05 9c 80 fc 20 09 e2 6f fe 2e 01 cb 2f fd 37 a1 95 f5 09 71 8b eb 04 fd 43 55 8c e7 90 86 c7 3c 40 02 77 94 50 bb ba 46 e3 60 67 79 f8 99 19 a3 9f a9 87 4f f7 23 f0 55 41 48 c3 1e 59 8b 73 bc 54 55 4d e0 fd 42 ef 20 e2 0d 66 91 96 22 bc 11 34 36 1a 85 c0 6d e2 1a 19 59 3b fa 96 2c ba fe 0c 46 ba 83 67 d4 ac 9b e2 a1 2b 60 19 d1 1b e5 c4 e6 a2 c3 35 db 10 ba fb 8e 92 f1 04 2c 15 22 e3 88 60 5b 24 05 db ee 5c 8e 2b d5 ee 26 59 b9 56 cd 47 25 8d 5c c2 5d f5 00 d4 e8 b8 03 61 f0 90 12 1c 69 e6 3f 45
                                                Data Ascii: T"3,Z8O0Tj]8PKPmfm@8cF)/8a4gl o./7qCU<@wPF`gyO#UAHYsTUMB f"46mY;,Fg+`5,"`[$\+&YVG%\]ai?E


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                137192.168.2.549857157.240.24.134432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC831OUTGET /v/t15.5256-10/441895106_1198366088013188_6995649902217432552_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=4WgkZe3RElIQ7kNvgG2v3tP&_nc_ht=scontent-hou1-1.xx&oh=00_AYDb-M11Z0SNpwvXrjD3QZn7r2IuxM_jwUBShiw8VZhMjQ&oe=668B2C36 HTTP/1.1
                                                Host: scontent-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:13 UTC552INHTTP/1.1 200 OK
                                                Last-Modified: Sat, 22 Jun 2024 15:51:00 GMT
                                                X-Needle-Checksum: 391264774
                                                Content-Type: image/jpeg
                                                content-digest: adler32=1244858671
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: max-age=1209600, no-transform
                                                Accept-Ranges: bytes
                                                Date: Wed, 03 Jul 2024 13:47:13 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 46236
                                                2024-07-03 13:47:13 UTC1INData Raw: ff
                                                Data Ascii:
                                                2024-07-03 13:47:13 UTC15139INData Raw: d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ed 00 84 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 68 1c 02 28 00 62 46 42 4d 44 30 61 30 30 30 61 37 30 30 31 30 30 30 30 62 62 31 61 30 30 30 30 38 61 33 32 30 30 30 30 35 32 33 36 30 30 30 30 31 63 33 61 30 30 30 30 37 30 34 32 30 30 30 30 64 38 36 33 30 30 30 30 30 38 36 61 30 30 30 30 66 34 36 65 30 30 30 30 37 37 37 34 30 30 30 30 39 63 62 34 30 30 30 30 00 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28
                                                Data Ascii: JFIFPhotoshop 3.08BIMh(bFBMD0a000a70010000bb1a00008a320000523600001c3a000070420000d8630000086a0000f46e0000777400009cb40000C%# , #&')*)-0-(0%()(C(((((((((((((((
                                                2024-07-03 13:47:13 UTC16384INData Raw: 07 1e fe 0f 6c c5 e7 95 47 65 4a 2f 70 9b 89 49 d9 35 e7 f4 5f f8 a3 67 0d c2 71 08 e7 80 a4 ef 9e 50 07 60 b0 b7 ac 83 a9 e9 d9 a6 b3 bd f8 5e 08 46 22 15 79 10 03 60 9a 0b 82 c4 1c 31 b5 18 e6 39 cc dd 19 89 2a a8 9f 75 3d 6f ce 4a 22 71 54 22 07 6c b8 9c 38 dd 92 1c 24 2e 15 0e d9 70 f2 9c b0 ea 20 fe c7 24 0b a7 b2 a6 53 d4 40 d2 81 46 fb a1 35 2a 8a d1 3b 20 b4 7e c3 6d 08 22 50 18 63 ba 04 88 ef fa 29 73 69 cc 50 25 b1 84 62 2a ad 04 bb dd 60 6b 1a 63 21 bc 34 e5 c3 96 1c a9 d1 1d 28 1b 1b dc 13 8c 2e 10 aa 21 73 20 06 8e eb 75 05 c8 e2 33 2a 74 61 ea 97 43 74 23 bf 40 74 66 e1 92 8d 0a 83 3d 57 0e 41 ad 45 53 a5 5d 73 a3 17 04 34 a8 a6 28 9c d7 8c 8e f2 61 34 bb ba 0e 1b 1c 84 a9 06 46 4d d4 12 a7 21 d4 00 6e 50 63 9b c4 54 39 85 54 1d 4a e6 97 6c
                                                Data Ascii: lGeJ/pI5_gqP`^F"y`19*u=oJ"qT"l8$.p $S@F5*; ~m"Pc)siP%b*`kc!4(.!s u3*taCt#@tf=WAES]s4(a4FM!nPcT9TJl
                                                2024-07-03 13:47:13 UTC14712INData Raw: 0d 6d 3d 42 06 b9 ba ec 99 e0 f8 1a 5c cb aa 14 94 73 8c 88 8c 7d 84 4a d4 98 bc 0b b4 30 80 8f 03 82 e1 cb 48 f1 7c 2c f7 16 e7 c8 8b 3e 72 63 c1 03 c7 02 b5 34 0d e2 03 4d 1f cc 09 e8 f0 63 9c 87 b5 9d 72 ba 3a 26 f8 bc 48 a0 78 67 ad da c0 9e cd ef 13 f5 33 42 2e a7 04 6a f3 1c 89 ee 03 c6 64 a8 b1 c6 15 77 b5 c6 dc 16 fd bf ab 66 d8 e7 c1 3a 96 7f bc 7e 32 dd 9e e6 0b 8a 59 4e bd 4a d0 14 b9 72 43 77 90 0e b2 2d ee 7b b8 13 b4 77 c1 ee 60 77 60 8f 81 4f 22 17 35 a1 81 ea 29 c0 ee df 7c 17 a8 7e 4c 90 62 7d f1 b6 a7 d5 8f bf 06 cd 9d 5f 22 1b 0b d3 95 7c b9 e4 3b 65 b1 b0 27 50 3d da bc cc 94 c3 cf b8 0f 35 e6 3d 4a e0 6b c8 a7 7e 20 1c 32 ca 36 05 d4 88 1b d4 bc 41 18 2f ea d5 8e 25 7d 5a bd c1 bd c7 76 f3 0f 16 f1 2e 5c a4 7b 90 c9 2c 83 48 0f 96 78
                                                Data Ascii: m=B\s}J0H|,>rc4Mcr:&Hxg3B.jdwf:~2YNJrCw-{w`w`O"5)|~Lb}_"|;e'P=5=Jk~ 26A/%}Zv.\{,Hx


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                138192.168.2.549873157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC716OUTGET /v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=0&byteend=823 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:13 UTC700INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=0&byteend=823
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:13 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                139192.168.2.549890157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC925OUTGET /v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=0&byteend=823 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:13 UTC588INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 21:01:21 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 114896654
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 824
                                                2024-07-03 13:47:13 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:13 UTC823INData Raw: 00 00 24 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 63 6d 66 63 00 00 03 14 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 aa 1b 21 e2 aa 1b 21 00 00 bb 80 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61 6b 61 2d 70
                                                Data Ascii: $ftypmp41iso8isommp41dashcmfcmoovlmvhd!!@meta hdlrID32`ID32ID3HPRIV>https://github.com/shaka-p


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                140192.168.2.549891157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC928OUTGET /v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=824&byteend=1011 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:13 UTC588INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 21:01:21 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 114896654
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:12 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 188
                                                2024-07-03 13:47:13 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:13 UTC187INData Raw: 00 00 bc 73 69 64 78 00 00 00 00 00 00 00 01 00 00 bb 80 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 44 ca 00 01 7c 3e 90 00 00 00 00 00 40 2a 00 01 78 00 90 00 00 00 00 00 3f e8 00 01 78 00 90 00 00 00 00 00 3e a7 00 01 70 00 90 00 00 00 00 00 3f d0 00 01 78 00 90 00 00 00 00 00 3f 35 00 01 78 00 90 00 00 00 00 00 40 96 00 01 78 00 90 00 00 00 00 00 40 76 00 01 78 00 90 00 00 00 00 00 3f a8 00 01 78 00 90 00 00 00 00 00 3f 88 00 01 78 00 90 00 00 00 00 00 3f c3 00 01 78 00 90 00 00 00 00 00 3e a5 00 01 70 00 90 00 00 00 00 00 0a 3c 00 00 37 c2 90 00 00 00
                                                Data Ascii: sidxD|>@*x?x>p?x?5x@x@vx?x?x?x>p<7


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                141192.168.2.549892157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC930OUTGET /v/t39.25447-2/449745839_1625389988297537_5965255506811228425_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=nUpM9yYV9IEQ7kNvgFRwSFy&_nc_ht=video-hou1-1.xx&oh=00_AYADDmQRaqjBi1xIuwZIcUt6Iulzb8TMl1WZc9aMDS0vwg&oe=668B2F59&bytestart=1012&byteend=18621 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:13 UTC590INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 21:01:21 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 114896654
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:13 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 17610
                                                2024-07-03 13:47:13 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:13 UTC1500INData Raw: 00 01 44 6d 6f 6f 66 00 00 00 10 6d 66 68 64 00 00 00 00 00 00 00 01 00 00 01 2c 74 72 61 66 00 00 00 1c 74 66 68 64 00 02 00 2a 00 00 00 01 00 00 00 01 00 00 08 00 00 00 00 00 00 00 00 10 74 66 64 74 00 00 00 00 00 00 00 00 00 00 00 dc 74 72 75 6e 00 00 02 01 00 00 00 32 00 00 01 4c 00 00 01 55 00 00 01 55 00 00 01 fe 00 00 01 a4 00 00 01 a0 00 00 01 90 00 00 01 83 00 00 01 7c 00 00 01 67 00 00 01 64 00 00 01 5b 00 00 01 54 00 00 01 4f 00 00 01 4c 00 00 01 61 00 00 01 5b 00 00 01 5a 00 00 01 41 00 00 01 49 00 00 01 46 00 00 01 44 00 00 01 46 00 00 01 46 00 00 01 40 00 00 01 40 00 00 01 5d 00 00 01 4a 00 00 01 54 00 00 01 50 00 00 01 50 00 00 01 45 00 00 01 3f 00 00 01 44 00 00 01 4b 00 00 01 54 00 00 01 46 00 00 01 41 00 00 01 57 00 00 01 9c 00 00 01 50
                                                Data Ascii: Dmoofmfhd,traftfhd*tfdttrun2LUU|gd[TOLa[ZAIFDFF@@]JTPPE?DKTFAWP
                                                2024-07-03 13:47:13 UTC15320INData Raw: 87 ff cb a0 00 00 11 cd a1 10 ff f9 74 34 5f 1a 2f 98 00 30 00 00 e0 21 7b 55 4d 15 92 48 65 40 e8 b0 45 0a 97 55 65 5b 9e 14 8c ae 2a c0 ab 33 85 49 b5 a8 54 fd 9f f7 bc 2d a9 36 b9 44 91 be 13 73 57 9d 7a 5d 6b 39 16 e8 a5 05 29 ac ca c5 2b db ec 98 f6 a7 7f 86 27 fb 76 da b2 4b 25 12 a0 2c 96 56 80 32 8a 16 ce 99 ca 30 48 c2 20 17 64 96 58 a9 3b 5f 65 42 32 e7 55 e3 94 50 51 97 7e 59 23 5e 35 48 3a 35 f3 ce 20 a7 88 ba 27 8b 6e a5 75 04 66 ad e7 d0 00 13 bc c3 49 8d c0 40 86 18 4d 56 f4 c6 19 5e aa 36 ab 65 97 0c d2 06 66 84 64 04 89 26 06 81 63 cf c3 7f 13 7b e3 73 2c 02 18 8a 4e 3d 56 8b 4a c5 af 60 19 00 c7 92 1d 05 1d 96 87 a2 fe 4f 3d 78 8e 5e b9 ca 82 4f a9 d8 db a2 e0 0a 8c 17 35 31 a3 0e 2b 0c 6d 5f 87 b3 b3 56 11 4b 9a ca 85 81 1c bb 3a 75 69
                                                Data Ascii: t4_/0!{UMHe@EUe[*3IT-6DsWz]k9)+'vK%,V20H dX;_eB2UPQ~Y#^5H:5 'nufI@MV^6efd&c{s,N=VJ`O=x^O51+m_VK:ui
                                                2024-07-03 13:47:13 UTC789INData Raw: 57 8e 75 9b 84 04 a5 f9 97 d9 44 d2 6e 03 7c 0e dd 77 5a ba 03 34 dc 14 f9 65 83 9e e8 66 bf 44 42 ac 92 4f 5b d2 f7 e2 e3 51 d1 5c b4 f0 8a 24 bd b0 8c 3e ae d4 45 c9 a0 4a e9 5b 64 5e 80 d9 a5 a1 aa e6 14 7c 71 96 a4 bb 04 81 4f 9d b7 a2 ec 0a 07 97 e1 bd 4a 7a 75 e3 13 77 08 f8 b5 09 f6 3c 37 b5 4d 56 40 1a 4f 13 fe 3c 56 a2 20 0b c0 fb 86 ed 01 0f a0 81 42 a9 d0 00 a1 54 e8 00 00 0e 21 1b 55 3d 8a 1b 61 a4 c1 98 48 36 2a 0c 02 b0 84 a2 a4 52 24 21 56 10 22 ac 24 89 23 f5 ee 8d 2c e3 37 0b f8 10 41 bf 31 2b 41 69 27 43 de c7 e5 7e 96 39 52 70 da 5f 4e 73 d1 fa fe 0f f8 7a bb b7 24 28 f9 e5 9e 81 e8 06 64 c1 14 3b 16 06 e5 22 4d db eb 9e ab c5 7e eb d8 e8 eb 95 8e dd e7 75 49 f4 91 df 3d 07 61 50 0b e9 04 24 58 9a 5a 09 df 66 89 28 96 aa ca 76 96 8a 20
                                                Data Ascii: WuDn|wZ4efDBO[Q\$>EJ[d^|qOJzuw<7MV@O<V BT!U=aH6*R$!V"$#,7A1+Ai'C~9Rp_Nsz$(d;"M~uI=aP$XZf(v


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                142192.168.2.54989531.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:12 UTC689OUTGET /v/t39.25447-2/449400216_441070382166231_7996235846170639077_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3E0MCIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=cB3Oue079RsQ7kNvgEZLyDk&_nc_ht=video-hou1-1.xx&oh=00_AYCT__3My20AalVBeIFC2K6dKGjPy7rYUAMG5ruq9MWfaw&oe=668B25EF&bytestart=0&byteend=825 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:13 UTC279INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 01:19:35 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 2477213452
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                2024-07-03 13:47:13 UTC2714INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 73 70 6f 6e 73 65 5f 6f 6b 3b 20 65 5f 66 62 5f 63 6f 6e 66 69 67 76 65 72 73 69 6f 6e 3d 22 41 63 4b 52 64 2d 70 6d 30 47 5a 72 62 74 2d 34 42 56 30 55 59 43 45 62 4d 6e 41 36 2d 4f 6d 69 41 65 56 31 4e 58 69 50 48 30 74 77 57 62 5a 44 4d 57 6b 62 69 52 6d 37 53 61 4b 51 65 67 22 3b 20 65 5f 66 62 5f 76 69 70 70 6f 72 74 3d 22 41 63 4b 51 43 61 7a 4f 76 76 72 71 2d 35 36 6c 33 37 50 71 4b 72 30 78 6c 76 46 6c 6f 54 5f 6a 75 57 49 65 5a 44 77 54 4f 73 69 72 64 35 65 62 65 46 50 6a 48 69 5a 7a 50 30 41 72 22 3b 20 65 5f 66 62 5f 70 72 6f 78 79 63 6f 64 65 3d 22 41 63 4b 6d 42 36 43 34 41 79 69 59 6d 6d 68 79 55 47 53 46 54 42 67 77 61 52 48 7a 77 75 30 63 43 6e 69 64 6f 46 32 43 53 6e 50 47 7a
                                                Data Ascii: Proxy-Status: http_response_ok; e_fb_configversion="AcKRd-pm0GZrbt-4BV0UYCEbMnA6-OmiAeV1NXiPH0twWbZDMWkbiRm7SaKQeg"; e_fb_vipport="AcKQCazOvvrq-56l37PqKr0xlvFloT_juWIeZDwTOsird5ebeFPjHiZzP0Ar"; e_fb_proxycode="AcKmB6C4AyiYmmhyUGSFTBgwaRHzwu0cCnidoF2CSnPGz
                                                2024-07-03 13:47:13 UTC42INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 38 32 36 0d 0a 0d 0a
                                                Data Ascii: Connection: closeContent-Length: 826
                                                2024-07-03 13:47:13 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:13 UTC825INData Raw: 00 00 28 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 61 76 30 31 63 6d 66 63 00 00 03 12 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 a7 b4 a6 e2 a7 b4 a6 00 00 3c 00 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61
                                                Data Ascii: (ftypmp41iso8isommp41dashav01cmfcmoovlmvhd<@meta hdlrID32`ID32ID3HPRIV>https://github.com/sha


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                143192.168.2.549894157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:13 UTC698OUTGET /v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=826&byteend=905 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:13 UTC682INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449318552_328889630160021_8165757550254973066_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=j7LF-H9Ghp0Q7kNvgE2E3Ki&_nc_ht=video-hou1-1.xx&oh=00_AYCm58f4d04MDIOt6Tk8GLzljuymdR4VZCM5akROrsWl9A&oe=668B2D29&bytestart=826&byteend=905
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:13 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                144192.168.2.549880157.240.24.134432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:13 UTC831OUTGET /v/t15.5256-10/442058648_1390260634990350_3671320554231620569_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=7965db&_nc_ohc=YHyfjqs1T0kQ7kNvgGvisSS&_nc_ht=scontent-hou1-1.xx&oh=00_AYBYI33eJMZCXkexmSD0KK_SoAPEM1EGdCY5gNvWJYScLA&oe=668B1CF7 HTTP/1.1
                                                Host: scontent-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:13 UTC552INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 20:55:28 GMT
                                                X-Needle-Checksum: 516041136
                                                Content-Type: image/jpeg
                                                content-digest: adler32=3826406931
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: max-age=1209600, no-transform
                                                Accept-Ranges: bytes
                                                Date: Wed, 03 Jul 2024 13:47:13 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 68399
                                                2024-07-03 13:47:13 UTC1INData Raw: ff
                                                Data Ascii:
                                                2024-07-03 13:47:13 UTC1500INData Raw: d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ed 00 84 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 68 1c 02 28 00 62 46 42 4d 44 30 61 30 30 30 61 37 31 30 31 30 30 30 30 66 38 32 32 30 30 30 30 35 65 35 32 30 30 30 30 31 64 35 39 30 30 30 30 62 64 35 65 30 30 30 30 39 63 37 36 30 30 30 30 36 64 61 37 30 30 30 30 39 39 61 64 30 30 30 30 35 62 62 35 30 30 30 30 33 32 62 63 30 30 30 30 32 66 30 62 30 31 30 30 00 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28
                                                Data Ascii: JFIFPhotoshop 3.08BIMh(bFBMD0a000a71010000f82200005e5200001d590000bd5e00009c7600006da7000099ad00005bb5000032bc00002f0b0100C%# , #&')*)-0-(0%()(C(((((((((((((((
                                                2024-07-03 13:47:13 UTC16332INData Raw: 69 b5 a2 48 e4 d3 22 18 20 a1 b6 af d3 31 58 4c 3b 66 e3 87 9e 28 f8 0c aa cb 53 27 ae 3c 2d 16 be 48 d6 c0 91 8b 96 0d 6d b0 5a 67 56 3d 80 bb 73 87 23 59 79 4a e8 d5 a7 be 27 06 d0 7b 72 3c ff 00 4b 35 0d d0 17 35 9a aa 0b fe 8c 2d 7c c6 e3 d2 f6 c4 5c 68 64 01 06 99 81 9a d3 81 a7 ce b5 65 75 e6 5b e0 08 5c 07 a7 8b 0c 58 8a ab 73 9e d0 d6 39 cf f4 b3 63 b5 74 56 43 d4 0f 2c 6d 6a f4 cc b9 59 ea 2d 5c be db ae 7e 27 67 49 a4 48 12 1d 32 6b 70 fb 2c 37 a6 ab b2 ad 55 58 d3 c0 d3 2b 51 a0 e4 46 45 79 9a 2d 79 f3 79 8e b9 7a 97 9e 3a bd 32 6b fd 1e 09 ac 51 56 3a 84 fc d5 9b cb 16 b2 09 16 b6 6b 33 26 9b 20 98 63 fa 26 6f 4c b3 f1 4a 84 c6 e8 56 a2 65 89 c1 a0 eb 18 78 bb cf b7 c8 42 56 95 95 b1 5e 79 af 46 06 a3 4c eb ae 81 1e e7 44 66 46 bd ad c5 7e 71
                                                Data Ascii: iH" 1XL;f(S'<-HmZgV=s#YyJ'{r<K55-|\hdeu[\Xs9ctVC,mjY-\~'gIH2kp,7UX+QFEy-yyz:2kQV:k3& c&oLJVexBV^yFLDfF~q
                                                2024-07-03 13:47:13 UTC16384INData Raw: 20 45 e4 dd a1 30 9f fa 54 da c8 d5 b7 5a 43 0c 30 89 d3 35 35 cd 5e 2d a4 4a b2 c8 95 e4 6e 2d b0 3c 0d 03 40 d0 b4 dc dc df 2d f4 8c 70 56 78 ad 05 d0 bf 88 de 5d cd cd cd c2 61 69 63 ce 21 99 07 72 22 fb c7 f6 6e 62 a7 33 c0 b6 78 16 4f 02 c9 e0 59 3c 0b 27 81 64 f0 2c 9e 05 93 c0 b2 78 16 4f 02 c9 e0 d9 3c 1b 27 83 67 3e 1a 76 a4 42 21 13 53 53 53 53 50 89 ae 4a dc 92 c2 25 77 45 ba 2d b1 5e 06 85 a0 7e dd 73 aa 6e 50 be 29 3c b7 2a f6 9b 9b 9b 9b 9b 9b 84 cd c2 65 8f 33 f2 ba 01 3d 4c 39 0f 78 e6 1e 55 7e 4e 11 42 1c 6f d3 d7 3f 4e 93 f4 f5 cf d3 d7 3f 4f 5c fd 3d 73 f4 f5 cf d3 d7 3f 4f 5c fd 3d 73 f4 f5 cf d3 d7 3f 4f 5c ce c7 4f 07 28 6b 22 70 cf 68 44 d4 22 6a 6a 18 66 a6 a6 a6 a0 3a 8b c9 2c 22 25 92 b7 9d 73 7c 81 9b 9b 94 8d 2b 7b ff 00 5b 8b
                                                Data Ascii: E0TZC055^-Jn-<@-pVx]aic!r"nb3xOY<'d,xO<'g>vB!SSSSPJ%wE-^~snP)<*e3=L9xU~NBo?N?O\=s?O\=s?O\O(k"phD"jjf:,"%s|+{[
                                                2024-07-03 13:47:13 UTC16384INData Raw: f8 27 e7 f7 97 88 7d 79 d2 1c 44 29 e4 5e 89 d3 91 32 b4 45 98 99 c1 89 39 88 b1 b0 91 84 f0 69 17 12 85 02 50 82 0d 46 92 19 a3 12 53 2f 15 19 a6 b4 13 08 81 db 4b 59 45 5f ec 41 6f 64 3f 86 be 8d 58 9e 44 91 b5 e8 e2 09 e4 7c d5 da 14 ca 3d 33 a9 bb 44 4e d4 09 18 cf a4 29 63 e4 3f 61 cb c5 26 c6 f6 71 e2 b4 63 78 2a a0 4a 16 76 95 c0 f0 37 87 2c d2 9a 43 1a f7 c8 4a 27 e0 27 d5 9c 35 03 1b 1b f6 24 73 8c 4f 4d 0c 85 37 44 5b 58 9c 46 72 d0 55 59 14 14 31 d2 1f 64 8f 62 40 42 78 e0 61 2c d7 3a 64 e0 91 88 10 98 e1 b9 02 53 63 e4 4c db 8e 89 8c 6e 93 66 ae 2f 27 08 46 d5 b8 8e b3 d9 29 2b 55 e8 5a ca b5 db 64 2e cb bd 7a 34 86 89 7a 36 6b e6 bc 89 78 53 f2 8e d5 e9 97 f1 5f 03 98 72 62 c5 34 b0 f0 2d 88 83 43 c9 21 2c a5 e8 d8 c7 8b 14 a9 79 e1 8a 7d 80
                                                Data Ascii: '}yD)^2E9iPFS/KYE_Aod?XD|=3DN)c?a&qcx*Jv7,CJ''5$sOM7D[XFrUY1db@Bxa,:dScLnf/'F)+UZd.z4z6kxS_rb4-C!,y}
                                                2024-07-03 13:47:13 UTC14935INData Raw: c9 4e 07 0c a4 e8 0d 4f cc 24 91 4b d2 67 d4 02 4c 99 82 8c c3 a9 55 e2 29 c4 37 71 dc 0c 84 71 c3 06 41 45 1c 19 6e 0f c0 e6 3b c9 67 72 9c 88 43 55 1d ae 10 8e 0b 88 32 a6 a3 a7 26 ee 68 04 34 10 08 cf aa 54 cb 05 5c 6e 3a 80 54 5a 54 1e 0b 88 4e 1f 73 89 0c b6 25 25 b9 9a 04 50 94 3e 52 c8 97 b3 bc a4 0d 3a a8 20 e9 cd 11 20 06 50 a8 eb 00 57 a8 15 20 e2 68 58 8f 58 7c d4 b4 a0 97 b3 48 36 1b 8c 0c b8 f4 eb 70 da 99 fc 42 ab a9 58 df 95 0a 1d e3 41 99 39 8e b3 0c 5d 96 bf e8 65 8e 01 63 44 de 2e 28 b9 5d de a5 dd 5d 2d c4 65 60 68 50 c7 1b 2e 0a e6 d2 05 86 60 64 9d 5e 18 80 fd 3c 6f cc b5 0a d2 64 f9 89 2a f6 84 cb a5 06 ee 6b 3f 92 c8 b8 16 3b 1d 93 7e 22 2a 98 8c 89 61 c3 4c 66 9d bc c3 2f 25 ce b8 7e 25 96 3d 6e a2 cd 95 e0 26 52 b8 88 ac dc 18 e4
                                                Data Ascii: NO$KgLU)7qqAEn;grCU2&h4T\n:TZTNs%%P>R: PW hXX|H6pBXA9]ecD.(]]-e`hP.`d^<od*k?;~"*aLf/%~%=n&R
                                                2024-07-03 13:47:13 UTC2863INData Raw: 63 8b 56 7b 8a 1a 7c de 65 81 70 8c 0a 35 26 64 b2 19 d0 c1 a6 48 ed 82 16 5e c6 2f 04 f7 73 26 48 06 51 ed 85 20 2c a8 18 0f cc af 79 09 f8 8a 94 b8 a3 af 41 85 75 2e e6 4a 95 18 9e c5 14 57 74 b8 98 6b da 18 49 99 28 f4 25 1a 07 71 8c 84 f4 63 52 ee c2 5d d9 34 8b 49 81 ac 45 ce ad 68 7d 27 c4 10 7b 01 c5 b9 71 96 30 bd 06 16 af fd 21 19 11 4f a4 3b 05 a6 12 92 d3 10 a3 23 50 c1 d3 a4 be aa 5e d3 33 f3 0d c0 cc a8 d5 8b 08 e1 10 cd 0b 4b 7b a4 57 ec 9a 06 58 7d e2 13 dd 3f 31 8e 0d cf 91 a1 75 19 8f b0 06 d1 97 1c 55 2a 67 30 c9 b0 e2 09 31 e2 08 76 48 f0 32 21 1a f1 0b b4 46 d7 05 4d e3 73 30 52 29 33 0b c2 06 e5 37 01 99 18 2b f8 59 99 f0 68 88 62 b3 1e b4 7a 98 63 bc 8a 3f a2 42 5c 0b d2 0c 80 46 30 21 11 08 c2 1d 18 7d 63 50 94 ca 36 56 cb 48 a8 a2
                                                Data Ascii: cV{|ep5&dH^/s&HQ ,yAu.JWtkI(%qcR]4IEh}'{q0!O;#P^3K{WX}?1uU*g01vH2!FMs0R)37+Yhbzc?B\F0!}cP6VH


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                145192.168.2.54988731.13.71.144432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:13 UTC710OUTGET /v/t39.25447-2/449450069_1948022175632401_5300699791447743925_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoxMDAxNDA0NzU4MzY1NzIxfQ%3D%3D&_nc_ohc=BNS_liS8xuMQ7kNvgH3t1jS&_nc_ht=video-hou1-1.xx&oh=00_AYC7NzW8Tf2T3-SDpTeOzem4P1HpY91CkP_Lc2y6Iv1cSA&oe=668B1021&bytestart=0&byteend=823 HTTP/1.1
                                                Host: video.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:13 UTC549INHTTP/1.1 200 OK
                                                Last-Modified: Mon, 01 Jul 2024 00:57:36 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 33493972
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:13 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=3, rtx=0, c=14, mss=1392, tbw=3410, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 824
                                                2024-07-03 13:47:13 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:13 UTC823INData Raw: 00 00 24 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 63 6d 66 63 00 00 03 14 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 a7 af 80 e2 a7 af 80 00 00 ac 44 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61 6b 61 2d 70
                                                Data Ascii: $ftypmp41iso8isommp41dashcmfcmoovlmvhdD@meta hdlrID32`ID32ID3HPRIV>https://github.com/shaka-p


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                146192.168.2.549884157.240.24.134432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:13 UTC593OUTGET /v/t15.5256-10/446046520_970955458109515_333034421707538801_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=c3bc4c&_nc_ohc=RS0G25oWr9QQ7kNvgGxHCeo&_nc_ht=scontent-hou1-1.xx&oh=00_AYC-vaZU89WpZdj_BjufXnH3BeZBz93wiAZj1m38xs565g&oe=668B136D HTTP/1.1
                                                Host: scontent-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:13 UTC551INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 07:58:11 GMT
                                                X-Needle-Checksum: 64081107
                                                Content-Type: image/jpeg
                                                content-digest: adler32=1938718717
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: max-age=1209600, no-transform
                                                Accept-Ranges: bytes
                                                Date: Wed, 03 Jul 2024 13:47:13 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=14, mss=1392, tbw=3411, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 58084
                                                2024-07-03 13:47:13 UTC1INData Raw: ff
                                                Data Ascii:
                                                2024-07-03 13:47:13 UTC15116INData Raw: d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ed 00 84 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 68 1c 02 28 00 62 46 42 4d 44 30 61 30 30 30 61 36 66 30 31 30 30 30 30 65 39 31 61 30 30 30 30 62 34 33 64 30 30 30 30 34 66 34 30 30 30 30 30 32 62 34 33 30 30 30 30 33 38 36 31 30 30 30 30 36 64 38 63 30 30 30 30 61 31 39 32 30 30 30 30 34 32 39 37 30 30 30 30 63 61 39 62 30 30 30 30 65 34 65 32 30 30 30 30 00 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28
                                                Data Ascii: JFIFPhotoshop 3.08BIMh(bFBMD0a000a6f010000e91a0000b43d00004f4000002b430000386100006d8c0000a192000042970000ca9b0000e4e20000C%# , #&')*)-0-(0%()(C(((((((((((((((
                                                2024-07-03 13:47:13 UTC16384INData Raw: 50 c5 93 0c 78 00 20 10 e8 1d 23 d6 b2 8c b4 e4 a8 54 6f c2 a3 39 a6 ea da 4f b6 df 2a 68 dc d5 0a 89 35 04 d1 92 c6 e0 63 73 93 93 d3 93 ca 71 44 ef 1b 86 fc a2 56 56 56 77 15 14 af 85 fe 5a 84 62 7b 55 46 72 d1 85 10 ef 03 13 46 10 1d 3f d0 e9 1e ae 4f a5 6e ae 11 0e 03 c9 6f 39 a3 ea da 4f b6 de 7b bd bb 82 88 a8 8a 62 6a 85 98 18 dc 53 93 93 d3 ca 79 4e 3d 03 a3 2b 2b 3d 45 54 4e e8 9f 41 51 51 53 25 c2 1e 1a 0a 99 85 c6 16 e0 04 3a 87 43 57 f6 77 48 c4 e6 15 40 31 49 d5 b4 7f 6d b9 fe d6 30 a6 c6 57 08 a1 12 64 78 51 61 34 85 4c dc a6 35 63 71 4e 4f 29 e5 48 53 8a 3b c2 1b f2 b2 b2 b2 b2 b3 bc aa 89 74 b7 49 79 b5 c4 61 96 a9 af 9e 68 69 da 10 0e 09 8c 90 a1 1c 8b 84 f5 c1 7a e0 bd 36 17 a2 c7 a2 c9 51 12 af d4 5e 65 a9 71 1b 91 20 3b b2 8f 74 14 1f
                                                Data Ascii: Px #To9O*h5csqDVVVwZb{UFrF?Ono9O{bjSyN=++=ETNAQQS%:CWwH@1Im0WdxQa4L5cqNO)HS;tIyahiz6Q^eq ;t
                                                2024-07-03 13:47:13 UTC16384INData Raw: 0a 8f 23 fb fe 99 e1 92 0e ed 40 17 a0 51 15 83 74 da 1c 33 3e 21 a5 ed 28 f3 4c 7d 6c b6 96 3a 99 66 6e 12 30 a6 1a 6d 19 40 ac f8 65 a6 ab 61 37 af f2 5e c4 8d 5d dc f6 83 54 b1 c8 60 42 b0 60 d0 fc a6 ad ae 07 2e f3 3c 67 79 95 3b 20 df 78 c7 99 8e 96 d0 5e fb c1 a5 19 94 b9 1b d0 8e 17 5d 68 69 ef 2b 5b 6f da 05 6b 58 d6 46 04 2a 30 d0 ff 00 31 d2 e9 2d 22 ee e3 25 87 09 9a d8 05 dc 58 2b 35 c5 be 92 76 a3 71 29 02 2a a0 38 e9 ec b7 bc 30 bc b0 cb 94 98 84 0b 98 3a 3b df 40 36 0c 4a a3 10 18 25 90 ef b0 0f bb e8 5e 85 d4 0c d8 d6 66 6c 98 97 a9 a2 b4 e2 51 ec 83 32 86 a0 a2 57 8e 0b de 26 f2 e6 84 5d 82 52 ad d2 5c 48 9a 59 ac 30 2a 1a d1 cb 00 8b a8 9e 38 96 60 d0 e4 d7 f9 36 58 a8 bf b4 03 59 b0 77 f3 2e 54 39 4f 31 a5 3b 77 99 64 ab 56 49 a8 77 81
                                                Data Ascii: #@Qt3>!(L}l:fn0m@ea7^]T`B`.<gy; x^]hi+[okXF*01-"%X+5vq)*80:;@6J%^flQ2W&]R\HY0*8`6XYw.T9O1;wdVIw
                                                2024-07-03 13:47:13 UTC10199INData Raw: f8 90 10 fa 4b 4b 55 af 98 8a 54 62 d7 70 26 d4 7a 80 77 aa 50 c3 94 2f dc 00 02 a8 12 b6 36 59 29 80 12 fe 20 11 a6 f7 50 36 27 bd 77 2a d1 08 6d 00 f3 05 90 73 78 88 16 b3 77 de 08 26 09 63 78 86 a9 19 50 79 86 a6 a7 6a d7 10 b2 cb 3c c3 70 1a cb 95 84 90 6d 0e eb 37 c5 c5 59 bb 95 ac 01 b9 89 da a9 84 8a bc 2f 1d e5 71 e4 1f 74 0b 31 47 13 48 43 a5 e7 ea 18 a7 42 3b c4 1c 90 56 44 4b 99 93 98 27 35 15 d2 b3 da 7b cf 79 ed 29 3d 62 7b c7 ce 57 bc 6f 2f da 65 9f 81 01 0f a4 ad 03 71 3e 9c 42 62 f3 b3 05 c0 61 f2 46 31 56 6b b4 2d be 31 15 c7 2f f4 40 92 38 a4 87 cc 30 29 37 dc cd ff 00 88 e3 d0 6b 1e e0 33 0b 4b 7c 63 1d f3 28 35 37 4e a5 cc 83 e2 16 19 ef cc 4f 03 45 83 bf 89 54 f6 66 9e e0 37 ed 00 3f 69 d9 e2 37 a0 fb 16 4a 5a 8f 25 d2 51 dd 91 24 c3
                                                Data Ascii: KKUTbp&zwP/6Y) P6'w*msxw&cxPyj<pm7Y/qt1GHCB;VDK'5{y)=b{Wo/eq>BbaF1Vk-1/@80)7k3K|c(57NOETf7?i7JZ%Q$


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                147192.168.2.549888157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:13 UTC718OUTGET /v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=824&byteend=963 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:13 UTC702INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/448325845_1860632697787170_424171818332402913_n.mp4?_nc_cat=1&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mbm9ybTE0X2ZyYWdfMl9hdWRpbyIsInZpZGVvX2lkIjoyMzc4NzAxNDQyMzI0OTE2fQ%3D%3D&_nc_ohc=vmP6rYGv8aMQ7kNvgHFR206&_nc_ht=video-hou1-1.xx&oh=00_AYC2Sio-uxqPzwpvxlzJJP4X-jsOz4ggPnlyQrjIWq3OZA&oe=668B3C56&bytestart=824&byteend=963
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:13 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                148192.168.2.549899157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:13 UTC700OUTGET /v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=826&byteend=917 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:13 UTC684INHTTP/1.1 302 Found
                                                Location: https://video.xx.fbcdn.net/v/t39.25447-2/449751511_845177986944804_8287809256175764587_n.mp4?_nc_cat=105&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjoyNTExMzYzMzg5MjUxNTU5fQ%3D%3D&_nc_ohc=mjXxrHP1kE4Q7kNvgFBSFZf&_nc_ht=video-hou1-1.xx&oh=00_AYB4GfMz_0iTZ4H2p5URBe2WEpex8Ar6vOL0_DjJz8ZEXA&oe=668B2D27&bytestart=826&byteend=917
                                                Content-Type: text/plain
                                                Server: proxygen-bolt
                                                Date: Wed, 03 Jul 2024 13:47:13 GMT
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                149192.168.2.549869157.240.24.204432464C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-07-03 13:47:13 UTC897OUTGET /v/t39.25447-2/449694296_1560210191559240_4020235943818543510_n.mp4?_nc_cat=108&ccb=1-7&_nc_sid=9a5d50&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfcjJhdjEtcjFnZW4ydnA5X3EzMCIsInZpZGVvX2lkIjo3Njc0NDgwNTg2MDIwOTB9&_nc_ohc=G_r6oeHwmwAQ7kNvgG6sqtC&_nc_ht=video-hou1-1.xx&oh=00_AYDS2eQw4y1eaYumABsQPAZWQpmI7avDCc5ri5ShKEtmDA&oe=668B3299&bytestart=0&byteend=825 HTTP/1.1
                                                Host: video-hou1-1.xx.fbcdn.net
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://www.facebook.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://www.facebook.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-07-03 13:47:13 UTC589INHTTP/1.1 200 OK
                                                Last-Modified: Tue, 02 Jul 2024 08:54:00 GMT
                                                Content-Type: video/mp4
                                                X-Needle-Checksum: 3409924266
                                                cross-origin-resource-policy: cross-origin
                                                timing-allow-origin: *
                                                Accept-Ranges: bytes
                                                x-upstream-checksum-algorithm: crc32
                                                Date: Wed, 03 Jul 2024 13:47:13 GMT
                                                Cache-Control: max-age=1209600, no-transform
                                                Access-Control-Allow-Origin: https://www.facebook.com
                                                Vary: Origin
                                                X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=14, mss=1392, tbw=3412, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                Alt-Svc: h3=":443"; ma=86400
                                                Connection: close
                                                Content-Length: 826
                                                2024-07-03 13:47:13 UTC1INData Raw: 00
                                                Data Ascii:
                                                2024-07-03 13:47:13 UTC825INData Raw: 00 00 28 66 74 79 70 6d 70 34 31 00 00 00 00 69 73 6f 38 69 73 6f 6d 6d 70 34 31 64 61 73 68 61 76 30 31 63 6d 66 63 00 00 03 12 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 e2 a9 70 a7 e2 a9 70 a7 00 00 3c 00 00 00 00 00 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 8c 6d 65 74 61 00 00 00 00 00 00 00 20 68 64 6c 72 00 00 00 00 00 00 00 00 49 44 33 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 49 44 33 32 00 00 00 00 15 c7 49 44 33 04 00 00 00 00 00 48 50 52 49 56 00 00 00 3e 00 00 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 73 68 61
                                                Data Ascii: (ftypmp41iso8isommp41dashav01cmfcmoovlmvhdpp<@meta hdlrID32`ID32ID3HPRIV>https://github.com/sha


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:09:46:54
                                                Start date:03/07/2024
                                                Path:C:\Users\user\Desktop\osr730ky3m.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\osr730ky3m.exe"
                                                Imagebase:0x730000
                                                File size:915'968 bytes
                                                MD5 hash:366397087C219FD1EC3465B6075C99CB
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:2
                                                Start time:09:46:54
                                                Start date:03/07/2024
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/account
                                                Imagebase:0x7ff715980000
                                                File size:3'242'272 bytes
                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:false

                                                General

                                                Target ID:3
                                                Start time:09:46:54
                                                Start date:03/07/2024
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video
                                                Imagebase:0x7ff715980000
                                                File size:3'242'272 bytes
                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:4
                                                Start time:09:46:54
                                                Start date:03/07/2024
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/
                                                Imagebase:0x7ff715980000
                                                File size:3'242'272 bytes
                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:6
                                                Start time:09:46:55
                                                Start date:03/07/2024
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1976,i,17318209000228502612,2237949357977184644,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                Imagebase:0x7ff715980000
                                                File size:3'242'272 bytes
                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:7
                                                Start time:09:46:55
                                                Start date:03/07/2024
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2460,i,9995763619029275045,8356352571819763688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                Imagebase:0x7ff715980000
                                                File size:3'242'272 bytes
                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:false

                                                General

                                                Target ID:8
                                                Start time:09:46:56
                                                Start date:03/07/2024
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2008,i,17384594921740702087,194935732916387498,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                Imagebase:0x7ff715980000
                                                File size:3'242'272 bytes
                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:10
                                                Start time:09:47:12
                                                Start date:03/07/2024
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4492 --field-trial-handle=2460,i,9995763619029275045,8356352571819763688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                Imagebase:0x7ff715980000
                                                File size:3'242'272 bytes
                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:false

                                                General

                                                Target ID:11
                                                Start time:09:47:12
                                                Start date:03/07/2024
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=2460,i,9995763619029275045,8356352571819763688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                Imagebase:0x7ff715980000
                                                File size:3'242'272 bytes
                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:1.6%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:5%
                                                  Total number of Nodes:1198
                                                  Total number of Limit Nodes:29
                                                  execution_graph 94753 731033 94758 734c91 94753->94758 94757 731042 94766 73a961 94758->94766 94762 734d9c 94764 731038 94762->94764 94774 7351f7 22 API calls __fread_nolock 94762->94774 94765 7500a3 29 API calls __onexit 94764->94765 94765->94757 94775 74fe0b 94766->94775 94768 73a976 94785 74fddb 94768->94785 94770 734cff 94771 733af0 94770->94771 94810 733b1c 94771->94810 94774->94762 94777 74fddb 94775->94777 94778 74fdfa 94777->94778 94781 74fdfc 94777->94781 94795 75ea0c 94777->94795 94802 754ead 7 API calls 2 library calls 94777->94802 94778->94768 94780 75066d 94804 7532a4 RaiseException 94780->94804 94781->94780 94803 7532a4 RaiseException 94781->94803 94784 75068a 94784->94768 94786 74fde0 94785->94786 94787 75ea0c ___std_exception_copy 21 API calls 94786->94787 94788 74fdfa 94786->94788 94791 74fdfc 94786->94791 94807 754ead 7 API calls 2 library calls 94786->94807 94787->94786 94788->94770 94790 75066d 94809 7532a4 RaiseException 94790->94809 94791->94790 94808 7532a4 RaiseException 94791->94808 94794 75068a 94794->94770 94801 763820 __dosmaperr 94795->94801 94796 76385e 94806 75f2d9 20 API calls __dosmaperr 94796->94806 94798 763849 RtlAllocateHeap 94799 76385c 94798->94799 94798->94801 94799->94777 94801->94796 94801->94798 94805 754ead 7 API calls 2 library calls 94801->94805 94802->94777 94803->94780 94804->94784 94805->94801 94806->94799 94807->94786 94808->94790 94809->94794 94811 733b29 94810->94811 94813 733b0f 94810->94813 94812 733b30 RegOpenKeyExW 94811->94812 94811->94813 94812->94813 94814 733b4a RegQueryValueExW 94812->94814 94813->94762 94815 733b80 RegCloseKey 94814->94815 94816 733b6b 94814->94816 94815->94813 94816->94815 94817 732e37 94818 73a961 22 API calls 94817->94818 94819 732e4d 94818->94819 94896 734ae3 94819->94896 94821 732e6b 94910 733a5a 94821->94910 94823 732e7f 94917 739cb3 94823->94917 94828 772cb0 94963 7a2cf9 94828->94963 94829 732ead 94945 73a8c7 22 API calls __fread_nolock 94829->94945 94831 772cc3 94833 772ccf 94831->94833 94989 734f39 94831->94989 94837 734f39 68 API calls 94833->94837 94834 732ec3 94946 736f88 22 API calls 94834->94946 94839 772ce5 94837->94839 94838 732ecf 94840 739cb3 22 API calls 94838->94840 94995 733084 22 API calls 94839->94995 94841 732edc 94840->94841 94947 73a81b 41 API calls 94841->94947 94844 732eec 94846 739cb3 22 API calls 94844->94846 94845 772d02 94996 733084 22 API calls 94845->94996 94848 732f12 94846->94848 94948 73a81b 41 API calls 94848->94948 94849 772d1e 94851 733a5a 24 API calls 94849->94851 94853 772d44 94851->94853 94852 732f21 94855 73a961 22 API calls 94852->94855 94997 733084 22 API calls 94853->94997 94858 732f3f 94855->94858 94856 772d50 94998 73a8c7 22 API calls __fread_nolock 94856->94998 94949 733084 22 API calls 94858->94949 94859 772d5e 94999 733084 22 API calls 94859->94999 94862 732f4b 94950 754a28 40 API calls 3 library calls 94862->94950 94863 772d6d 95000 73a8c7 22 API calls __fread_nolock 94863->95000 94865 732f59 94865->94839 94866 732f63 94865->94866 94951 754a28 40 API calls 3 library calls 94866->94951 94869 772d83 95001 733084 22 API calls 94869->95001 94870 732f6e 94870->94845 94872 732f78 94870->94872 94952 754a28 40 API calls 3 library calls 94872->94952 94873 772d90 94875 732f83 94875->94849 94876 732f8d 94875->94876 94953 754a28 40 API calls 3 library calls 94876->94953 94878 732f98 94879 732fdc 94878->94879 94954 733084 22 API calls 94878->94954 94879->94863 94880 732fe8 94879->94880 94880->94873 94957 7363eb 22 API calls 94880->94957 94882 732fbf 94955 73a8c7 22 API calls __fread_nolock 94882->94955 94885 732ff8 94958 736a50 22 API calls 94885->94958 94887 732fcd 94956 733084 22 API calls 94887->94956 94888 733006 94959 7370b0 23 API calls 94888->94959 94893 733021 94894 733065 94893->94894 94960 736f88 22 API calls 94893->94960 94961 7370b0 23 API calls 94893->94961 94962 733084 22 API calls 94893->94962 94897 734af0 __wsopen_s 94896->94897 94899 734b22 94897->94899 95005 736b57 94897->95005 94909 734b58 94899->94909 95002 734c6d 94899->95002 94901 739cb3 22 API calls 94903 734c52 94901->94903 94902 739cb3 22 API calls 94902->94909 94904 73515f 22 API calls 94903->94904 94907 734c5e 94904->94907 94905 734c6d 22 API calls 94905->94909 94907->94821 94908 734c29 94908->94901 94908->94907 94909->94902 94909->94905 94909->94908 95017 73515f 94909->95017 95034 771f50 94910->95034 94913 739cb3 22 API calls 94914 733a8d 94913->94914 95036 733aa2 94914->95036 94916 733a97 94916->94823 94918 739cc2 _wcslen 94917->94918 94919 74fe0b 22 API calls 94918->94919 94920 739cea __fread_nolock 94919->94920 94921 74fddb 22 API calls 94920->94921 94922 732e8c 94921->94922 94923 734ecb 94922->94923 95056 734e90 LoadLibraryA 94923->95056 94928 734ef6 LoadLibraryExW 95064 734e59 LoadLibraryA 94928->95064 94929 773ccf 94931 734f39 68 API calls 94929->94931 94932 773cd6 94931->94932 94934 734e59 3 API calls 94932->94934 94936 773cde 94934->94936 95086 7350f5 40 API calls __fread_nolock 94936->95086 94937 734f20 94937->94936 94938 734f2c 94937->94938 94940 734f39 68 API calls 94938->94940 94942 732ea5 94940->94942 94941 773cf5 95087 7a28fe 27 API calls 94941->95087 94942->94828 94942->94829 94944 773d05 94945->94834 94946->94838 94947->94844 94948->94852 94949->94862 94950->94865 94951->94870 94952->94875 94953->94878 94954->94882 94955->94887 94956->94879 94957->94885 94958->94888 94959->94893 94960->94893 94961->94893 94962->94893 94964 7a2d15 94963->94964 95170 73511f 64 API calls 94964->95170 94966 7a2d29 95171 7a2e66 75 API calls 94966->95171 94968 7a2d3b 94969 7a2d3f 94968->94969 95172 7350f5 40 API calls __fread_nolock 94968->95172 94969->94831 94971 7a2d56 95173 7350f5 40 API calls __fread_nolock 94971->95173 94973 7a2d66 95174 7350f5 40 API calls __fread_nolock 94973->95174 94975 7a2d81 95175 7350f5 40 API calls __fread_nolock 94975->95175 94977 7a2d9c 95176 73511f 64 API calls 94977->95176 94979 7a2db3 94980 75ea0c ___std_exception_copy 21 API calls 94979->94980 94981 7a2dba 94980->94981 94982 75ea0c ___std_exception_copy 21 API calls 94981->94982 94983 7a2dc4 94982->94983 95177 7350f5 40 API calls __fread_nolock 94983->95177 94985 7a2dd8 95178 7a28fe 27 API calls 94985->95178 94987 7a2dee 94987->94969 95179 7a22ce 94987->95179 94990 734f43 94989->94990 94992 734f4a 94989->94992 94991 75e678 67 API calls 94990->94991 94991->94992 94993 734f6a FreeLibrary 94992->94993 94994 734f59 94992->94994 94993->94994 94994->94833 94995->94845 94996->94849 94997->94856 94998->94859 94999->94863 95000->94869 95001->94873 95023 73aec9 95002->95023 95004 734c78 95004->94899 95006 736b67 _wcslen 95005->95006 95007 774ba1 95005->95007 95010 736ba2 95006->95010 95011 736b7d 95006->95011 95030 7393b2 95007->95030 95009 774baa 95009->95009 95013 74fddb 22 API calls 95010->95013 95029 736f34 22 API calls 95011->95029 95015 736bae 95013->95015 95014 736b85 __fread_nolock 95014->94899 95016 74fe0b 22 API calls 95015->95016 95016->95014 95018 73516e 95017->95018 95022 73518f __fread_nolock 95017->95022 95020 74fe0b 22 API calls 95018->95020 95019 74fddb 22 API calls 95021 7351a2 95019->95021 95020->95022 95021->94909 95022->95019 95024 73aed9 __fread_nolock 95023->95024 95025 73aedc 95023->95025 95024->95004 95026 74fddb 22 API calls 95025->95026 95027 73aee7 95026->95027 95028 74fe0b 22 API calls 95027->95028 95028->95024 95029->95014 95031 7393c0 95030->95031 95033 7393c9 __fread_nolock 95030->95033 95032 73aec9 22 API calls 95031->95032 95031->95033 95032->95033 95033->95009 95035 733a67 GetModuleFileNameW 95034->95035 95035->94913 95037 771f50 __wsopen_s 95036->95037 95038 733aaf GetFullPathNameW 95037->95038 95039 733ae9 95038->95039 95040 733ace 95038->95040 95050 73a6c3 95039->95050 95041 736b57 22 API calls 95040->95041 95043 733ada 95041->95043 95046 7337a0 95043->95046 95047 7337ae 95046->95047 95048 7393b2 22 API calls 95047->95048 95049 7337c2 95048->95049 95049->94916 95051 73a6dd 95050->95051 95055 73a6d0 95050->95055 95052 74fddb 22 API calls 95051->95052 95053 73a6e7 95052->95053 95054 74fe0b 22 API calls 95053->95054 95054->95055 95055->95043 95057 734ec6 95056->95057 95058 734ea8 GetProcAddress 95056->95058 95061 75e5eb 95057->95061 95059 734eb8 95058->95059 95059->95057 95060 734ebf FreeLibrary 95059->95060 95060->95057 95088 75e52a 95061->95088 95063 734eea 95063->94928 95063->94929 95065 734e6e GetProcAddress 95064->95065 95066 734e8d 95064->95066 95067 734e7e 95065->95067 95069 734f80 95066->95069 95067->95066 95068 734e86 FreeLibrary 95067->95068 95068->95066 95070 74fe0b 22 API calls 95069->95070 95071 734f95 95070->95071 95156 735722 95071->95156 95073 734fa1 __fread_nolock 95074 7350a5 95073->95074 95075 773d1d 95073->95075 95085 734fdc 95073->95085 95159 7342a2 CreateStreamOnHGlobal 95074->95159 95167 7a304d 74 API calls 95075->95167 95078 773d22 95168 73511f 64 API calls 95078->95168 95081 773d45 95169 7350f5 40 API calls __fread_nolock 95081->95169 95084 73506e messages 95084->94937 95085->95078 95085->95084 95165 7350f5 40 API calls __fread_nolock 95085->95165 95166 73511f 64 API calls 95085->95166 95086->94941 95087->94944 95089 75e536 __FrameHandler3::FrameUnwindToState 95088->95089 95090 75e544 95089->95090 95093 75e574 95089->95093 95113 75f2d9 20 API calls __dosmaperr 95090->95113 95092 75e549 95114 7627ec 26 API calls pre_c_initialization 95092->95114 95094 75e586 95093->95094 95095 75e579 95093->95095 95105 768061 95094->95105 95115 75f2d9 20 API calls __dosmaperr 95095->95115 95099 75e58f 95100 75e595 95099->95100 95101 75e5a2 95099->95101 95116 75f2d9 20 API calls __dosmaperr 95100->95116 95117 75e5d4 LeaveCriticalSection __fread_nolock 95101->95117 95102 75e554 __wsopen_s 95102->95063 95106 76806d __FrameHandler3::FrameUnwindToState 95105->95106 95118 762f5e EnterCriticalSection 95106->95118 95108 76807b 95119 7680fb 95108->95119 95112 7680ac __wsopen_s 95112->95099 95113->95092 95114->95102 95115->95102 95116->95102 95117->95102 95118->95108 95120 76811e 95119->95120 95121 768177 95120->95121 95128 768088 95120->95128 95135 75918d EnterCriticalSection 95120->95135 95136 7591a1 LeaveCriticalSection 95120->95136 95137 764c7d 95121->95137 95126 768189 95126->95128 95150 763405 11 API calls 2 library calls 95126->95150 95132 7680b7 95128->95132 95129 7681a8 95151 75918d EnterCriticalSection 95129->95151 95155 762fa6 LeaveCriticalSection 95132->95155 95134 7680be 95134->95112 95135->95120 95136->95120 95142 764c8a __dosmaperr 95137->95142 95138 764cca 95153 75f2d9 20 API calls __dosmaperr 95138->95153 95139 764cb5 RtlAllocateHeap 95141 764cc8 95139->95141 95139->95142 95144 7629c8 95141->95144 95142->95138 95142->95139 95152 754ead 7 API calls 2 library calls 95142->95152 95145 7629d3 RtlFreeHeap 95144->95145 95149 7629fc __dosmaperr 95144->95149 95146 7629e8 95145->95146 95145->95149 95154 75f2d9 20 API calls __dosmaperr 95146->95154 95148 7629ee GetLastError 95148->95149 95149->95126 95150->95129 95151->95128 95152->95142 95153->95141 95154->95148 95155->95134 95157 74fddb 22 API calls 95156->95157 95158 735734 95157->95158 95158->95073 95160 7342bc FindResourceExW 95159->95160 95164 7342d9 95159->95164 95161 7735ba LoadResource 95160->95161 95160->95164 95162 7735cf SizeofResource 95161->95162 95161->95164 95163 7735e3 LockResource 95162->95163 95162->95164 95163->95164 95164->95085 95165->95085 95166->95085 95167->95078 95168->95081 95169->95084 95170->94966 95171->94968 95172->94971 95173->94973 95174->94975 95175->94977 95176->94979 95177->94985 95178->94987 95180 7a22e7 95179->95180 95181 7a22d9 95179->95181 95183 7a232c 95180->95183 95184 75e5eb 29 API calls 95180->95184 95207 7a22f0 95180->95207 95182 75e5eb 29 API calls 95181->95182 95182->95180 95208 7a2557 40 API calls __fread_nolock 95183->95208 95185 7a2311 95184->95185 95185->95183 95187 7a231a 95185->95187 95187->95207 95216 75e678 95187->95216 95188 7a2370 95189 7a2374 95188->95189 95190 7a2395 95188->95190 95194 75e678 67 API calls 95189->95194 95195 7a2381 95189->95195 95209 7a2171 95190->95209 95193 7a239d 95197 7a23c3 95193->95197 95198 7a23a3 95193->95198 95194->95195 95196 75e678 67 API calls 95195->95196 95195->95207 95196->95207 95229 7a23f3 74 API calls 95197->95229 95200 7a23b0 95198->95200 95201 75e678 67 API calls 95198->95201 95202 75e678 67 API calls 95200->95202 95200->95207 95201->95200 95202->95207 95203 7a23de 95206 75e678 67 API calls 95203->95206 95203->95207 95204 7a23ca 95204->95203 95205 75e678 67 API calls 95204->95205 95205->95203 95206->95207 95207->94969 95208->95188 95210 75ea0c ___std_exception_copy 21 API calls 95209->95210 95211 7a217f 95210->95211 95212 75ea0c ___std_exception_copy 21 API calls 95211->95212 95213 7a2190 95212->95213 95214 75ea0c ___std_exception_copy 21 API calls 95213->95214 95215 7a219c 95214->95215 95215->95193 95217 75e684 __FrameHandler3::FrameUnwindToState 95216->95217 95218 75e695 95217->95218 95219 75e6aa 95217->95219 95247 75f2d9 20 API calls __dosmaperr 95218->95247 95228 75e6a5 __wsopen_s 95219->95228 95230 75918d EnterCriticalSection 95219->95230 95221 75e69a 95248 7627ec 26 API calls pre_c_initialization 95221->95248 95223 75e6c6 95231 75e602 95223->95231 95226 75e6d1 95249 75e6ee LeaveCriticalSection __fread_nolock 95226->95249 95228->95207 95229->95204 95230->95223 95232 75e624 95231->95232 95233 75e60f 95231->95233 95238 75e61f 95232->95238 95250 75dc0b 95232->95250 95282 75f2d9 20 API calls __dosmaperr 95233->95282 95235 75e614 95283 7627ec 26 API calls pre_c_initialization 95235->95283 95238->95226 95243 75e646 95267 76862f 95243->95267 95246 7629c8 _free 20 API calls 95246->95238 95247->95221 95248->95228 95249->95228 95251 75dc23 95250->95251 95252 75dc1f 95250->95252 95251->95252 95253 75d955 __fread_nolock 26 API calls 95251->95253 95256 764d7a 95252->95256 95254 75dc43 95253->95254 95284 7659be 62 API calls 4 library calls 95254->95284 95257 764d90 95256->95257 95259 75e640 95256->95259 95258 7629c8 _free 20 API calls 95257->95258 95257->95259 95258->95259 95260 75d955 95259->95260 95261 75d976 95260->95261 95262 75d961 95260->95262 95261->95243 95285 75f2d9 20 API calls __dosmaperr 95262->95285 95264 75d966 95286 7627ec 26 API calls pre_c_initialization 95264->95286 95266 75d971 95266->95243 95268 768653 95267->95268 95269 76863e 95267->95269 95270 76868e 95268->95270 95275 76867a 95268->95275 95290 75f2c6 20 API calls __dosmaperr 95269->95290 95292 75f2c6 20 API calls __dosmaperr 95270->95292 95272 768643 95291 75f2d9 20 API calls __dosmaperr 95272->95291 95287 768607 95275->95287 95276 768693 95293 75f2d9 20 API calls __dosmaperr 95276->95293 95279 75e64c 95279->95238 95279->95246 95280 76869b 95294 7627ec 26 API calls pre_c_initialization 95280->95294 95282->95235 95283->95238 95284->95252 95285->95264 95286->95266 95295 768585 95287->95295 95289 76862b 95289->95279 95290->95272 95291->95279 95292->95276 95293->95280 95294->95279 95296 768591 __FrameHandler3::FrameUnwindToState 95295->95296 95306 765147 EnterCriticalSection 95296->95306 95298 76859f 95299 7685c6 95298->95299 95300 7685d1 95298->95300 95307 7686ae 95299->95307 95322 75f2d9 20 API calls __dosmaperr 95300->95322 95303 7685cc 95323 7685fb LeaveCriticalSection __wsopen_s 95303->95323 95305 7685ee __wsopen_s 95305->95289 95306->95298 95324 7653c4 95307->95324 95309 7686c4 95337 765333 21 API calls 2 library calls 95309->95337 95311 7686be 95311->95309 95312 7686f6 95311->95312 95313 7653c4 __wsopen_s 26 API calls 95311->95313 95312->95309 95314 7653c4 __wsopen_s 26 API calls 95312->95314 95316 7686ed 95313->95316 95317 768702 FindCloseChangeNotification 95314->95317 95315 76871c 95318 76873e 95315->95318 95338 75f2a3 20 API calls __dosmaperr 95315->95338 95319 7653c4 __wsopen_s 26 API calls 95316->95319 95317->95309 95320 76870e GetLastError 95317->95320 95318->95303 95319->95312 95320->95309 95322->95303 95323->95305 95325 7653e6 95324->95325 95326 7653d1 95324->95326 95331 76540b 95325->95331 95341 75f2c6 20 API calls __dosmaperr 95325->95341 95339 75f2c6 20 API calls __dosmaperr 95326->95339 95328 7653d6 95340 75f2d9 20 API calls __dosmaperr 95328->95340 95331->95311 95332 765416 95342 75f2d9 20 API calls __dosmaperr 95332->95342 95333 7653de 95333->95311 95335 76541e 95343 7627ec 26 API calls pre_c_initialization 95335->95343 95337->95315 95338->95318 95339->95328 95340->95333 95341->95332 95342->95335 95343->95333 95344 733156 95347 733170 95344->95347 95348 733187 95347->95348 95349 7331eb 95348->95349 95350 73318c 95348->95350 95388 7331e9 95348->95388 95354 7331f1 95349->95354 95355 772dfb 95349->95355 95351 733265 PostQuitMessage 95350->95351 95352 733199 95350->95352 95361 73316a 95351->95361 95359 7331a4 95352->95359 95360 772e7c 95352->95360 95353 7331d0 DefWindowProcW 95353->95361 95356 7331f8 95354->95356 95357 73321d SetTimer RegisterWindowMessageW 95354->95357 95399 7318e2 10 API calls 95355->95399 95362 733201 KillTimer 95356->95362 95363 772d9c 95356->95363 95357->95361 95365 733246 CreatePopupMenu 95357->95365 95366 7331ae 95359->95366 95367 772e68 95359->95367 95413 79bf30 34 API calls ___scrt_fastfail 95360->95413 95392 7330f2 95362->95392 95375 772dd7 MoveWindow 95363->95375 95376 772da1 95363->95376 95364 772e1c 95400 74e499 42 API calls 95364->95400 95365->95361 95372 772e4d 95366->95372 95373 7331b9 95366->95373 95412 79c161 27 API calls ___scrt_fastfail 95367->95412 95372->95353 95411 790ad7 22 API calls 95372->95411 95379 7331c4 95373->95379 95380 733253 95373->95380 95374 772e8e 95374->95353 95374->95361 95375->95361 95381 772da7 95376->95381 95382 772dc6 SetFocus 95376->95382 95378 733263 95378->95361 95379->95353 95389 7330f2 Shell_NotifyIconW 95379->95389 95397 73326f 44 API calls ___scrt_fastfail 95380->95397 95381->95379 95386 772db0 95381->95386 95382->95361 95398 7318e2 10 API calls 95386->95398 95388->95353 95390 772e41 95389->95390 95401 733837 95390->95401 95393 733154 95392->95393 95394 733104 ___scrt_fastfail 95392->95394 95396 733c50 DeleteObject DestroyWindow 95393->95396 95395 733123 Shell_NotifyIconW 95394->95395 95395->95393 95396->95361 95397->95378 95398->95361 95399->95364 95400->95379 95402 733862 ___scrt_fastfail 95401->95402 95414 734212 95402->95414 95406 7338e8 95407 773386 Shell_NotifyIconW 95406->95407 95408 733906 Shell_NotifyIconW 95406->95408 95418 733923 95408->95418 95410 73391c 95410->95388 95411->95388 95412->95378 95413->95374 95415 7735a4 95414->95415 95416 7338b7 95414->95416 95415->95416 95417 7735ad DestroyIcon 95415->95417 95416->95406 95440 79c874 42 API calls _strftime 95416->95440 95417->95416 95419 733a13 95418->95419 95420 73393f 95418->95420 95419->95410 95441 736270 95420->95441 95423 773393 LoadStringW 95426 7733ad 95423->95426 95424 73395a 95425 736b57 22 API calls 95424->95425 95427 73396f 95425->95427 95434 733994 ___scrt_fastfail 95426->95434 95447 73a8c7 22 API calls __fread_nolock 95426->95447 95428 7733c9 95427->95428 95429 73397c 95427->95429 95448 736350 22 API calls 95428->95448 95429->95426 95431 733986 95429->95431 95446 736350 22 API calls 95431->95446 95437 7339f9 Shell_NotifyIconW 95434->95437 95435 7733d7 95435->95434 95449 7333c6 95435->95449 95437->95419 95438 7733f9 95439 7333c6 22 API calls 95438->95439 95439->95434 95440->95406 95442 74fe0b 22 API calls 95441->95442 95443 736295 95442->95443 95444 74fddb 22 API calls 95443->95444 95445 73394d 95444->95445 95445->95423 95445->95424 95446->95434 95447->95434 95448->95435 95450 7730bb 95449->95450 95451 7333dd 95449->95451 95453 74fddb 22 API calls 95450->95453 95458 7333ee 95451->95458 95455 7730c5 _wcslen 95453->95455 95454 7333e8 95454->95438 95456 74fe0b 22 API calls 95455->95456 95457 7730fe __fread_nolock 95456->95457 95459 7333fe _wcslen 95458->95459 95460 733411 95459->95460 95461 77311d 95459->95461 95468 73a587 95460->95468 95463 74fddb 22 API calls 95461->95463 95464 773127 95463->95464 95466 74fe0b 22 API calls 95464->95466 95465 73341e __fread_nolock 95465->95454 95467 773157 __fread_nolock 95466->95467 95470 73a59d 95468->95470 95472 73a598 __fread_nolock 95468->95472 95469 77f80f 95470->95469 95471 74fe0b 22 API calls 95470->95471 95471->95472 95472->95465 95473 73105b 95478 73344d 95473->95478 95475 73106a 95509 7500a3 29 API calls __onexit 95475->95509 95477 731074 95479 73345d __wsopen_s 95478->95479 95480 73a961 22 API calls 95479->95480 95481 733513 95480->95481 95482 733a5a 24 API calls 95481->95482 95483 73351c 95482->95483 95510 733357 95483->95510 95486 7333c6 22 API calls 95487 733535 95486->95487 95488 73515f 22 API calls 95487->95488 95489 733544 95488->95489 95490 73a961 22 API calls 95489->95490 95491 73354d 95490->95491 95492 73a6c3 22 API calls 95491->95492 95493 733556 RegOpenKeyExW 95492->95493 95494 773176 RegQueryValueExW 95493->95494 95499 733578 95493->95499 95495 773193 95494->95495 95496 77320c RegCloseKey 95494->95496 95497 74fe0b 22 API calls 95495->95497 95496->95499 95508 77321e _wcslen 95496->95508 95498 7731ac 95497->95498 95500 735722 22 API calls 95498->95500 95499->95475 95501 7731b7 RegQueryValueExW 95500->95501 95502 7731d4 95501->95502 95505 7731ee messages 95501->95505 95503 736b57 22 API calls 95502->95503 95503->95505 95504 734c6d 22 API calls 95504->95508 95505->95496 95506 739cb3 22 API calls 95506->95508 95507 73515f 22 API calls 95507->95508 95508->95499 95508->95504 95508->95506 95508->95507 95509->95477 95511 771f50 __wsopen_s 95510->95511 95512 733364 GetFullPathNameW 95511->95512 95513 733386 95512->95513 95514 736b57 22 API calls 95513->95514 95515 7333a4 95514->95515 95515->95486 95516 731098 95521 7342de 95516->95521 95520 7310a7 95522 73a961 22 API calls 95521->95522 95523 7342f5 GetVersionExW 95522->95523 95524 736b57 22 API calls 95523->95524 95525 734342 95524->95525 95526 7393b2 22 API calls 95525->95526 95540 734378 95525->95540 95527 73436c 95526->95527 95529 7337a0 22 API calls 95527->95529 95528 73441b GetCurrentProcess IsWow64Process 95530 734437 95528->95530 95529->95540 95531 773824 GetSystemInfo 95530->95531 95532 73444f LoadLibraryA 95530->95532 95533 734460 GetProcAddress 95532->95533 95534 73449c GetSystemInfo 95532->95534 95533->95534 95536 734470 GetNativeSystemInfo 95533->95536 95537 734476 95534->95537 95535 7737df 95536->95537 95538 73109d 95537->95538 95539 73447a FreeLibrary 95537->95539 95541 7500a3 29 API calls __onexit 95538->95541 95539->95538 95540->95528 95540->95535 95541->95520 95542 7503fb 95543 750407 __FrameHandler3::FrameUnwindToState 95542->95543 95571 74feb1 95543->95571 95545 75040e 95546 750561 95545->95546 95549 750438 95545->95549 95601 75083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95546->95601 95548 750568 95594 754e52 95548->95594 95560 750477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95549->95560 95582 76247d 95549->95582 95556 750457 95558 7504d8 95590 750959 95558->95590 95560->95558 95597 754e1a 38 API calls 3 library calls 95560->95597 95562 7504de 95563 7504f3 95562->95563 95598 750992 GetModuleHandleW 95563->95598 95565 7504fa 95565->95548 95567 7504fe 95565->95567 95566 750507 95600 750040 13 API calls 2 library calls 95566->95600 95567->95566 95599 754df5 28 API calls _abort 95567->95599 95570 75050f 95570->95556 95572 74feba 95571->95572 95603 750698 IsProcessorFeaturePresent 95572->95603 95574 74fec6 95604 752c94 10 API calls 3 library calls 95574->95604 95576 74fecb 95577 74fecf 95576->95577 95605 762317 95576->95605 95577->95545 95580 74fee6 95580->95545 95584 762494 95582->95584 95583 750a8c _ValidateLocalCookies 5 API calls 95585 750451 95583->95585 95584->95583 95585->95556 95586 762421 95585->95586 95587 762450 95586->95587 95588 750a8c _ValidateLocalCookies 5 API calls 95587->95588 95589 762479 95588->95589 95589->95560 95664 752340 95590->95664 95592 75096c GetStartupInfoW 95593 75097f 95592->95593 95593->95562 95666 754bcf 95594->95666 95597->95558 95598->95565 95599->95566 95600->95570 95601->95548 95603->95574 95604->95576 95609 76d1f6 95605->95609 95608 752cbd 8 API calls 3 library calls 95608->95577 95610 76d213 95609->95610 95613 76d20f 95609->95613 95610->95613 95615 764bfb 95610->95615 95612 74fed8 95612->95580 95612->95608 95627 750a8c 95613->95627 95616 764c07 __FrameHandler3::FrameUnwindToState 95615->95616 95634 762f5e EnterCriticalSection 95616->95634 95618 764c0e 95635 7650af 95618->95635 95620 764c1d 95626 764c2c 95620->95626 95648 764a8f 29 API calls 95620->95648 95623 764c27 95649 764b45 GetStdHandle GetFileType 95623->95649 95624 764c3d __wsopen_s 95624->95610 95650 764c48 LeaveCriticalSection _abort 95626->95650 95628 750a95 95627->95628 95629 750a97 IsProcessorFeaturePresent 95627->95629 95628->95612 95631 750c5d 95629->95631 95663 750c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95631->95663 95633 750d40 95633->95612 95634->95618 95636 7650bb __FrameHandler3::FrameUnwindToState 95635->95636 95637 7650df 95636->95637 95638 7650c8 95636->95638 95651 762f5e EnterCriticalSection 95637->95651 95659 75f2d9 20 API calls __dosmaperr 95638->95659 95641 7650cd 95660 7627ec 26 API calls pre_c_initialization 95641->95660 95643 7650d7 __wsopen_s 95643->95620 95644 765117 95661 76513e LeaveCriticalSection _abort 95644->95661 95645 7650eb 95645->95644 95652 765000 95645->95652 95648->95623 95649->95626 95650->95624 95651->95645 95653 764c7d __dosmaperr 20 API calls 95652->95653 95656 765012 95653->95656 95654 76501f 95655 7629c8 _free 20 API calls 95654->95655 95657 765071 95655->95657 95656->95654 95662 763405 11 API calls 2 library calls 95656->95662 95657->95645 95659->95641 95660->95643 95661->95643 95662->95656 95663->95633 95665 752357 95664->95665 95665->95592 95665->95665 95667 754bdb __FrameHandler3::FrameUnwindToState 95666->95667 95668 754bf4 95667->95668 95669 754be2 95667->95669 95690 762f5e EnterCriticalSection 95668->95690 95705 754d29 GetModuleHandleW 95669->95705 95672 754be7 95672->95668 95706 754d6d GetModuleHandleExW 95672->95706 95677 754bfb 95678 754c70 95677->95678 95688 754c99 95677->95688 95691 7621a8 95677->95691 95679 754c88 95678->95679 95683 762421 _abort 5 API calls 95678->95683 95684 762421 _abort 5 API calls 95679->95684 95680 754cb6 95697 754ce8 95680->95697 95681 754ce2 95714 771d29 5 API calls _ValidateLocalCookies 95681->95714 95683->95679 95684->95688 95694 754cd9 95688->95694 95690->95677 95715 761ee1 95691->95715 95734 762fa6 LeaveCriticalSection 95694->95734 95696 754cb2 95696->95680 95696->95681 95735 76360c 95697->95735 95700 754d16 95703 754d6d _abort 8 API calls 95700->95703 95701 754cf6 GetPEB 95701->95700 95702 754d06 GetCurrentProcess TerminateProcess 95701->95702 95702->95700 95704 754d1e ExitProcess 95703->95704 95705->95672 95707 754d97 GetProcAddress 95706->95707 95708 754dba 95706->95708 95709 754dac 95707->95709 95710 754dc0 FreeLibrary 95708->95710 95711 754dc9 95708->95711 95709->95708 95710->95711 95712 750a8c _ValidateLocalCookies 5 API calls 95711->95712 95713 754bf3 95712->95713 95713->95668 95718 761e90 95715->95718 95717 761f05 95717->95678 95719 761e9c __FrameHandler3::FrameUnwindToState 95718->95719 95726 762f5e EnterCriticalSection 95719->95726 95721 761eaa 95727 761f31 95721->95727 95725 761ec8 __wsopen_s 95725->95717 95726->95721 95730 761f59 95727->95730 95731 761f51 95727->95731 95728 750a8c _ValidateLocalCookies 5 API calls 95729 761eb7 95728->95729 95733 761ed5 LeaveCriticalSection _abort 95729->95733 95730->95731 95732 7629c8 _free 20 API calls 95730->95732 95731->95728 95732->95731 95733->95725 95734->95696 95736 763631 95735->95736 95738 763627 95735->95738 95742 762fd7 5 API calls 2 library calls 95736->95742 95739 750a8c _ValidateLocalCookies 5 API calls 95738->95739 95740 754cf2 95739->95740 95740->95700 95740->95701 95741 763648 95741->95738 95742->95741 95743 732de3 95744 732df0 __wsopen_s 95743->95744 95745 732e09 95744->95745 95746 772c2b ___scrt_fastfail 95744->95746 95747 733aa2 23 API calls 95745->95747 95749 772c47 GetOpenFileNameW 95746->95749 95748 732e12 95747->95748 95759 732da5 95748->95759 95751 772c96 95749->95751 95752 736b57 22 API calls 95751->95752 95754 772cab 95752->95754 95754->95754 95756 732e27 95777 7344a8 95756->95777 95760 771f50 __wsopen_s 95759->95760 95761 732db2 GetLongPathNameW 95760->95761 95762 736b57 22 API calls 95761->95762 95763 732dda 95762->95763 95764 733598 95763->95764 95765 73a961 22 API calls 95764->95765 95766 7335aa 95765->95766 95767 733aa2 23 API calls 95766->95767 95768 7335b5 95767->95768 95769 7335c0 95768->95769 95770 7732eb 95768->95770 95772 73515f 22 API calls 95769->95772 95774 77330d 95770->95774 95812 74ce60 41 API calls 95770->95812 95773 7335cc 95772->95773 95806 7335f3 95773->95806 95776 7335df 95776->95756 95778 734ecb 94 API calls 95777->95778 95779 7344cd 95778->95779 95780 773833 95779->95780 95781 734ecb 94 API calls 95779->95781 95782 7a2cf9 80 API calls 95780->95782 95783 7344e1 95781->95783 95784 773848 95782->95784 95783->95780 95785 7344e9 95783->95785 95786 77384c 95784->95786 95787 773869 95784->95787 95789 773854 95785->95789 95790 7344f5 95785->95790 95791 734f39 68 API calls 95786->95791 95788 74fe0b 22 API calls 95787->95788 95797 7738ae 95788->95797 95814 79da5a 82 API calls 95789->95814 95813 73940c 136 API calls 2 library calls 95790->95813 95791->95789 95794 732e31 95795 773862 95795->95787 95796 734f39 68 API calls 95800 773a5f 95796->95800 95797->95800 95803 739cb3 22 API calls 95797->95803 95815 79967e 22 API calls __fread_nolock 95797->95815 95816 7995ad 42 API calls _wcslen 95797->95816 95817 7a0b5a 22 API calls 95797->95817 95818 73a4a1 22 API calls __fread_nolock 95797->95818 95819 733ff7 22 API calls 95797->95819 95800->95796 95820 79989b 82 API calls __wsopen_s 95800->95820 95803->95797 95807 733605 95806->95807 95811 733624 __fread_nolock 95806->95811 95809 74fe0b 22 API calls 95807->95809 95808 74fddb 22 API calls 95810 73363b 95808->95810 95809->95811 95810->95776 95811->95808 95812->95770 95813->95794 95814->95795 95815->95797 95816->95797 95817->95797 95818->95797 95819->95797 95820->95800 95821 772ba5 95822 732b25 95821->95822 95823 772baf 95821->95823 95849 732b83 7 API calls 95822->95849 95825 733a5a 24 API calls 95823->95825 95827 772bb8 95825->95827 95829 739cb3 22 API calls 95827->95829 95831 772bc6 95829->95831 95830 732b2f 95835 733837 49 API calls 95830->95835 95839 732b44 95830->95839 95832 772bf5 95831->95832 95833 772bce 95831->95833 95834 7333c6 22 API calls 95832->95834 95836 7333c6 22 API calls 95833->95836 95848 772bf1 GetForegroundWindow ShellExecuteW 95834->95848 95835->95839 95837 772bd9 95836->95837 95853 736350 22 API calls 95837->95853 95840 732b5f 95839->95840 95842 7330f2 Shell_NotifyIconW 95839->95842 95846 732b66 SetCurrentDirectoryW 95840->95846 95842->95840 95843 772be7 95844 7333c6 22 API calls 95843->95844 95844->95848 95845 772c26 95845->95840 95847 732b7a 95846->95847 95848->95845 95854 732cd4 7 API calls 95849->95854 95851 732b2a 95852 732c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95851->95852 95852->95830 95853->95843 95854->95851 95855 768402 95860 7681be 95855->95860 95858 76842a 95865 7681ef try_get_first_available_module 95860->95865 95862 7683ee 95879 7627ec 26 API calls pre_c_initialization 95862->95879 95864 768343 95864->95858 95872 770984 95864->95872 95865->95865 95868 768338 95865->95868 95875 758e0b 40 API calls 2 library calls 95865->95875 95867 76838c 95867->95868 95876 758e0b 40 API calls 2 library calls 95867->95876 95868->95864 95878 75f2d9 20 API calls __dosmaperr 95868->95878 95870 7683ab 95870->95868 95877 758e0b 40 API calls 2 library calls 95870->95877 95880 770081 95872->95880 95874 77099f 95874->95858 95875->95867 95876->95870 95877->95868 95878->95862 95879->95864 95883 77008d __FrameHandler3::FrameUnwindToState 95880->95883 95881 77009b 95938 75f2d9 20 API calls __dosmaperr 95881->95938 95883->95881 95885 7700d4 95883->95885 95884 7700a0 95939 7627ec 26 API calls pre_c_initialization 95884->95939 95891 77065b 95885->95891 95890 7700aa __wsopen_s 95890->95874 95941 77042f 95891->95941 95894 7706a6 95959 765221 95894->95959 95895 77068d 95973 75f2c6 20 API calls __dosmaperr 95895->95973 95898 770692 95974 75f2d9 20 API calls __dosmaperr 95898->95974 95899 7706ab 95900 7706b4 95899->95900 95901 7706cb 95899->95901 95975 75f2c6 20 API calls __dosmaperr 95900->95975 95972 77039a CreateFileW 95901->95972 95905 7700f8 95940 770121 LeaveCriticalSection __wsopen_s 95905->95940 95906 7706b9 95976 75f2d9 20 API calls __dosmaperr 95906->95976 95907 770781 GetFileType 95910 7707d3 95907->95910 95911 77078c GetLastError 95907->95911 95909 770756 GetLastError 95978 75f2a3 20 API calls __dosmaperr 95909->95978 95981 76516a 21 API calls 2 library calls 95910->95981 95979 75f2a3 20 API calls __dosmaperr 95911->95979 95912 770704 95912->95907 95912->95909 95977 77039a CreateFileW 95912->95977 95916 77079a CloseHandle 95916->95898 95919 7707c3 95916->95919 95918 770749 95918->95907 95918->95909 95980 75f2d9 20 API calls __dosmaperr 95919->95980 95920 7707f4 95922 770840 95920->95922 95982 7705ab 72 API calls 3 library calls 95920->95982 95927 77086d 95922->95927 95983 77014d 72 API calls 4 library calls 95922->95983 95923 7707c8 95923->95898 95926 770866 95926->95927 95928 77087e 95926->95928 95929 7686ae __wsopen_s 29 API calls 95927->95929 95928->95905 95930 7708fc CloseHandle 95928->95930 95929->95905 95984 77039a CreateFileW 95930->95984 95932 770927 95933 77095d 95932->95933 95934 770931 GetLastError 95932->95934 95933->95905 95985 75f2a3 20 API calls __dosmaperr 95934->95985 95936 77093d 95986 765333 21 API calls 2 library calls 95936->95986 95938->95884 95939->95890 95940->95890 95942 770450 95941->95942 95949 77046a 95941->95949 95942->95949 95994 75f2d9 20 API calls __dosmaperr 95942->95994 95945 77045f 95995 7627ec 26 API calls pre_c_initialization 95945->95995 95947 7704d1 95957 770524 95947->95957 95998 75d70d 26 API calls 2 library calls 95947->95998 95948 7704a2 95948->95947 95996 75f2d9 20 API calls __dosmaperr 95948->95996 95987 7703bf 95949->95987 95952 77051f 95954 77059e 95952->95954 95952->95957 95953 7704c6 95997 7627ec 26 API calls pre_c_initialization 95953->95997 95999 7627fc 11 API calls _abort 95954->95999 95957->95894 95957->95895 95958 7705aa 95960 76522d __FrameHandler3::FrameUnwindToState 95959->95960 96002 762f5e EnterCriticalSection 95960->96002 95962 765234 95963 765259 95962->95963 95968 7652c7 EnterCriticalSection 95962->95968 95970 76527b 95962->95970 95966 765000 __wsopen_s 21 API calls 95963->95966 95965 7652a4 __wsopen_s 95965->95899 95967 76525e 95966->95967 95967->95970 96006 765147 EnterCriticalSection 95967->96006 95969 7652d4 LeaveCriticalSection 95968->95969 95968->95970 95969->95962 96003 76532a 95970->96003 95972->95912 95973->95898 95974->95905 95975->95906 95976->95898 95977->95918 95978->95898 95979->95916 95980->95923 95981->95920 95982->95922 95983->95926 95984->95932 95985->95936 95986->95933 95990 7703d7 95987->95990 95988 7703f2 95988->95948 95990->95988 96000 75f2d9 20 API calls __dosmaperr 95990->96000 95991 770416 96001 7627ec 26 API calls pre_c_initialization 95991->96001 95993 770421 95993->95948 95994->95945 95995->95949 95996->95953 95997->95947 95998->95952 95999->95958 96000->95991 96001->95993 96002->95962 96007 762fa6 LeaveCriticalSection 96003->96007 96005 765331 96005->95965 96006->95970 96007->96005 96008 772402 96011 731410 96008->96011 96012 73144f mciSendStringW 96011->96012 96013 7724b8 DestroyWindow 96011->96013 96014 7316c6 96012->96014 96015 73146b 96012->96015 96026 7724c4 96013->96026 96014->96015 96017 7316d5 UnregisterHotKey 96014->96017 96016 731479 96015->96016 96015->96026 96044 73182e 96016->96044 96017->96014 96019 772509 96025 77251c FreeLibrary 96019->96025 96027 77252d 96019->96027 96020 7724e2 FindClose 96020->96026 96021 7724d8 96021->96026 96050 736246 CloseHandle 96021->96050 96024 73148e 96024->96027 96028 73149c 96024->96028 96025->96019 96026->96019 96026->96020 96026->96021 96029 772541 VirtualFree 96027->96029 96031 731509 96027->96031 96030 7314f8 OleUninitialize 96028->96030 96029->96027 96030->96031 96032 731514 96031->96032 96033 772589 96031->96033 96035 731524 96032->96035 96037 772598 messages 96033->96037 96051 7a32eb 6 API calls messages 96033->96051 96048 731944 VirtualFreeEx CloseHandle 96035->96048 96040 772627 96037->96040 96052 7964d4 22 API calls messages 96037->96052 96039 73153a 96039->96037 96041 73161f 96039->96041 96040->96040 96041->96040 96049 731876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96041->96049 96043 7316c1 96046 73183b 96044->96046 96045 731480 96045->96019 96045->96024 96046->96045 96053 79702a 22 API calls 96046->96053 96048->96039 96049->96043 96050->96021 96051->96033 96052->96037 96053->96046 96054 731044 96059 7310f3 96054->96059 96056 73104a 96095 7500a3 29 API calls __onexit 96056->96095 96058 731054 96096 731398 96059->96096 96063 73116a 96064 73a961 22 API calls 96063->96064 96065 731174 96064->96065 96066 73a961 22 API calls 96065->96066 96067 73117e 96066->96067 96068 73a961 22 API calls 96067->96068 96069 731188 96068->96069 96070 73a961 22 API calls 96069->96070 96071 7311c6 96070->96071 96072 73a961 22 API calls 96071->96072 96073 731292 96072->96073 96106 73171c 96073->96106 96077 7312c4 96078 73a961 22 API calls 96077->96078 96079 7312ce 96078->96079 96127 741940 96079->96127 96081 7312f9 96137 731aab 96081->96137 96083 731315 96084 731325 GetStdHandle 96083->96084 96085 772485 96084->96085 96086 73137a 96084->96086 96085->96086 96087 77248e 96085->96087 96089 731387 OleInitialize 96086->96089 96088 74fddb 22 API calls 96087->96088 96090 772495 96088->96090 96089->96056 96144 7a011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96090->96144 96092 77249e 96145 7a0944 CreateThread 96092->96145 96094 7724aa CloseHandle 96094->96086 96095->96058 96146 7313f1 96096->96146 96099 7313f1 22 API calls 96100 7313d0 96099->96100 96101 73a961 22 API calls 96100->96101 96102 7313dc 96101->96102 96103 736b57 22 API calls 96102->96103 96104 731129 96103->96104 96105 731bc3 6 API calls 96104->96105 96105->96063 96107 73a961 22 API calls 96106->96107 96108 73172c 96107->96108 96109 73a961 22 API calls 96108->96109 96110 731734 96109->96110 96111 73a961 22 API calls 96110->96111 96112 73174f 96111->96112 96113 74fddb 22 API calls 96112->96113 96114 73129c 96113->96114 96115 731b4a 96114->96115 96116 731b58 96115->96116 96117 73a961 22 API calls 96116->96117 96118 731b63 96117->96118 96119 73a961 22 API calls 96118->96119 96120 731b6e 96119->96120 96121 73a961 22 API calls 96120->96121 96122 731b79 96121->96122 96123 73a961 22 API calls 96122->96123 96124 731b84 96123->96124 96125 74fddb 22 API calls 96124->96125 96126 731b96 RegisterWindowMessageW 96125->96126 96126->96077 96128 741981 96127->96128 96129 74195d 96127->96129 96153 750242 5 API calls __Init_thread_wait 96128->96153 96130 74196e 96129->96130 96155 750242 5 API calls __Init_thread_wait 96129->96155 96130->96081 96132 74198b 96132->96129 96154 7501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96132->96154 96134 748727 96134->96130 96156 7501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96134->96156 96138 731abb 96137->96138 96139 77272d 96137->96139 96140 74fddb 22 API calls 96138->96140 96157 7a3209 23 API calls 96139->96157 96142 731ac3 96140->96142 96142->96083 96143 772738 96144->96092 96145->96094 96158 7a092a 28 API calls 96145->96158 96147 73a961 22 API calls 96146->96147 96148 7313fc 96147->96148 96149 73a961 22 API calls 96148->96149 96150 731404 96149->96150 96151 73a961 22 API calls 96150->96151 96152 7313c6 96151->96152 96152->96099 96153->96132 96154->96129 96155->96134 96156->96130 96157->96143 96159 782a00 96160 73d7b0 messages 96159->96160 96161 73db11 PeekMessageW 96160->96161 96162 73d807 GetInputState 96160->96162 96163 73d9d5 96160->96163 96165 781cbe TranslateAcceleratorW 96160->96165 96166 73da04 timeGetTime 96160->96166 96167 73db73 TranslateMessage DispatchMessageW 96160->96167 96168 73db8f PeekMessageW 96160->96168 96169 73dbaf Sleep 96160->96169 96170 782b74 Sleep 96160->96170 96172 781dda timeGetTime 96160->96172 96191 741310 96160->96191 96243 73dd50 176 API calls 96160->96243 96244 73dfd0 176 API calls 3 library calls 96160->96244 96245 73bf40 176 API calls 2 library calls 96160->96245 96246 74edf6 IsDialogMessageW GetClassLongW 96160->96246 96248 7a3a2a 23 API calls 96160->96248 96249 73ec40 176 API calls 3 library calls 96160->96249 96250 7a359c 82 API calls __wsopen_s 96160->96250 96161->96160 96162->96160 96162->96161 96165->96160 96166->96160 96167->96168 96168->96160 96184 73dbc0 96169->96184 96170->96184 96171 74e551 timeGetTime 96171->96184 96247 74e300 23 API calls 96172->96247 96175 782c0b GetExitCodeProcess 96179 782c21 WaitForSingleObject 96175->96179 96180 782c37 CloseHandle 96175->96180 96176 782a31 96176->96163 96177 7c29bf GetForegroundWindow 96177->96184 96179->96160 96179->96180 96180->96184 96181 782ca9 Sleep 96181->96160 96184->96160 96184->96163 96184->96171 96184->96175 96184->96176 96184->96177 96184->96181 96251 7b5658 23 API calls 96184->96251 96252 79e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96184->96252 96253 79d4dc 47 API calls 96184->96253 96192 741376 96191->96192 96193 7417b0 96191->96193 96195 741390 96192->96195 96196 786331 96192->96196 96259 750242 5 API calls __Init_thread_wait 96193->96259 96199 741940 9 API calls 96195->96199 96264 7b709c 176 API calls 96196->96264 96198 7417ba 96201 7417fb 96198->96201 96203 739cb3 22 API calls 96198->96203 96202 7413a0 96199->96202 96200 78633d 96200->96160 96207 786346 96201->96207 96208 74182c 96201->96208 96204 741940 9 API calls 96202->96204 96213 7417d4 96203->96213 96205 7413b6 96204->96205 96205->96201 96206 7413ec 96205->96206 96206->96207 96231 741408 __fread_nolock 96206->96231 96265 7a359c 82 API calls __wsopen_s 96207->96265 96261 73aceb 23 API calls messages 96208->96261 96211 741839 96262 74d217 176 API calls 96211->96262 96212 786369 96212->96160 96260 7501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96213->96260 96216 78636e 96266 7a359c 82 API calls __wsopen_s 96216->96266 96218 74153c 96221 741940 9 API calls 96218->96221 96219 7863d1 96268 7b5745 54 API calls _wcslen 96219->96268 96223 741549 96221->96223 96222 74fddb 22 API calls 96222->96231 96226 741940 9 API calls 96223->96226 96234 7864fa 96223->96234 96224 741872 96263 74faeb 23 API calls 96224->96263 96225 74fe0b 22 API calls 96225->96231 96228 741563 96226->96228 96228->96234 96238 7415c7 messages 96228->96238 96269 73a8c7 22 API calls __fread_nolock 96228->96269 96231->96211 96231->96212 96231->96216 96231->96222 96231->96225 96232 74152f 96231->96232 96233 7863b2 96231->96233 96257 73ec40 176 API calls 3 library calls 96231->96257 96232->96218 96232->96219 96267 7a359c 82 API calls __wsopen_s 96233->96267 96234->96212 96270 7a359c 82 API calls __wsopen_s 96234->96270 96237 741940 9 API calls 96237->96238 96238->96212 96238->96224 96238->96234 96238->96237 96241 74167b messages 96238->96241 96254 7bac5b 96238->96254 96239 74171d 96239->96160 96241->96239 96258 74ce17 22 API calls messages 96241->96258 96243->96160 96244->96160 96245->96160 96246->96160 96247->96160 96248->96160 96249->96160 96250->96160 96251->96184 96252->96184 96253->96184 96271 7bad64 96254->96271 96256 7bac6f 96256->96238 96257->96231 96258->96241 96259->96198 96260->96201 96261->96211 96262->96224 96263->96224 96264->96200 96265->96212 96266->96212 96267->96212 96268->96228 96269->96238 96270->96212 96272 73a961 22 API calls 96271->96272 96273 7bad77 ___scrt_fastfail 96272->96273 96274 7badce 96273->96274 96276 737510 53 API calls 96273->96276 96275 7badee 96274->96275 96277 737510 53 API calls 96274->96277 96278 7bae3a 96275->96278 96281 737510 53 API calls 96275->96281 96279 7badab 96276->96279 96280 7bade4 96277->96280 96284 7bae4d ___scrt_fastfail 96278->96284 96325 73b567 39 API calls 96278->96325 96279->96274 96282 737510 53 API calls 96279->96282 96323 737620 22 API calls _wcslen 96280->96323 96290 7bae04 96281->96290 96285 7badc4 96282->96285 96299 737510 96284->96299 96322 737620 22 API calls _wcslen 96285->96322 96290->96278 96291 737510 53 API calls 96290->96291 96292 7bae28 96291->96292 96292->96278 96324 73a8c7 22 API calls __fread_nolock 96292->96324 96294 7baec8 96294->96256 96295 7baeb0 96295->96294 96296 7baf35 GetProcessId 96295->96296 96297 7baf48 96296->96297 96298 7baf58 CloseHandle 96297->96298 96298->96294 96300 737525 96299->96300 96316 737522 ShellExecuteExW 96299->96316 96301 73755b 96300->96301 96302 73752d 96300->96302 96305 73756d 96301->96305 96311 7750f6 96301->96311 96313 77500f 96301->96313 96326 7551c6 26 API calls 96302->96326 96327 74fb21 51 API calls 96305->96327 96306 73753d 96310 74fddb 22 API calls 96306->96310 96307 77510e 96307->96307 96312 737547 96310->96312 96329 755183 26 API calls 96311->96329 96314 739cb3 22 API calls 96312->96314 96315 74fe0b 22 API calls 96313->96315 96321 775088 96313->96321 96314->96316 96317 775058 96315->96317 96316->96295 96318 74fddb 22 API calls 96317->96318 96319 77507f 96318->96319 96320 739cb3 22 API calls 96319->96320 96320->96321 96328 74fb21 51 API calls 96321->96328 96322->96274 96323->96275 96324->96278 96325->96284 96326->96306 96327->96306 96328->96311 96329->96307 96330 731cad SystemParametersInfoW

                                                  Executed Functions

                                                  Function 007342DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 245 7342de-73434d call 73a961 GetVersionExW call 736b57 250 773617-77362a 245->250 251 734353 245->251 253 77362b-77362f 250->253 252 734355-734357 251->252 254 773656 252->254 255 73435d-7343bc call 7393b2 call 7337a0 252->255 256 773632-77363e 253->256 257 773631 253->257 261 77365d-773660 254->261 274 7343c2-7343c4 255->274 275 7737df-7737e6 255->275 256->253 258 773640-773642 256->258 257->256 258->252 260 773648-77364f 258->260 260->250 263 773651 260->263 264 773666-7736a8 261->264 265 73441b-734435 GetCurrentProcess IsWow64Process 261->265 263->254 264->265 269 7736ae-7736b1 264->269 267 734437 265->267 268 734494-73449a 265->268 271 73443d-734449 267->271 268->271 272 7736b3-7736bd 269->272 273 7736db-7736e5 269->273 276 773824-773828 GetSystemInfo 271->276 277 73444f-73445e LoadLibraryA 271->277 278 7736bf-7736c5 272->278 279 7736ca-7736d6 272->279 281 7736e7-7736f3 273->281 282 7736f8-773702 273->282 274->261 280 7343ca-7343dd 274->280 283 773806-773809 275->283 284 7737e8 275->284 287 734460-73446e GetProcAddress 277->287 288 73449c-7344a6 GetSystemInfo 277->288 278->265 279->265 289 7343e3-7343e5 280->289 290 773726-77372f 280->290 281->265 292 773715-773721 282->292 293 773704-773710 282->293 285 7737f4-7737fc 283->285 286 77380b-77381a 283->286 291 7737ee 284->291 285->283 286->291 296 77381c-773822 286->296 287->288 297 734470-734474 GetNativeSystemInfo 287->297 298 734476-734478 288->298 299 7343eb-7343ee 289->299 300 77374d-773762 289->300 294 773731-773737 290->294 295 77373c-773748 290->295 291->285 292->265 293->265 294->265 295->265 296->285 297->298 303 734481-734493 298->303 304 73447a-73447b FreeLibrary 298->304 305 773791-773794 299->305 306 7343f4-73440f 299->306 301 773764-77376a 300->301 302 77376f-77377b 300->302 301->265 302->265 304->303 305->265 309 77379a-7737c1 305->309 307 734415 306->307 308 773780-77378c 306->308 307->265 308->265 310 7737c3-7737c9 309->310 311 7737ce-7737da 309->311 310->265 311->265
                                                  APIs
                                                  • GetVersionExW.KERNEL32(?), ref: 0073430D
                                                    • Part of subcall function 00736B57: _wcslen.LIBCMT ref: 00736B6A
                                                  • GetCurrentProcess.KERNEL32(?,007CCB64,00000000,?,?), ref: 00734422
                                                  • IsWow64Process.KERNEL32(00000000,?,?), ref: 00734429
                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00734454
                                                  • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00734466
                                                  • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00734474
                                                  • FreeLibrary.KERNEL32(00000000,?,?), ref: 0073447B
                                                  • GetSystemInfo.KERNEL32(?,?,?), ref: 007344A0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                  • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                  • API String ID: 3290436268-3101561225
                                                  • Opcode ID: 4574ac805cee21d4d1435ae88de77fa257743185f3689bea910e8f4f58fc364d
                                                  • Instruction ID: a09deb017e4c8ea5ac2ce99069acceb4b255fe16e6702da41bd07d798bcdeb6f
                                                  • Opcode Fuzzy Hash: 4574ac805cee21d4d1435ae88de77fa257743185f3689bea910e8f4f58fc364d
                                                  • Instruction Fuzzy Hash: E9A1F86190A2C0CFDF96C7797C8D5967FE47B26360F1A88ADE04593B23D23C5908DB61
                                                  Function 007342A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 649 7342a2-7342ba CreateStreamOnHGlobal 650 7342da-7342dd 649->650 651 7342bc-7342d3 FindResourceExW 649->651 652 7342d9 651->652 653 7735ba-7735c9 LoadResource 651->653 652->650 653->652 654 7735cf-7735dd SizeofResource 653->654 654->652 655 7735e3-7735ee LockResource 654->655 655->652 656 7735f4-773612 655->656 656->652
                                                  APIs
                                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,007350AA,?,?,00000000,00000000), ref: 007342B2
                                                  • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,007350AA,?,?,00000000,00000000), ref: 007342C9
                                                  • LoadResource.KERNEL32(?,00000000,?,?,007350AA,?,?,00000000,00000000,?,?,?,?,?,?,00734F20), ref: 007735BE
                                                  • SizeofResource.KERNEL32(?,00000000,?,?,007350AA,?,?,00000000,00000000,?,?,?,?,?,?,00734F20), ref: 007735D3
                                                  • LockResource.KERNEL32(007350AA,?,?,007350AA,?,?,00000000,00000000,?,?,?,?,?,?,00734F20,?), ref: 007735E6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                  • String ID: SCRIPT
                                                  • API String ID: 3051347437-3967369404
                                                  • Opcode ID: 08cc1f204fb07dfe24862328bffe157dfd7f4ab5544167ec82355cd66a398883
                                                  • Instruction ID: a2dae2e51ee880ca5839be6387cc066a0016e90d96a17b875782970f5fdabc68
                                                  • Opcode Fuzzy Hash: 08cc1f204fb07dfe24862328bffe157dfd7f4ab5544167ec82355cd66a398883
                                                  • Instruction Fuzzy Hash: 9B117C72200700BFEB268BA6DC49F277BBDFBC6B51F14816DF41696650DB75EC009A20
                                                  Function 00772BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00732B6B
                                                    • Part of subcall function 00733A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00801418,?,00732E7F,?,?,?,00000000), ref: 00733A78
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                  • GetForegroundWindow.USER32(runas,?,?,?,?,?,007F2224), ref: 00772C10
                                                  • ShellExecuteW.SHELL32(00000000,?,?,007F2224), ref: 00772C17
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                  • String ID: runas
                                                  • API String ID: 448630720-4000483414
                                                  • Opcode ID: b7afadff992840ca2eec2e896c649092c1e0a6c8ae36e0e6578697f41193b6ab
                                                  • Instruction ID: e7a1b8615c11dc389ebd3e69482e97b89cfda2317f1c66128beef45ed5ae3a49
                                                  • Opcode Fuzzy Hash: b7afadff992840ca2eec2e896c649092c1e0a6c8ae36e0e6578697f41193b6ab
                                                  • Instruction Fuzzy Hash: D7110671208345EAEB15FF60DC5DDBEBBA5AB90350F04542DF286420A3DF6C8A0AC712
                                                  Function 00754CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(007628E9,?,00754CBE,007628E9,007F88B8,0000000C,00754E15,007628E9,00000002,00000000,?,007628E9), ref: 00754D09
                                                  • TerminateProcess.KERNEL32(00000000,?,00754CBE,007628E9,007F88B8,0000000C,00754E15,007628E9,00000002,00000000,?,007628E9), ref: 00754D10
                                                  • ExitProcess.KERNEL32 ref: 00754D22
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Process$CurrentExitTerminate
                                                  • String ID:
                                                  • API String ID: 1703294689-0
                                                  • Opcode ID: 416c404954c9c4d53ebc3128a348f331044b962df33f4375ee907049418ed790
                                                  • Instruction ID: 4814eb57daf2cb3b6c35f277881e886d96ff90c2b5d6587dabf9b84fa1cba6e5
                                                  • Opcode Fuzzy Hash: 416c404954c9c4d53ebc3128a348f331044b962df33f4375ee907049418ed790
                                                  • Instruction Fuzzy Hash: A1E0BF71500648ABCF126F64DD0DE983B79FB41746B148018FD098B122CB7DDD86CA94
                                                  Function 0073D730 Relevance: 21.6, APIs: 14, Instructions: 631sleepsynchronizationtimeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetInputState.USER32 ref: 0073D807
                                                  • timeGetTime.WINMM ref: 0073DA07
                                                  • Sleep.KERNEL32(0000000A), ref: 0073DBB1
                                                  • Sleep.KERNEL32(0000000A), ref: 00782B76
                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00782C11
                                                  • WaitForSingleObject.KERNEL32(?,00000000), ref: 00782C29
                                                  • CloseHandle.KERNEL32(?), ref: 00782C3D
                                                  • Sleep.KERNEL32(?,CCCCCCCC,00000000), ref: 00782CA9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Sleep$CloseCodeExitHandleInputObjectProcessSingleStateTimeWaittime
                                                  • String ID:
                                                  • API String ID: 388478766-0
                                                  • Opcode ID: 6d28b2b0af66ccad728fbb937e2cad1f9051f219dff0ee7dbed618790b8a900e
                                                  • Instruction ID: c149ae5da2e4787b80f8386d8933afa46777aaa666433fc08b13ffc0440b7e76
                                                  • Opcode Fuzzy Hash: 6d28b2b0af66ccad728fbb937e2cad1f9051f219dff0ee7dbed618790b8a900e
                                                  • Instruction Fuzzy Hash: 2A421070648241EFE739DF24D888BAAB7E0FF45310F14855DE49687292D778EC45CB92
                                                  Function 00732CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • GetSysColorBrush.USER32(0000000F), ref: 00732D07
                                                  • RegisterClassExW.USER32(00000030), ref: 00732D31
                                                  • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00732D42
                                                  • InitCommonControlsEx.COMCTL32(?), ref: 00732D5F
                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00732D6F
                                                  • LoadIconW.USER32(000000A9), ref: 00732D85
                                                  • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00732D94
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                  • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                  • API String ID: 2914291525-1005189915
                                                  • Opcode ID: 3f4831efaca65f050ea02d419b49047ad226f8bafe56e1a1c57f5a724649da76
                                                  • Instruction ID: 513ea2f0374f229ae9d6b98a677475024094a2f9996a5a2785b67abacc69676e
                                                  • Opcode Fuzzy Hash: 3f4831efaca65f050ea02d419b49047ad226f8bafe56e1a1c57f5a724649da76
                                                  • Instruction Fuzzy Hash: 0621EFB1D01308AFDF41DFA4EC89B9DBBB4FB08B10F00811AFA15A62A0D7B955408F94
                                                  Function 0077065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 313 77065b-77068b call 77042f 316 7706a6-7706b2 call 765221 313->316 317 77068d-770698 call 75f2c6 313->317 323 7706b4-7706c9 call 75f2c6 call 75f2d9 316->323 324 7706cb-770714 call 77039a 316->324 322 77069a-7706a1 call 75f2d9 317->322 333 77097d-770983 322->333 323->322 331 770716-77071f 324->331 332 770781-77078a GetFileType 324->332 335 770756-77077c GetLastError call 75f2a3 331->335 336 770721-770725 331->336 337 7707d3-7707d6 332->337 338 77078c-7707bd GetLastError call 75f2a3 CloseHandle 332->338 335->322 336->335 342 770727-770754 call 77039a 336->342 340 7707df-7707e5 337->340 341 7707d8-7707dd 337->341 338->322 352 7707c3-7707ce call 75f2d9 338->352 345 7707e9-770837 call 76516a 340->345 346 7707e7 340->346 341->345 342->332 342->335 355 770847-77086b call 77014d 345->355 356 770839-770845 call 7705ab 345->356 346->345 352->322 363 77087e-7708c1 355->363 364 77086d 355->364 356->355 362 77086f-770879 call 7686ae 356->362 362->333 365 7708c3-7708c7 363->365 366 7708e2-7708f0 363->366 364->362 365->366 369 7708c9-7708dd 365->369 370 7708f6-7708fa 366->370 371 77097b 366->371 369->366 370->371 372 7708fc-77092f CloseHandle call 77039a 370->372 371->333 375 770963-770977 372->375 376 770931-77095d GetLastError call 75f2a3 call 765333 372->376 375->371 376->375
                                                  APIs
                                                    • Part of subcall function 0077039A: CreateFileW.KERNEL32(00000000,00000000,?,00770704,?,?,00000000,?,00770704,00000000,0000000C), ref: 007703B7
                                                  • GetLastError.KERNEL32 ref: 0077076F
                                                  • __dosmaperr.LIBCMT ref: 00770776
                                                  • GetFileType.KERNEL32(00000000), ref: 00770782
                                                  • GetLastError.KERNEL32 ref: 0077078C
                                                  • __dosmaperr.LIBCMT ref: 00770795
                                                  • CloseHandle.KERNEL32(00000000), ref: 007707B5
                                                  • CloseHandle.KERNEL32(?), ref: 007708FF
                                                  • GetLastError.KERNEL32 ref: 00770931
                                                  • __dosmaperr.LIBCMT ref: 00770938
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                  • String ID: H
                                                  • API String ID: 4237864984-2852464175
                                                  • Opcode ID: a6fd4e4bbe1e4a43cf48eece39f9735b319fc09c121bf79893974719bf04e690
                                                  • Instruction ID: 6766dc1df00a03865e2258f5bfbbd7ac5b395b1f892c418c59bc8e95dd03c098
                                                  • Opcode Fuzzy Hash: a6fd4e4bbe1e4a43cf48eece39f9735b319fc09c121bf79893974719bf04e690
                                                  • Instruction Fuzzy Hash: 66A13432A10148CFDF19AF68D855BAE3BA0AB06360F14815DF819DB3D1DB399C12CBD2
                                                  Function 0073344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                    • Part of subcall function 00733A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00801418,?,00732E7F,?,?,?,00000000), ref: 00733A78
                                                    • Part of subcall function 00733357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00733379
                                                  • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0073356A
                                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0077318D
                                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 007731CE
                                                  • RegCloseKey.ADVAPI32(?), ref: 00773210
                                                  • _wcslen.LIBCMT ref: 00773277
                                                  • _wcslen.LIBCMT ref: 00773286
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                  • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                  • API String ID: 98802146-2727554177
                                                  • Opcode ID: b1c3cf3d4dbef0b7433a4d7fb2c3f14b0cfbe3227b97f563c7a60c832ae5609b
                                                  • Instruction ID: c77137ba4c425735e5c6c6d14ae30d1a2cb68a2a17e04925c1b6270c397ddc4d
                                                  • Opcode Fuzzy Hash: b1c3cf3d4dbef0b7433a4d7fb2c3f14b0cfbe3227b97f563c7a60c832ae5609b
                                                  • Instruction Fuzzy Hash: AE71C471404301DED754EF65DC8A99BBBE8FF85340F41442EF549932B1EBB89A48CB61
                                                  Function 00732B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • GetSysColorBrush.USER32(0000000F), ref: 00732B8E
                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00732B9D
                                                  • LoadIconW.USER32(00000063), ref: 00732BB3
                                                  • LoadIconW.USER32(000000A4), ref: 00732BC5
                                                  • LoadIconW.USER32(000000A2), ref: 00732BD7
                                                  • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00732BEF
                                                  • RegisterClassExW.USER32(?), ref: 00732C40
                                                    • Part of subcall function 00732CD4: GetSysColorBrush.USER32(0000000F), ref: 00732D07
                                                    • Part of subcall function 00732CD4: RegisterClassExW.USER32(00000030), ref: 00732D31
                                                    • Part of subcall function 00732CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00732D42
                                                    • Part of subcall function 00732CD4: InitCommonControlsEx.COMCTL32(?), ref: 00732D5F
                                                    • Part of subcall function 00732CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00732D6F
                                                    • Part of subcall function 00732CD4: LoadIconW.USER32(000000A9), ref: 00732D85
                                                    • Part of subcall function 00732CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00732D94
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                  • String ID: #$0$AutoIt v3
                                                  • API String ID: 423443420-4155596026
                                                  • Opcode ID: fe3e7666e7d12902cfd0e2f54cbe37ade8837a7a723445c98fca04f9dc11ba83
                                                  • Instruction ID: c4dc1055ea3f86a442c13fe579f407a3a422e5cbfd7d0a28cae1f8eae9729854
                                                  • Opcode Fuzzy Hash: fe3e7666e7d12902cfd0e2f54cbe37ade8837a7a723445c98fca04f9dc11ba83
                                                  • Instruction Fuzzy Hash: B1214970E00318ABDF519FA5EC49BA97FF4FB08B60F05402AF504A67A0D3B90540CF94
                                                  Function 00733170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 454 733170-733185 455 733187-73318a 454->455 456 7331e5-7331e7 454->456 457 7331eb 455->457 458 73318c-733193 455->458 456->455 459 7331e9 456->459 463 7331f1-7331f6 457->463 464 772dfb-772e23 call 7318e2 call 74e499 457->464 460 733265-73326d PostQuitMessage 458->460 461 733199-73319e 458->461 462 7331d0-7331d8 DefWindowProcW 459->462 471 733219-73321b 460->471 468 7331a4-7331a8 461->468 469 772e7c-772e90 call 79bf30 461->469 470 7331de-7331e4 462->470 465 7331f8-7331fb 463->465 466 73321d-733244 SetTimer RegisterWindowMessageW 463->466 499 772e28-772e2f 464->499 472 733201-73320f KillTimer call 7330f2 465->472 473 772d9c-772d9f 465->473 466->471 475 733246-733251 CreatePopupMenu 466->475 476 7331ae-7331b3 468->476 477 772e68-772e77 call 79c161 468->477 469->471 493 772e96 469->493 471->470 488 733214 call 733c50 472->488 485 772dd7-772df6 MoveWindow 473->485 486 772da1-772da5 473->486 475->471 482 772e4d-772e54 476->482 483 7331b9-7331be 476->483 477->471 482->462 487 772e5a-772e63 call 790ad7 482->487 491 733253-733263 call 73326f 483->491 492 7331c4-7331ca 483->492 485->471 494 772da7-772daa 486->494 495 772dc6-772dd2 SetFocus 486->495 487->462 488->471 491->471 492->462 492->499 493->462 494->492 500 772db0-772dc1 call 7318e2 494->500 495->471 499->462 504 772e35-772e48 call 7330f2 call 733837 499->504 500->471 504->462
                                                  APIs
                                                  • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0073316A,?,?), ref: 007331D8
                                                  • KillTimer.USER32(?,00000001,?,?,?,?,?,0073316A,?,?), ref: 00733204
                                                  • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00733227
                                                  • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0073316A,?,?), ref: 00733232
                                                  • CreatePopupMenu.USER32 ref: 00733246
                                                  • PostQuitMessage.USER32(00000000), ref: 00733267
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                  • String ID: TaskbarCreated
                                                  • API String ID: 129472671-2362178303
                                                  • Opcode ID: 91d4dc2b61f228a019f5e2c32c33d4afffaf04300c5cc7d7e5358f5b284c6c2b
                                                  • Instruction ID: 0b1f3a5108065e1a891864862597baf080d19cc11dbe1a4daf05b9b4eb6d5b0e
                                                  • Opcode Fuzzy Hash: 91d4dc2b61f228a019f5e2c32c33d4afffaf04300c5cc7d7e5358f5b284c6c2b
                                                  • Instruction Fuzzy Hash: 42411631640208EBFF751B789D0DB7A3B19FB05360F048129F51AC62E3CBBD8A4197A5
                                                  Function 00731410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 510 731410-731449 511 73144f-731465 mciSendStringW 510->511 512 7724b8-7724b9 DestroyWindow 510->512 513 7316c6-7316d3 511->513 514 73146b-731473 511->514 515 7724c4-7724d1 512->515 517 7316d5-7316f0 UnregisterHotKey 513->517 518 7316f8-7316ff 513->518 514->515 516 731479-731488 call 73182e 514->516 520 7724d3-7724d6 515->520 521 772500-772507 515->521 531 77250e-77251a 516->531 532 73148e-731496 516->532 517->518 523 7316f2-7316f3 call 7310d0 517->523 518->514 519 731705 518->519 519->513 525 7724e2-7724e5 FindClose 520->525 526 7724d8-7724e0 call 736246 520->526 521->515 524 772509 521->524 523->518 524->531 530 7724eb-7724f8 525->530 526->530 530->521 536 7724fa-7724fb call 7a32b1 530->536 533 772524-77252b 531->533 534 77251c-77251e FreeLibrary 531->534 537 772532-77253f 532->537 538 73149c-7314c1 call 73cfa0 532->538 533->531 541 77252d 533->541 534->533 536->521 542 772566-77256d 537->542 543 772541-77255e VirtualFree 537->543 547 7314c3 538->547 548 7314f8-731503 OleUninitialize 538->548 541->537 542->537 546 77256f 542->546 543->542 545 772560-772561 call 7a3317 543->545 545->542 550 772574-772578 546->550 551 7314c6-7314f6 call 731a05 call 7319ae 547->551 548->550 552 731509-73150e 548->552 550->552 553 77257e-772584 550->553 551->548 555 731514-73151e 552->555 556 772589-772596 call 7a32eb 552->556 553->552 559 731707-731714 call 74f80e 555->559 560 731524-7315a5 call 73988f call 731944 call 7317d5 call 74fe14 call 73177c call 73988f call 73cfa0 call 7317fe call 74fe14 555->560 568 772598 556->568 559->560 570 73171a 559->570 572 77259d-7725bf call 74fdcd 560->572 600 7315ab-7315cf call 74fe14 560->600 568->572 570->559 579 7725c1 572->579 582 7725c6-7725e8 call 74fdcd 579->582 587 7725ea 582->587 590 7725ef-772611 call 74fdcd 587->590 596 772613 590->596 599 772618-772625 call 7964d4 596->599 606 772627 599->606 600->582 605 7315d5-7315f9 call 74fe14 600->605 605->590 610 7315ff-731619 call 74fe14 605->610 609 77262c-772639 call 74ac64 606->609 614 77263b 609->614 610->599 616 73161f-731643 call 7317d5 call 74fe14 610->616 617 772640-77264d call 7a3245 614->617 616->609 625 731649-731651 616->625 623 77264f 617->623 626 772654-772661 call 7a32cc 623->626 625->617 627 731657-731675 call 73988f call 73190a 625->627 633 772663 626->633 627->626 635 73167b-731689 627->635 636 772668-772675 call 7a32cc 633->636 635->636 637 73168f-7316c5 call 73988f * 3 call 731876 635->637 642 772677 636->642 642->642
                                                  APIs
                                                  • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00731459
                                                  • OleUninitialize.OLE32(?,00000000), ref: 007314F8
                                                  • UnregisterHotKey.USER32(?), ref: 007316DD
                                                  • DestroyWindow.USER32(?), ref: 007724B9
                                                  • FreeLibrary.KERNEL32(?), ref: 0077251E
                                                  • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0077254B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                  • String ID: close all
                                                  • API String ID: 469580280-3243417748
                                                  • Opcode ID: b91943093527caf0fb36d7b77f80871e7533d085a7ff5e09ef897f935c0b8520
                                                  • Instruction ID: f9ac05129df8d5fe9ec4b9d99f7a659f27101a513c7b752dccb39036dbe36ccc
                                                  • Opcode Fuzzy Hash: b91943093527caf0fb36d7b77f80871e7533d085a7ff5e09ef897f935c0b8520
                                                  • Instruction Fuzzy Hash: D9D15C31701212CFEB19EF14C499A29F7A4BF45740F5482ADE45AAB253DB38AD23CF51
                                                  Function 00732C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 659 732c63-732cd3 CreateWindowExW * 2 ShowWindow * 2
                                                  APIs
                                                  • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00732C91
                                                  • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00732CB2
                                                  • ShowWindow.USER32(00000000,?,?,?,?,?,?,00731CAD,?), ref: 00732CC6
                                                  • ShowWindow.USER32(00000000,?,?,?,?,?,?,00731CAD,?), ref: 00732CCF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$CreateShow
                                                  • String ID: AutoIt v3$edit
                                                  • API String ID: 1584632944-3779509399
                                                  • Opcode ID: ba7b0239ce4f8373ea49f6177b755e6cb10466092be6d7947c3adccc8af4f80e
                                                  • Instruction ID: 8c8aab3bfd432e1992875800218df0225de069845fa3015e5ad33f18f1dbb6ab
                                                  • Opcode Fuzzy Hash: ba7b0239ce4f8373ea49f6177b755e6cb10466092be6d7947c3adccc8af4f80e
                                                  • Instruction Fuzzy Hash: 38F0DA755403907AEB711717AC0CE772FBDEBC6F60B02505EF904A26A0C6791851DAB4
                                                  Function 007BAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 774 7bad64-7bad9c call 73a961 call 752340 779 7bad9e-7badb5 call 737510 774->779 780 7badd1-7badd5 774->780 779->780 788 7badb7-7badce call 737510 call 737620 779->788 781 7badf1-7badf5 780->781 782 7badd7-7badee call 737510 call 737620 780->782 785 7bae3a 781->785 786 7badf7-7bae0e call 737510 781->786 782->781 790 7bae3c-7bae40 785->790 786->790 801 7bae10-7bae21 call 739b47 786->801 788->780 794 7bae53-7baeae call 752340 call 737510 ShellExecuteExW 790->794 795 7bae42-7bae50 call 73b567 790->795 811 7baeb0-7baeb6 call 74fe14 794->811 812 7baeb7-7baeb9 794->812 795->794 801->785 810 7bae23-7bae2e call 737510 801->810 810->785 819 7bae30-7bae35 call 73a8c7 810->819 811->812 816 7baebb-7baec1 call 74fe14 812->816 817 7baec2-7baec6 812->817 816->817 821 7baf0a-7baf0e 817->821 822 7baec8-7baed6 817->822 819->785 823 7baf1b-7baf33 call 73cfa0 821->823 824 7baf10-7baf19 821->824 827 7baedb-7baeeb 822->827 828 7baed8 822->828 829 7baf6d-7baf7b call 73988f 823->829 836 7baf35-7baf46 GetProcessId 823->836 824->829 831 7baeed 827->831 832 7baef0-7baf08 call 73cfa0 827->832 828->827 831->832 832->829 839 7baf48 836->839 840 7baf4e-7baf67 call 73cfa0 CloseHandle 836->840 839->840 840->829
                                                  APIs
                                                  • ShellExecuteExW.SHELL32(0000003C), ref: 007BAEA3
                                                    • Part of subcall function 00737620: _wcslen.LIBCMT ref: 00737625
                                                  • GetProcessId.KERNEL32(00000000), ref: 007BAF38
                                                  • CloseHandle.KERNEL32(00000000), ref: 007BAF67
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CloseExecuteHandleProcessShell_wcslen
                                                  • String ID: <$@
                                                  • API String ID: 146682121-1426351568
                                                  • Opcode ID: 93e412faa23f075c44164ca26473d6713fbf63896a8fc9e655f0fb01ad39c133
                                                  • Instruction ID: 45f575942dec74597864efe2a6bb13f6af678e9199f400d1c4fec32712b3dcc4
                                                  • Opcode Fuzzy Hash: 93e412faa23f075c44164ca26473d6713fbf63896a8fc9e655f0fb01ad39c133
                                                  • Instruction Fuzzy Hash: E8716975A00619EFDB15EF54C489A9EBBF0FF08310F048499E856AB362CB78ED45CB91
                                                  Function 00733B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 879 733b1c-733b27 880 733b99-733b9b 879->880 881 733b29-733b2e 879->881 883 733b8c-733b8f 880->883 881->880 882 733b30-733b48 RegOpenKeyExW 881->882 882->880 884 733b4a-733b69 RegQueryValueExW 882->884 885 733b80-733b8b RegCloseKey 884->885 886 733b6b-733b76 884->886 885->883 887 733b90-733b97 886->887 888 733b78-733b7a 886->888 889 733b7e 887->889 888->889 889->885
                                                  APIs
                                                  • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00733B0F,SwapMouseButtons,00000004,?), ref: 00733B40
                                                  • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00733B0F,SwapMouseButtons,00000004,?), ref: 00733B61
                                                  • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00733B0F,SwapMouseButtons,00000004,?), ref: 00733B83
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CloseOpenQueryValue
                                                  • String ID: Control Panel\Mouse
                                                  • API String ID: 3677997916-824357125
                                                  • Opcode ID: 72788f8368eb5e3dbae0d5156dda568686c9e4a840fabae2ca726387afed99b0
                                                  • Instruction ID: a7adda8e495c5923ba5545fbb53ba9c73305d081fe4de8130fd57e4e69f580ea
                                                  • Opcode Fuzzy Hash: 72788f8368eb5e3dbae0d5156dda568686c9e4a840fabae2ca726387afed99b0
                                                  • Instruction Fuzzy Hash: 3E1127B5610208FFEB218FA5DC84EAEBBB8EF04744F10846AE805E7111E2359E409BA4
                                                  Function 00733923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 007733A2
                                                    • Part of subcall function 00736B57: _wcslen.LIBCMT ref: 00736B6A
                                                  • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00733A04
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: IconLoadNotifyShell_String_wcslen
                                                  • String ID: Line:
                                                  • API String ID: 2289894680-1585850449
                                                  • Opcode ID: b01707c6ec7d4ec1b383d42b66e07ed179aa87bdb04c28bc15c6a82be4667395
                                                  • Instruction ID: 1a56d842b2aac15dd91432ab15d0eb7d2c0edf6d0e7be175afb8e048ba6a63bd
                                                  • Opcode Fuzzy Hash: b01707c6ec7d4ec1b383d42b66e07ed179aa87bdb04c28bc15c6a82be4667395
                                                  • Instruction Fuzzy Hash: 6731A571408304EAE775EB10DC49BEBB7D8AB40724F10851EF59992192DB7C9649C7D2
                                                  Function 0074FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 926 74fddb-74fdde 927 74fded-74fdf0 call 75ea0c 926->927 929 74fdf5-74fdf8 927->929 930 74fde0-74fdeb call 754ead 929->930 931 74fdfa-74fdfb 929->931 930->927 934 74fdfc-74fe00 930->934 935 74fe06-75066d call 75059c call 7532a4 934->935 936 75066e-750690 call 7505cf call 7532a4 934->936 935->936 946 750697 936->946 947 750692 936->947 947->946
                                                  APIs
                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00750668
                                                    • Part of subcall function 007532A4: RaiseException.KERNEL32(?,?,?,0075068A,?,00801444,?,?,?,?,?,?,0075068A,00731129,007F8738,00731129), ref: 00753304
                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00750685
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Exception@8Throw$ExceptionRaise
                                                  • String ID: Unknown exception
                                                  • API String ID: 3476068407-410509341
                                                  • Opcode ID: 216e2ad9d11a869c63c28b9213409a335f5c09ba7abd54b62da3373559598bd8
                                                  • Instruction ID: 3cd657288d70a6d7f7e53528315cfdcfba9e8e3dde11c0b73d8601b82da9227f
                                                  • Opcode Fuzzy Hash: 216e2ad9d11a869c63c28b9213409a335f5c09ba7abd54b62da3373559598bd8
                                                  • Instruction Fuzzy Hash: FCF0FF24A0020DA38B04BAA4D85ADEE776CAE00351B604431FD24825A2EFF9DA6DC9D1
                                                  Function 007310F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00731BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00731BF4
                                                    • Part of subcall function 00731BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00731BFC
                                                    • Part of subcall function 00731BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00731C07
                                                    • Part of subcall function 00731BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00731C12
                                                    • Part of subcall function 00731BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00731C1A
                                                    • Part of subcall function 00731BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00731C22
                                                    • Part of subcall function 00731B4A: RegisterWindowMessageW.USER32(00000004,?,007312C4), ref: 00731BA2
                                                  • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0073136A
                                                  • OleInitialize.OLE32 ref: 00731388
                                                  • CloseHandle.KERNEL32(00000000,00000000), ref: 007724AB
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                  • String ID:
                                                  • API String ID: 1986988660-0
                                                  • Opcode ID: cb24a98669ba2ac0f774aee21eee060ed8270508a0bbd94f2daa8bb627a52540
                                                  • Instruction ID: 179ba1d44309baefe9466c59d444f7d688aee811de957d64feda6fbcc915bc1d
                                                  • Opcode Fuzzy Hash: cb24a98669ba2ac0f774aee21eee060ed8270508a0bbd94f2daa8bb627a52540
                                                  • Instruction Fuzzy Hash: 1871AAB4A016008EDBC5DFB9AC4EA553BE1FB89370744823EE15ADB2B2EB344505CF44
                                                  Function 007686AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,007685CC,?,007F8CC8,0000000C), ref: 00768704
                                                  • GetLastError.KERNEL32(?,007685CC,?,007F8CC8,0000000C), ref: 0076870E
                                                  • __dosmaperr.LIBCMT ref: 00768739
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                  • String ID:
                                                  • API String ID: 490808831-0
                                                  • Opcode ID: fd0442dd4e7f7b1c38ba682ee9495b3d4752d66ee64505e5d1330783e60eb164
                                                  • Instruction ID: 5032ea0ce40649cbc6e5433c373a5bc3db8d328ab1a192815e759f5e8d5852c7
                                                  • Opcode Fuzzy Hash: fd0442dd4e7f7b1c38ba682ee9495b3d4752d66ee64505e5d1330783e60eb164
                                                  • Instruction Fuzzy Hash: F3018E3260526056C2F16334E849B7E27494B82B78F3D031DFD0B8B1D3DEACCC819552
                                                  Function 00741310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __Init_thread_footer.LIBCMT ref: 007417F6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Init_thread_footer
                                                  • String ID: CALL
                                                  • API String ID: 1385522511-4196123274
                                                  • Opcode ID: c99d027dd6f141b3bb8a15bb568626cb5294524bac0fd205f085845beb1f1139
                                                  • Instruction ID: fb6c0a0053efd413dcb82e1f1c88e7226de348a73493a04a3c8b8c8977a447dd
                                                  • Opcode Fuzzy Hash: c99d027dd6f141b3bb8a15bb568626cb5294524bac0fd205f085845beb1f1139
                                                  • Instruction Fuzzy Hash: 21229A70608241DFC714EF14C894B2ABBF1BF85314F64896DF4968B3A2D779E891CB92
                                                  Function 00732DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetOpenFileNameW.COMDLG32(?), ref: 00772C8C
                                                    • Part of subcall function 00733AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00733A97,?,?,00732E7F,?,?,?,00000000), ref: 00733AC2
                                                    • Part of subcall function 00732DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00732DC4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Name$Path$FileFullLongOpen
                                                  • String ID: X
                                                  • API String ID: 779396738-3081909835
                                                  • Opcode ID: fcae108ce94cdd6aa297b967a1624a382660be77f0cc51b8143998052a963520
                                                  • Instruction ID: b5d611521fee42dbfeac5f6b4a6316d1fa3d14035031a5b2d981b0fec4626201
                                                  • Opcode Fuzzy Hash: fcae108ce94cdd6aa297b967a1624a382660be77f0cc51b8143998052a963520
                                                  • Instruction Fuzzy Hash: 9C219671A00298DBDF41EF94C849BEE7BF8AF49714F008059E505A7342DBBC5A498FA1
                                                  Function 00733837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00733908
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: IconNotifyShell_
                                                  • String ID:
                                                  • API String ID: 1144537725-0
                                                  • Opcode ID: 72f4ce9c92a13fce5307223a09ac4e5ec48edd64d22a76c2a41e3a18f9abaa06
                                                  • Instruction ID: 33e8b841bff8f922f7413eb74dea3da4dfb3075ac5d117ace457a2b3308326d5
                                                  • Opcode Fuzzy Hash: 72f4ce9c92a13fce5307223a09ac4e5ec48edd64d22a76c2a41e3a18f9abaa06
                                                  • Instruction Fuzzy Hash: 59317F70504301DFE761DF24D889B97BBE4FB49719F00092EF59983251E779AA44CB62
                                                  Function 00734ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00734E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00734EDD,?,00801418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00734E9C
                                                    • Part of subcall function 00734E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00734EAE
                                                    • Part of subcall function 00734E90: FreeLibrary.KERNEL32(00000000,?,?,00734EDD,?,00801418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00734EC0
                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00801418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00734EFD
                                                    • Part of subcall function 00734E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00773CDE,?,00801418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00734E62
                                                    • Part of subcall function 00734E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00734E74
                                                    • Part of subcall function 00734E59: FreeLibrary.KERNEL32(00000000,?,?,00773CDE,?,00801418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00734E87
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Library$Load$AddressFreeProc
                                                  • String ID:
                                                  • API String ID: 2632591731-0
                                                  • Opcode ID: 4ff5fa4d0b3d37dfee6e5a1b584534deb2a7eb85d7cfeecca2a06ea78c2c2ce6
                                                  • Instruction ID: d5620469ea9270b3c36df3acf78d26cca4002d43927fb040825c7b819b367045
                                                  • Opcode Fuzzy Hash: 4ff5fa4d0b3d37dfee6e5a1b584534deb2a7eb85d7cfeecca2a06ea78c2c2ce6
                                                  • Instruction Fuzzy Hash: 98112332640306EAEF19AF64DC0AFAD77A5AF40710F18842DF446A61C2EE7DEA059B50
                                                  Function 00768402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: __wsopen_s
                                                  • String ID:
                                                  • API String ID: 3347428461-0
                                                  • Opcode ID: ba211a76dd22b613af854d2330aedc496d1f83111a9330f11c60a1250f6a047d
                                                  • Instruction ID: c5edba253b46d8509da92b5711fe208ec8f09bf1be8721f0d186db560cd8810e
                                                  • Opcode Fuzzy Hash: ba211a76dd22b613af854d2330aedc496d1f83111a9330f11c60a1250f6a047d
                                                  • Instruction Fuzzy Hash: 0011187590410AEFCF05DF58E945A9A7BF5EF48314F1041A9FC09AB312DA31EA11CBA5
                                                  Function 00765000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00764C7D: RtlAllocateHeap.NTDLL(00000008,00731129,00000000,?,00762E29,00000001,00000364,?,?,?,0075F2DE,00763863,00801444,?,0074FDF5,?), ref: 00764CBE
                                                  • _free.LIBCMT ref: 0076506C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap_free
                                                  • String ID:
                                                  • API String ID: 614378929-0
                                                  • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                  • Instruction ID: 014e7613df248f1d1d8cf9c4d1d9063f82cc69a86880d9384d2cdd30a0310acb
                                                  • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                  • Instruction Fuzzy Hash: 91014972204705ABE3318F65D885A5AFBECFB89370F25061DF985932C0EB34A805C7B4
                                                  Function 0075E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                  • Instruction ID: f302a48f3a049f35ea11da9059590941656ffdf2832c75c2b61c4d6a110bf370
                                                  • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                  • Instruction Fuzzy Hash: 95F0F932510A10DAC7353A658C09BDA3399DF523B3F100715FD22921D2CBFCE90A89A6
                                                  Function 00764C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(00000008,00731129,00000000,?,00762E29,00000001,00000364,?,?,?,0075F2DE,00763863,00801444,?,0074FDF5,?), ref: 00764CBE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: 85d003d670df292323afa6fa8cccc3f24dccccd98467ab5b2c7c65bfee41fac3
                                                  • Instruction ID: 9f931dea807050330b553979ea743eb99ad4d77226e403b68a2ec7eea6c94bcd
                                                  • Opcode Fuzzy Hash: 85d003d670df292323afa6fa8cccc3f24dccccd98467ab5b2c7c65bfee41fac3
                                                  • Instruction Fuzzy Hash: E5F0B432602224A7DB215F669C09B9A3788BF817A1B194115FC1BA6381CA7CDC0186F0
                                                  Function 00763820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(00000000,?,00801444,?,0074FDF5,?,?,0073A976,00000010,00801440,007313FC,?,007313C6,?,00731129), ref: 00763852
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: 753f9d4dbfc77b7e54f63a162aca5c2c35e0f0b228a4dbe5b13800027f040619
                                                  • Instruction ID: f65d51c308548e16457a168eb146c0ee0b2dcac3a6dbaf2f66befd49edc962af
                                                  • Opcode Fuzzy Hash: 753f9d4dbfc77b7e54f63a162aca5c2c35e0f0b228a4dbe5b13800027f040619
                                                  • Instruction Fuzzy Hash: B0E0E5321002269AE62127A79C09BDA3749AB427B1F090022FC0793581CB5CDD01C2F0
                                                  Function 00734F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FreeLibrary.KERNEL32(?,?,00801418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00734F6D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: FreeLibrary
                                                  • String ID:
                                                  • API String ID: 3664257935-0
                                                  • Opcode ID: a88c80594d7fbc826390227d5e572a17043d33b0cd29f39bba1e3b3444c74065
                                                  • Instruction ID: e75a56e7d69b4738e5c4916817a4de0d2a074acd076793ffec3093b868b752d0
                                                  • Opcode Fuzzy Hash: a88c80594d7fbc826390227d5e572a17043d33b0cd29f39bba1e3b3444c74065
                                                  • Instruction Fuzzy Hash: D4F030B1105752CFEB389F65D494C12B7E4EF1431971C89BEE1DA82612C739A944DF10
                                                  Function 007330F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0073314E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: IconNotifyShell_
                                                  • String ID:
                                                  • API String ID: 1144537725-0
                                                  • Opcode ID: 2f34460ae365e33f82a9aef8417c278e07d48cd60b8a8085b0fa337c7c24b340
                                                  • Instruction ID: d9af76a327de757ea3944052326043eaea3cee40888ae31ada2a8d8c1c7e2d40
                                                  • Opcode Fuzzy Hash: 2f34460ae365e33f82a9aef8417c278e07d48cd60b8a8085b0fa337c7c24b340
                                                  • Instruction Fuzzy Hash: C9F037709143589FEB929B24DC4D7D57BBCBB01708F0040E9E54896296D7785789CF51
                                                  Function 00732DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00732DC4
                                                    • Part of subcall function 00736B57: _wcslen.LIBCMT ref: 00736B6A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: LongNamePath_wcslen
                                                  • String ID:
                                                  • API String ID: 541455249-0
                                                  • Opcode ID: 7de061dc40f3e531aef6fc258b7a6f9e45952169aea0f9cb23b180eb487fde43
                                                  • Instruction ID: 3cdc1eb6930b43cf588cf938bb6e6379973f12547d5ffaf5a82e07634b6dd501
                                                  • Opcode Fuzzy Hash: 7de061dc40f3e531aef6fc258b7a6f9e45952169aea0f9cb23b180eb487fde43
                                                  • Instruction Fuzzy Hash: B2E0CDB2A001245BDB1192589C09FDA77DDDFC87D0F044075FD0DD7248D964AD808650
                                                  Function 00732B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00733837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00733908
                                                    • Part of subcall function 0073D730: GetInputState.USER32 ref: 0073D807
                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00732B6B
                                                    • Part of subcall function 007330F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0073314E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                  • String ID:
                                                  • API String ID: 3667716007-0
                                                  • Opcode ID: 9fb763675d791211ef8d988965334fdfc82aa8a15d8e302107253d41a4e133bb
                                                  • Instruction ID: 41ff34e1acbea2b0fb556ae5a74433cf98195b553c5bf99b1f433f6ea271ef57
                                                  • Opcode Fuzzy Hash: 9fb763675d791211ef8d988965334fdfc82aa8a15d8e302107253d41a4e133bb
                                                  • Instruction Fuzzy Hash: D6E07D3130424483EE18BB70A85E4BDF34ADBD1321F00043EF242831B3CF2C89494352
                                                  Function 0077039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNEL32(00000000,00000000,?,00770704,?,?,00000000,?,00770704,00000000,0000000C), ref: 007703B7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: 8ab349acb4eaa22abacf30c18555a73af411058d498182dcdbd5920a8c5a3028
                                                  • Instruction ID: affa336956a1a0bba339cb67d76f8744f1e12e0b4b344da6aaaca58c0f11bd5f
                                                  • Opcode Fuzzy Hash: 8ab349acb4eaa22abacf30c18555a73af411058d498182dcdbd5920a8c5a3028
                                                  • Instruction Fuzzy Hash: E6D06C3204010DBBDF028F85DD06EDA3BAAFB48714F018000FE1856020C736E821AB94
                                                  Function 00731CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00731CBC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: InfoParametersSystem
                                                  • String ID:
                                                  • API String ID: 3098949447-0
                                                  • Opcode ID: e8108a895b8bc0f26189de77117f29123473f3d33af696fd847780a2867caf89
                                                  • Instruction ID: 5b4c3dd7a7b5e350e99bb18b25b0c1c6983a0ef34cf8018f2def08ab19c73e9f
                                                  • Opcode Fuzzy Hash: e8108a895b8bc0f26189de77117f29123473f3d33af696fd847780a2867caf89
                                                  • Instruction Fuzzy Hash: 43C09236280304AFF7958B80BC4EF107768B348B10F148001F60DA96E3C3E66821EA58

                                                  Non-executed Functions

                                                  Function 007C9576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00749BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00749BB2
                                                  • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 007C961A
                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 007C965B
                                                  • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 007C969F
                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 007C96C9
                                                  • SendMessageW.USER32 ref: 007C96F2
                                                  • GetKeyState.USER32(00000011), ref: 007C978B
                                                  • GetKeyState.USER32(00000009), ref: 007C9798
                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 007C97AE
                                                  • GetKeyState.USER32(00000010), ref: 007C97B8
                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 007C97E9
                                                  • SendMessageW.USER32 ref: 007C9810
                                                  • SendMessageW.USER32(?,00001030,?,007C7E95), ref: 007C9918
                                                  • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 007C992E
                                                  • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 007C9941
                                                  • SetCapture.USER32(?), ref: 007C994A
                                                  • ClientToScreen.USER32(?,?), ref: 007C99AF
                                                  • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 007C99BC
                                                  • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 007C99D6
                                                  • ReleaseCapture.USER32 ref: 007C99E1
                                                  • GetCursorPos.USER32(?), ref: 007C9A19
                                                  • ScreenToClient.USER32(?,?), ref: 007C9A26
                                                  • SendMessageW.USER32(?,00001012,00000000,?), ref: 007C9A80
                                                  • SendMessageW.USER32 ref: 007C9AAE
                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 007C9AEB
                                                  • SendMessageW.USER32 ref: 007C9B1A
                                                  • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 007C9B3B
                                                  • SendMessageW.USER32(?,0000110B,00000009,?), ref: 007C9B4A
                                                  • GetCursorPos.USER32(?), ref: 007C9B68
                                                  • ScreenToClient.USER32(?,?), ref: 007C9B75
                                                  • GetParent.USER32(?), ref: 007C9B93
                                                  • SendMessageW.USER32(?,00001012,00000000,?), ref: 007C9BFA
                                                  • SendMessageW.USER32 ref: 007C9C2B
                                                  • ClientToScreen.USER32(?,?), ref: 007C9C84
                                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 007C9CB4
                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 007C9CDE
                                                  • SendMessageW.USER32 ref: 007C9D01
                                                  • ClientToScreen.USER32(?,?), ref: 007C9D4E
                                                  • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 007C9D82
                                                    • Part of subcall function 00749944: GetWindowLongW.USER32(?,000000EB), ref: 00749952
                                                  • GetWindowLongW.USER32(?,000000F0), ref: 007C9E05
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                  • String ID: @GUI_DRAGID$F
                                                  • API String ID: 3429851547-4164748364
                                                  • Opcode ID: 04f880333b4c2d794ef0d6af450fb853531f1acdfdbff87ae9863874e0c07510
                                                  • Instruction ID: 62f9d7731270862d412d24ec8fe351d337bbe88ef067e828e5b71cc898120687
                                                  • Opcode Fuzzy Hash: 04f880333b4c2d794ef0d6af450fb853531f1acdfdbff87ae9863874e0c07510
                                                  • Instruction Fuzzy Hash: AB427735204201EFDB65CF24CC88FAABBE5FF48320F10465DF699A72A1D739A960CB51
                                                  Function 007C4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 007C48F3
                                                  • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 007C4908
                                                  • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 007C4927
                                                  • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 007C494B
                                                  • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 007C495C
                                                  • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 007C497B
                                                  • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 007C49AE
                                                  • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 007C49D4
                                                  • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 007C4A0F
                                                  • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 007C4A56
                                                  • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 007C4A7E
                                                  • IsMenu.USER32(?), ref: 007C4A97
                                                  • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 007C4AF2
                                                  • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 007C4B20
                                                  • GetWindowLongW.USER32(?,000000F0), ref: 007C4B94
                                                  • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 007C4BE3
                                                  • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 007C4C82
                                                  • wsprintfW.USER32 ref: 007C4CAE
                                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 007C4CC9
                                                  • GetWindowTextW.USER32(?,00000000,00000001), ref: 007C4CF1
                                                  • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 007C4D13
                                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 007C4D33
                                                  • GetWindowTextW.USER32(?,00000000,00000001), ref: 007C4D5A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                  • String ID: %d/%02d/%02d
                                                  • API String ID: 4054740463-328681919
                                                  • Opcode ID: c71b6302fbc66b7f88d492557120251cf66a8450945c48e26d7622804785528e
                                                  • Instruction ID: 059dc4c423ca874bc2bc5ef6f4131df0773175f3a213782c4b052d1c36651735
                                                  • Opcode Fuzzy Hash: c71b6302fbc66b7f88d492557120251cf66a8450945c48e26d7622804785528e
                                                  • Instruction Fuzzy Hash: 5E12EE71A00214ABEB258F28CC59FAE7BF8FF45310F14816DF51AEA2E1DB789941CB50
                                                  Function 0074F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0074F998
                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0078F474
                                                  • IsIconic.USER32(00000000), ref: 0078F47D
                                                  • ShowWindow.USER32(00000000,00000009), ref: 0078F48A
                                                  • SetForegroundWindow.USER32(00000000), ref: 0078F494
                                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0078F4AA
                                                  • GetCurrentThreadId.KERNEL32 ref: 0078F4B1
                                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0078F4BD
                                                  • AttachThreadInput.USER32(?,00000000,00000001), ref: 0078F4CE
                                                  • AttachThreadInput.USER32(?,00000000,00000001), ref: 0078F4D6
                                                  • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0078F4DE
                                                  • SetForegroundWindow.USER32(00000000), ref: 0078F4E1
                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 0078F4F6
                                                  • keybd_event.USER32(00000012,00000000), ref: 0078F501
                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 0078F50B
                                                  • keybd_event.USER32(00000012,00000000), ref: 0078F510
                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 0078F519
                                                  • keybd_event.USER32(00000012,00000000), ref: 0078F51E
                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 0078F528
                                                  • keybd_event.USER32(00000012,00000000), ref: 0078F52D
                                                  • SetForegroundWindow.USER32(00000000), ref: 0078F530
                                                  • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0078F557
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                  • String ID: Shell_TrayWnd
                                                  • API String ID: 4125248594-2988720461
                                                  • Opcode ID: 761ade202f0e13d111b648ecced153c47aaa885d47a1766132341d06f6498b84
                                                  • Instruction ID: 786708a23e3b58aa05f5b003112b2e70d03ad73bdf514e9d4bbc83c1832ac229
                                                  • Opcode Fuzzy Hash: 761ade202f0e13d111b648ecced153c47aaa885d47a1766132341d06f6498b84
                                                  • Instruction Fuzzy Hash: 3A316371A80218BBEB216BB55C4AFBF7F6CEB44B50F20406AF605F61D1C7B85D10AB64
                                                  Function 00791201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 007916C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0079170D
                                                    • Part of subcall function 007916C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0079173A
                                                    • Part of subcall function 007916C3: GetLastError.KERNEL32 ref: 0079174A
                                                  • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00791286
                                                  • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 007912A8
                                                  • CloseHandle.KERNEL32(?), ref: 007912B9
                                                  • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 007912D1
                                                  • GetProcessWindowStation.USER32 ref: 007912EA
                                                  • SetProcessWindowStation.USER32(00000000), ref: 007912F4
                                                  • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00791310
                                                    • Part of subcall function 007910BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,007911FC), ref: 007910D4
                                                    • Part of subcall function 007910BF: CloseHandle.KERNEL32(?,?,007911FC), ref: 007910E9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                  • String ID: $default$winsta0
                                                  • API String ID: 22674027-1027155976
                                                  • Opcode ID: be015957f1ea5197bf44e3b9838086ffe19059774d1a82099916523439e5d933
                                                  • Instruction ID: 43216789cdddde06e2b0622c1bdd9679cbaca81fbcf98d63a4badfedcad59428
                                                  • Opcode Fuzzy Hash: be015957f1ea5197bf44e3b9838086ffe19059774d1a82099916523439e5d933
                                                  • Instruction Fuzzy Hash: 4B81B37190024AAFEF119FA4EC49FEE7BB9EF08704F148129F914B61A0C7798964CB64
                                                  Function 00790B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 007910F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00791114
                                                    • Part of subcall function 007910F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00790B9B,?,?,?), ref: 00791120
                                                    • Part of subcall function 007910F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00790B9B,?,?,?), ref: 0079112F
                                                    • Part of subcall function 007910F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00790B9B,?,?,?), ref: 00791136
                                                    • Part of subcall function 007910F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0079114D
                                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00790BCC
                                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00790C00
                                                  • GetLengthSid.ADVAPI32(?), ref: 00790C17
                                                  • GetAce.ADVAPI32(?,00000000,?), ref: 00790C51
                                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00790C6D
                                                  • GetLengthSid.ADVAPI32(?), ref: 00790C84
                                                  • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00790C8C
                                                  • HeapAlloc.KERNEL32(00000000), ref: 00790C93
                                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00790CB4
                                                  • CopySid.ADVAPI32(00000000), ref: 00790CBB
                                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00790CEA
                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00790D0C
                                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00790D1E
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00790D45
                                                  • HeapFree.KERNEL32(00000000), ref: 00790D4C
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00790D55
                                                  • HeapFree.KERNEL32(00000000), ref: 00790D5C
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00790D65
                                                  • HeapFree.KERNEL32(00000000), ref: 00790D6C
                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 00790D78
                                                  • HeapFree.KERNEL32(00000000), ref: 00790D7F
                                                    • Part of subcall function 00791193: GetProcessHeap.KERNEL32(00000008,00790BB1,?,00000000,?,00790BB1,?), ref: 007911A1
                                                    • Part of subcall function 00791193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00790BB1,?), ref: 007911A8
                                                    • Part of subcall function 00791193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00790BB1,?), ref: 007911B7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                  • String ID:
                                                  • API String ID: 4175595110-0
                                                  • Opcode ID: 2c66a9a76d6dd171f5c77a6fda246e45c51fa454746707e681b01d63a62dfe44
                                                  • Instruction ID: 654a75185efb95e36574d5c22926b4e8824d156ed43335407e645e89874d5e19
                                                  • Opcode Fuzzy Hash: 2c66a9a76d6dd171f5c77a6fda246e45c51fa454746707e681b01d63a62dfe44
                                                  • Instruction Fuzzy Hash: AE716E72A0020AEFDF11DFA5EC45FEEBBBCBF04304F048519E918A6191D779A945CBA0
                                                  Function 007AEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • OpenClipboard.USER32(007CCC08), ref: 007AEB29
                                                  • IsClipboardFormatAvailable.USER32(0000000D), ref: 007AEB37
                                                  • GetClipboardData.USER32(0000000D), ref: 007AEB43
                                                  • CloseClipboard.USER32 ref: 007AEB4F
                                                  • GlobalLock.KERNEL32(00000000), ref: 007AEB87
                                                  • CloseClipboard.USER32 ref: 007AEB91
                                                  • GlobalUnlock.KERNEL32(00000000,00000000), ref: 007AEBBC
                                                  • IsClipboardFormatAvailable.USER32(00000001), ref: 007AEBC9
                                                  • GetClipboardData.USER32(00000001), ref: 007AEBD1
                                                  • GlobalLock.KERNEL32(00000000), ref: 007AEBE2
                                                  • GlobalUnlock.KERNEL32(00000000,?), ref: 007AEC22
                                                  • IsClipboardFormatAvailable.USER32(0000000F), ref: 007AEC38
                                                  • GetClipboardData.USER32(0000000F), ref: 007AEC44
                                                  • GlobalLock.KERNEL32(00000000), ref: 007AEC55
                                                  • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 007AEC77
                                                  • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 007AEC94
                                                  • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 007AECD2
                                                  • GlobalUnlock.KERNEL32(00000000,?,?), ref: 007AECF3
                                                  • CountClipboardFormats.USER32 ref: 007AED14
                                                  • CloseClipboard.USER32 ref: 007AED59
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                  • String ID:
                                                  • API String ID: 420908878-0
                                                  • Opcode ID: 3c56e4bd5255a1a76b9e5c3769d18d0c166980bed5694cbedd13716c5c281a8a
                                                  • Instruction ID: 3e1c9921b0c9808ecdc339a26e300d3a08912b05d5ab880ba138d4eb5470631a
                                                  • Opcode Fuzzy Hash: 3c56e4bd5255a1a76b9e5c3769d18d0c166980bed5694cbedd13716c5c281a8a
                                                  • Instruction Fuzzy Hash: 6461E174204301AFD311EF24D889F6AB7A4BF85714F08861DF45A972A2CB39ED06CB62
                                                  Function 007A698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindFirstFileW.KERNEL32(?,?), ref: 007A69BE
                                                  • FindClose.KERNEL32(00000000), ref: 007A6A12
                                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 007A6A4E
                                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 007A6A75
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 007A6AB2
                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 007A6ADF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                  • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                  • API String ID: 3830820486-3289030164
                                                  • Opcode ID: 72ccda28d7f25303700b7471e3fb4968c9b9566350c1b45a7eeb95ea0790b417
                                                  • Instruction ID: 359f0bd42d9ef64c30dfee53a3f1c79eb3af592990fe2c5564c3dc083345da47
                                                  • Opcode Fuzzy Hash: 72ccda28d7f25303700b7471e3fb4968c9b9566350c1b45a7eeb95ea0790b417
                                                  • Instruction Fuzzy Hash: 3AD161B2508340EFD714EBA4C885EABB7ECAF89704F04491DF585D6192EB78DA04CB62
                                                  Function 007A9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 007A9663
                                                  • GetFileAttributesW.KERNEL32(?), ref: 007A96A1
                                                  • SetFileAttributesW.KERNEL32(?,?), ref: 007A96BB
                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 007A96D3
                                                  • FindClose.KERNEL32(00000000), ref: 007A96DE
                                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 007A96FA
                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 007A974A
                                                  • SetCurrentDirectoryW.KERNEL32(007F6B7C), ref: 007A9768
                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 007A9772
                                                  • FindClose.KERNEL32(00000000), ref: 007A977F
                                                  • FindClose.KERNEL32(00000000), ref: 007A978F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                  • String ID: *.*
                                                  • API String ID: 1409584000-438819550
                                                  • Opcode ID: ea2eb405c4a8c7fa8765ad4b49eea02d98f7ed46d810ce37c88d445441b10e67
                                                  • Instruction ID: b84c1a72c9a5fc0a811fa1ce3f3441a4051cbb1e260f439565bacc3c1b528752
                                                  • Opcode Fuzzy Hash: ea2eb405c4a8c7fa8765ad4b49eea02d98f7ed46d810ce37c88d445441b10e67
                                                  • Instruction Fuzzy Hash: BD31D5725002196ADF15EFB4DC08EEE77ACAF8A321F108259FA05E2190DB7CDD548F24
                                                  Function 007A979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 007A97BE
                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 007A9819
                                                  • FindClose.KERNEL32(00000000), ref: 007A9824
                                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 007A9840
                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 007A9890
                                                  • SetCurrentDirectoryW.KERNEL32(007F6B7C), ref: 007A98AE
                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 007A98B8
                                                  • FindClose.KERNEL32(00000000), ref: 007A98C5
                                                  • FindClose.KERNEL32(00000000), ref: 007A98D5
                                                    • Part of subcall function 0079DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0079DB00
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                  • String ID: *.*
                                                  • API String ID: 2640511053-438819550
                                                  • Opcode ID: e3dd6deb02b96bf6a9c88534d21479ca985975362e79ecf82ee70fbde59f1d19
                                                  • Instruction ID: f2192105d6e30fc5e30813e4d3e8a56f7e42b55abfb3b0b0cbe3f19de8437489
                                                  • Opcode Fuzzy Hash: e3dd6deb02b96bf6a9c88534d21479ca985975362e79ecf82ee70fbde59f1d19
                                                  • Instruction Fuzzy Hash: BA31C37150021DAADF21EFB4EC48EEE77ACAF87320F108259EA14A2190DB7CDD558B24
                                                  Function 007BBE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 007BC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007BB6AE,?,?), ref: 007BC9B5
                                                    • Part of subcall function 007BC998: _wcslen.LIBCMT ref: 007BC9F1
                                                    • Part of subcall function 007BC998: _wcslen.LIBCMT ref: 007BCA68
                                                    • Part of subcall function 007BC998: _wcslen.LIBCMT ref: 007BCA9E
                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007BBF3E
                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 007BBFA9
                                                  • RegCloseKey.ADVAPI32(00000000), ref: 007BBFCD
                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 007BC02C
                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 007BC0E7
                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 007BC154
                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 007BC1E9
                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 007BC23A
                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 007BC2E3
                                                  • RegCloseKey.ADVAPI32(?,?,00000000), ref: 007BC382
                                                  • RegCloseKey.ADVAPI32(00000000), ref: 007BC38F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                  • String ID:
                                                  • API String ID: 3102970594-0
                                                  • Opcode ID: 250fbb6948860a6c4352d1d568fbde90514a7988ed27ec8faa674ea6f21673e0
                                                  • Instruction ID: 80238273ad6f351ec1057560ad6174376edb1a79032f0cfb7ae3b05b6f92420a
                                                  • Opcode Fuzzy Hash: 250fbb6948860a6c4352d1d568fbde90514a7988ed27ec8faa674ea6f21673e0
                                                  • Instruction Fuzzy Hash: 8B025971604200EFD715DF28C895E6ABBE5AF89308F18C49DF84A9B2A2D735EC41CB52
                                                  Function 007A8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLocalTime.KERNEL32(?), ref: 007A8257
                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 007A8267
                                                  • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 007A8273
                                                  • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 007A8310
                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 007A8324
                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 007A8356
                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 007A838C
                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 007A8395
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CurrentDirectoryTime$File$Local$System
                                                  • String ID: *.*
                                                  • API String ID: 1464919966-438819550
                                                  • Opcode ID: b390bb72a7d1cbc28f92d45ff373c231f32fe62d6cb89ba9c76f80e733ba408d
                                                  • Instruction ID: 6e4de4cf59cef0ebf3771a2d343037797600f0a4d06193976e94f6e325c58106
                                                  • Opcode Fuzzy Hash: b390bb72a7d1cbc28f92d45ff373c231f32fe62d6cb89ba9c76f80e733ba408d
                                                  • Instruction Fuzzy Hash: BC617CB2504305DFDB10EF64C8449AEB3E8FF89310F04891EF98997251EB39E945CB92
                                                  Function 0079D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00733AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00733A97,?,?,00732E7F,?,?,?,00000000), ref: 00733AC2
                                                    • Part of subcall function 0079E199: GetFileAttributesW.KERNEL32(?,0079CF95), ref: 0079E19A
                                                  • FindFirstFileW.KERNEL32(?,?), ref: 0079D122
                                                  • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0079D1DD
                                                  • MoveFileW.KERNEL32(?,?), ref: 0079D1F0
                                                  • DeleteFileW.KERNEL32(?,?,?,?), ref: 0079D20D
                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 0079D237
                                                    • Part of subcall function 0079D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0079D21C,?,?), ref: 0079D2B2
                                                  • FindClose.KERNEL32(00000000,?,?,?), ref: 0079D253
                                                  • FindClose.KERNEL32(00000000), ref: 0079D264
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                  • String ID: \*.*
                                                  • API String ID: 1946585618-1173974218
                                                  • Opcode ID: 4b3fed97d6df0cb273d83c56c07c998f715868a9e962ed094f917f2de6dd76fe
                                                  • Instruction ID: 4a10b872ccdb12cefea9fb0e7e7018e1e724cef2051a40f23d28d9b64df34bf2
                                                  • Opcode Fuzzy Hash: 4b3fed97d6df0cb273d83c56c07c998f715868a9e962ed094f917f2de6dd76fe
                                                  • Instruction Fuzzy Hash: 90616D3180510DEBDF15EBE0EA969EDB775BF55300F208169E44677192EB38AF09CB60
                                                  Function 007AED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                  • String ID:
                                                  • API String ID: 1737998785-0
                                                  • Opcode ID: 4aa9f86720285e555275bd5d417c9a91fb422cf581b66f44be9d1c8d089c0462
                                                  • Instruction ID: 80297efca3e230712015cb4257b23f532f9226c6ecd46b7fb264a47284c5bca9
                                                  • Opcode Fuzzy Hash: 4aa9f86720285e555275bd5d417c9a91fb422cf581b66f44be9d1c8d089c0462
                                                  • Instruction Fuzzy Hash: BC419A35208611AFE721CF15D888F19BBE1FF85329F14C19DE4199B662C739EC42CB90
                                                  Function 0079E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 007916C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0079170D
                                                    • Part of subcall function 007916C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0079173A
                                                    • Part of subcall function 007916C3: GetLastError.KERNEL32 ref: 0079174A
                                                  • ExitWindowsEx.USER32(?,00000000), ref: 0079E932
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                  • String ID: $ $@$SeShutdownPrivilege
                                                  • API String ID: 2234035333-3163812486
                                                  • Opcode ID: 2efb917be8acbb762c985787679664301f95926612d0aaea6aa4d9d0a69f70fd
                                                  • Instruction ID: 32b85bd0165e82350ab1026a0bcf5f1910970a655757008c47d2b9a30b975690
                                                  • Opcode Fuzzy Hash: 2efb917be8acbb762c985787679664301f95926612d0aaea6aa4d9d0a69f70fd
                                                  • Instruction Fuzzy Hash: 9C01F972A10611EFEF54A6B4BC8AFBF736CA714760F154425FD03E21D1D9AD7C408295
                                                  Function 007B1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 007B1276
                                                  • WSAGetLastError.WSOCK32 ref: 007B1283
                                                  • bind.WSOCK32(00000000,?,00000010), ref: 007B12BA
                                                  • WSAGetLastError.WSOCK32 ref: 007B12C5
                                                  • closesocket.WSOCK32(00000000), ref: 007B12F4
                                                  • listen.WSOCK32(00000000,00000005), ref: 007B1303
                                                  • WSAGetLastError.WSOCK32 ref: 007B130D
                                                  • closesocket.WSOCK32(00000000), ref: 007B133C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$closesocket$bindlistensocket
                                                  • String ID:
                                                  • API String ID: 540024437-0
                                                  • Opcode ID: b59245e4dddb042cbee332b1b23e8caaacb56daaf8380f3b1a8543e2ee76a713
                                                  • Instruction ID: 8ed0fd97e214db8f74c5e5541311be9422b1c79b3874533407fa74484aca5289
                                                  • Opcode Fuzzy Hash: b59245e4dddb042cbee332b1b23e8caaacb56daaf8380f3b1a8543e2ee76a713
                                                  • Instruction Fuzzy Hash: 2D417071A001009FD710DF64C498BAABBE5BF46318F98819CE8569F292C779ED81CBE1
                                                  Function 0076B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 0076B9D4
                                                  • _free.LIBCMT ref: 0076B9F8
                                                  • _free.LIBCMT ref: 0076BB7F
                                                  • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,007D3700), ref: 0076BB91
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,0080121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0076BC09
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00801270,000000FF,?,0000003F,00000000,?), ref: 0076BC36
                                                  • _free.LIBCMT ref: 0076BD4B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                  • String ID:
                                                  • API String ID: 314583886-0
                                                  • Opcode ID: 0978826f04c9c20bd582a2024877d2f049f09bb9f7e4438aa4618d9e00304378
                                                  • Instruction ID: 6fcb259c8d856888846098168bdf000eb1f411bd2055c1defd186165bde474d4
                                                  • Opcode Fuzzy Hash: 0978826f04c9c20bd582a2024877d2f049f09bb9f7e4438aa4618d9e00304378
                                                  • Instruction Fuzzy Hash: 97C12971A04205DFCB21DF798C45AAA7BB9EF43350F18419AEC96D7252E7389E81CB50
                                                  Function 0079D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00733AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00733A97,?,?,00732E7F,?,?,?,00000000), ref: 00733AC2
                                                    • Part of subcall function 0079E199: GetFileAttributesW.KERNEL32(?,0079CF95), ref: 0079E19A
                                                  • FindFirstFileW.KERNEL32(?,?), ref: 0079D420
                                                  • DeleteFileW.KERNEL32(?,?,?,?), ref: 0079D470
                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 0079D481
                                                  • FindClose.KERNEL32(00000000), ref: 0079D498
                                                  • FindClose.KERNEL32(00000000), ref: 0079D4A1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                  • String ID: \*.*
                                                  • API String ID: 2649000838-1173974218
                                                  • Opcode ID: b063c9dcbbdd5a73d6fc20c1273b93d1f9920c7cae163c08386f84b661db2691
                                                  • Instruction ID: abf1c9daf457a245727afd45a8aaa41092c5216cc9845d31b855ade83ca2035b
                                                  • Opcode Fuzzy Hash: b063c9dcbbdd5a73d6fc20c1273b93d1f9920c7cae163c08386f84b661db2691
                                                  • Instruction Fuzzy Hash: 133184710083859BD711EF64D8558AFB7A8BE91310F44891DF4D5531A2EB38AE09C763
                                                  Function 0076E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: __floor_pentium4
                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                  • API String ID: 4168288129-2761157908
                                                  • Opcode ID: c0df6ed13ca1b2cd566ebb11ef5250dc3ff691a0448a53a1e50b00df3a14d48d
                                                  • Instruction ID: 58ecef227784a18ef40bbdcde35aeb0f4a380fe055ee0269f94674694a2f38e1
                                                  • Opcode Fuzzy Hash: c0df6ed13ca1b2cd566ebb11ef5250dc3ff691a0448a53a1e50b00df3a14d48d
                                                  • Instruction Fuzzy Hash: 07C26B72E086298FDB25CF28DD407EAB7B5EB44305F1441EAD84EE7241E778AE858F50
                                                  Function 007A648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _wcslen.LIBCMT ref: 007A64DC
                                                  • CoInitialize.OLE32(00000000), ref: 007A6639
                                                  • CoCreateInstance.OLE32(007CFCF8,00000000,00000001,007CFB68,?), ref: 007A6650
                                                  • CoUninitialize.OLE32 ref: 007A68D4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                  • String ID: .lnk
                                                  • API String ID: 886957087-24824748
                                                  • Opcode ID: a86298dcb2b620bf30cfe55e9e9f92ec054d2a5cd0a86b237f2eaaf6ce01638b
                                                  • Instruction ID: 5e9f502dc06d0e87fc0dfa588f90c436dd1ea97bcbc229b7b09c98664884a640
                                                  • Opcode Fuzzy Hash: a86298dcb2b620bf30cfe55e9e9f92ec054d2a5cd0a86b237f2eaaf6ce01638b
                                                  • Instruction Fuzzy Hash: 33D15871508201AFD314EF24C885E6BB7E8FF99704F04496DF5958B2A2EB74ED05CBA2
                                                  Function 007B22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetForegroundWindow.USER32(?,?,00000000), ref: 007B22E8
                                                    • Part of subcall function 007AE4EC: GetWindowRect.USER32(?,?), ref: 007AE504
                                                  • GetDesktopWindow.USER32 ref: 007B2312
                                                  • GetWindowRect.USER32(00000000), ref: 007B2319
                                                  • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 007B2355
                                                  • GetCursorPos.USER32(?), ref: 007B2381
                                                  • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 007B23DF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                  • String ID:
                                                  • API String ID: 2387181109-0
                                                  • Opcode ID: 00c8a779105133d5244cb22546049551b98cab25cbe95717364a3164cc751f74
                                                  • Instruction ID: 35ac2b6ac3df4c421de173d20d381c256c78518593e5ac7c32bdf667f8fb602c
                                                  • Opcode Fuzzy Hash: 00c8a779105133d5244cb22546049551b98cab25cbe95717364a3164cc751f74
                                                  • Instruction Fuzzy Hash: AF31CF72505315ABCB21DF54D849F9BB7E9FF88310F000A1DF98997192DB38E909CB96
                                                  Function 007A9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                  • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 007A9B78
                                                  • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 007A9C8B
                                                    • Part of subcall function 007A3874: GetInputState.USER32 ref: 007A38CB
                                                    • Part of subcall function 007A3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007A3966
                                                  • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 007A9BA8
                                                  • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 007A9C75
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                  • String ID: *.*
                                                  • API String ID: 1972594611-438819550
                                                  • Opcode ID: 7e41c9f1a1337a9b9510a948462d66a9c4b7674bf01264e0ff71e88e677c8043
                                                  • Instruction ID: b170f360b8aa108c59899f11820a6213938c2e29537b3f6f38ad9ba2590762e9
                                                  • Opcode Fuzzy Hash: 7e41c9f1a1337a9b9510a948462d66a9c4b7674bf01264e0ff71e88e677c8043
                                                  • Instruction Fuzzy Hash: 0D41A2B1900609DFDF15DFB4C849AEEBBB4FF46310F208159E905A2191DB389E54CF61
                                                  Function 0074997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00749BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00749BB2
                                                  • DefDlgProcW.USER32(?,?,?,?,?), ref: 00749A4E
                                                  • GetSysColor.USER32(0000000F), ref: 00749B23
                                                  • SetBkColor.GDI32(?,00000000), ref: 00749B36
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Color$LongProcWindow
                                                  • String ID:
                                                  • API String ID: 3131106179-0
                                                  • Opcode ID: 81536cb861c7ccfbfafc8239b075e47d2ff6eb2f45fd3997b00c051d644f2ce5
                                                  • Instruction ID: 275562d732f169dd1e75660d59d8555b793e9b10194fcc463f7f15daa2db05fd
                                                  • Opcode Fuzzy Hash: 81536cb861c7ccfbfafc8239b075e47d2ff6eb2f45fd3997b00c051d644f2ce5
                                                  • Instruction Fuzzy Hash: 94A1F870348454FEE769AA2C8C8DE7B2A9DEB82350B25821DF713C6691CB2DDD01D376
                                                  Function 007B1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 007B304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 007B307A
                                                    • Part of subcall function 007B304E: _wcslen.LIBCMT ref: 007B309B
                                                  • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 007B185D
                                                  • WSAGetLastError.WSOCK32 ref: 007B1884
                                                  • bind.WSOCK32(00000000,?,00000010), ref: 007B18DB
                                                  • WSAGetLastError.WSOCK32 ref: 007B18E6
                                                  • closesocket.WSOCK32(00000000), ref: 007B1915
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                  • String ID:
                                                  • API String ID: 1601658205-0
                                                  • Opcode ID: 18f07fab0781fdc28fd1dbff5ed38f8f45b6a32043f8e7c0fe7b4ac82dd6a78f
                                                  • Instruction ID: f889933baa15f39226564e894ad9aabc06012f75e5e836a146de5d0d50cf6707
                                                  • Opcode Fuzzy Hash: 18f07fab0781fdc28fd1dbff5ed38f8f45b6a32043f8e7c0fe7b4ac82dd6a78f
                                                  • Instruction Fuzzy Hash: 4651A475A00200AFEB10AF24C89AF6A77E5AB45718F48845CFA055F3D3C779AD41CBA1
                                                  Function 007C1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                  • String ID:
                                                  • API String ID: 292994002-0
                                                  • Opcode ID: bf91e377dbdd791ba1998281af0ce13de3dd0ff9f0e3064e50736ef40a60595b
                                                  • Instruction ID: 536bc1275319e4a380e97bbde5adfbeccd12a89af01b401fbcdfcb3723004a3d
                                                  • Opcode Fuzzy Hash: bf91e377dbdd791ba1998281af0ce13de3dd0ff9f0e3064e50736ef40a60595b
                                                  • Instruction Fuzzy Hash: 4021B4317402119FE7218F1AC844F2A7BA5EF86315F59C06CE84A8B352C779DC42CBA4
                                                  Function 00738060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                  • API String ID: 0-1546025612
                                                  • Opcode ID: 044fcbb422186bc9b05237e85d3807350f316fa15985d405af61ed1aa2800ccb
                                                  • Instruction ID: cf1b0e667b68ff0353c08ff2ee203fe6dc86c99f09d2a91e0eb70923f55365d1
                                                  • Opcode Fuzzy Hash: 044fcbb422186bc9b05237e85d3807350f316fa15985d405af61ed1aa2800ccb
                                                  • Instruction Fuzzy Hash: C9A28371E0061ACBEF64CF58C8417ADB7B1BF54350F2481AAE819A7346EB789D81CF91
                                                  Function 007BA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateToolhelp32Snapshot.KERNEL32 ref: 007BA6AC
                                                  • Process32FirstW.KERNEL32(00000000,?), ref: 007BA6BA
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                  • Process32NextW.KERNEL32(00000000,?), ref: 007BA79C
                                                  • CloseHandle.KERNEL32(00000000), ref: 007BA7AB
                                                    • Part of subcall function 0074CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00773303,?), ref: 0074CE8A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                  • String ID:
                                                  • API String ID: 1991900642-0
                                                  • Opcode ID: 5fc45f04c54a4b7b74011633af502391d04b531d7baf9ad8e2b6bf615ce559bc
                                                  • Instruction ID: 3ea83f0bf3868ae2cea2a887f361e82b0e1fb32eb77bbc47497ef9f4c0d611b5
                                                  • Opcode Fuzzy Hash: 5fc45f04c54a4b7b74011633af502391d04b531d7baf9ad8e2b6bf615ce559bc
                                                  • Instruction Fuzzy Hash: B5512DB1508300EFD710EF25C88AA6BBBE8FF89754F40891DF58997252EB74D904CB92
                                                  Function 0079AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0079AAAC
                                                  • SetKeyboardState.USER32(00000080), ref: 0079AAC8
                                                  • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0079AB36
                                                  • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0079AB88
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: KeyboardState$InputMessagePostSend
                                                  • String ID:
                                                  • API String ID: 432972143-0
                                                  • Opcode ID: 1ac0a82fcded7aefa8c481e868bab1f6dae733026b6f717cd8886f997da06909
                                                  • Instruction ID: dd53a534686efd2a606e028f36aa072ddf3ed0e664a5815a7041ec9a628b142e
                                                  • Opcode Fuzzy Hash: 1ac0a82fcded7aefa8c481e868bab1f6dae733026b6f717cd8886f997da06909
                                                  • Instruction Fuzzy Hash: 41312AB0E42248BFFF35CB68AC05BFA77A6AB44310F04421AF185521D0D77C8981C7E6
                                                  Function 007ACE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InternetReadFile.WININET(?,?,00000400,?), ref: 007ACE89
                                                  • GetLastError.KERNEL32(?,00000000), ref: 007ACEEA
                                                  • SetEvent.KERNEL32(?,?,00000000), ref: 007ACEFE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ErrorEventFileInternetLastRead
                                                  • String ID:
                                                  • API String ID: 234945975-0
                                                  • Opcode ID: 38769ff4c992de3dbdcdf9f16525a753862b125147e04379638dc6c9fe58a5f5
                                                  • Instruction ID: fe76bb0bab2548528b0b93cd1178e0aba9a5c286e89e6b7ad3212656e9e540ad
                                                  • Opcode Fuzzy Hash: 38769ff4c992de3dbdcdf9f16525a753862b125147e04379638dc6c9fe58a5f5
                                                  • Instruction Fuzzy Hash: 7921BDB2504305EFEB32CF65C948BA677F8EB81354F10852EE64692151E778EE08CB94
                                                  Function 0079DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • lstrlenW.KERNEL32(?,00775222), ref: 0079DBCE
                                                  • GetFileAttributesW.KERNEL32(?), ref: 0079DBDD
                                                  • FindFirstFileW.KERNEL32(?,?), ref: 0079DBEE
                                                  • FindClose.KERNEL32(00000000), ref: 0079DBFA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: FileFind$AttributesCloseFirstlstrlen
                                                  • String ID:
                                                  • API String ID: 2695905019-0
                                                  • Opcode ID: e0cc14473816d3bf6746afd9ade1dd35b143642aa94f074191f279b8d517bfe3
                                                  • Instruction ID: dff90624fb69559fcb5eaaf72a44f3338122bc2bfbab5730826b6289b58b4a85
                                                  • Opcode Fuzzy Hash: e0cc14473816d3bf6746afd9ade1dd35b143642aa94f074191f279b8d517bfe3
                                                  • Instruction Fuzzy Hash: 5BF0A0708109145B9A316B78EC0D8AA777CAE02334F14870AF83AC20E0EBB85D5586A9
                                                  Function 00798298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • lstrlenW.KERNEL32(?,?,?,00000000), ref: 007982AA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: lstrlen
                                                  • String ID: ($|
                                                  • API String ID: 1659193697-1631851259
                                                  • Opcode ID: 62239196728d567f990e21f6ab5e3b34e5a6e6011720c249488faf306aa7f41f
                                                  • Instruction ID: c7a28260c5c7912c7133e1fa08e061d1dcdaa57fdf5be45f6e12cc1c1624a3b1
                                                  • Opcode Fuzzy Hash: 62239196728d567f990e21f6ab5e3b34e5a6e6011720c249488faf306aa7f41f
                                                  • Instruction Fuzzy Hash: 87324474A00605DFCB68CF69D481A6AB7F0FF48710B15C56EE49ADB3A1EB74E981CB40
                                                  Function 007A5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindFirstFileW.KERNEL32(?,?), ref: 007A5CC1
                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 007A5D17
                                                  • FindClose.KERNEL32(?), ref: 007A5D5F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Find$File$CloseFirstNext
                                                  • String ID:
                                                  • API String ID: 3541575487-0
                                                  • Opcode ID: fff7b8f6ef188257c5557f34e623794a4ea2b1a015c1c97500d516f9d40ab437
                                                  • Instruction ID: 2eb76a03a2ebd2b40512675543f740ea7d1e30c5ae46dbce78706a81772d78bb
                                                  • Opcode Fuzzy Hash: fff7b8f6ef188257c5557f34e623794a4ea2b1a015c1c97500d516f9d40ab437
                                                  • Instruction Fuzzy Hash: FA517975604A01DFD714CF28C498E96B7E4FF4A324F14865DE95A8B3A2CB38E904CF91
                                                  Function 00762622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • IsDebuggerPresent.KERNEL32 ref: 0076271A
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00762724
                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 00762731
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                  • String ID:
                                                  • API String ID: 3906539128-0
                                                  • Opcode ID: 74005bae2f7eeba9094ed1560761487146ce43d3df274683d7edaf43a76fe9e8
                                                  • Instruction ID: f65ade927fd7557331f97171c4e9179a74ede0e4b6390a011bc7bedae1c85b72
                                                  • Opcode Fuzzy Hash: 74005bae2f7eeba9094ed1560761487146ce43d3df274683d7edaf43a76fe9e8
                                                  • Instruction Fuzzy Hash: BA31D57490121C9BCB21DF64DC88BDCBBB8AF08310F5081EAE80CA7261E7749F858F85
                                                  Function 007A51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetErrorMode.KERNEL32(00000001), ref: 007A51DA
                                                  • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 007A5238
                                                  • SetErrorMode.KERNEL32(00000000), ref: 007A52A1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ErrorMode$DiskFreeSpace
                                                  • String ID:
                                                  • API String ID: 1682464887-0
                                                  • Opcode ID: b72478e20934baa3f481ea1ae1cd5b7a4357624269b5b4bd850ff7c38a1d581a
                                                  • Instruction ID: 554ef959cbce532fc7a58d36249b5e3e588824543fb0bb3ee8d4f427c7a06518
                                                  • Opcode Fuzzy Hash: b72478e20934baa3f481ea1ae1cd5b7a4357624269b5b4bd850ff7c38a1d581a
                                                  • Instruction Fuzzy Hash: FE315E75A00518DFDB00DF55D888FADBBB5FF49314F088099E809AB3A2DB35E855CB91
                                                  Function 007916C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0074FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00750668
                                                    • Part of subcall function 0074FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00750685
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0079170D
                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0079173A
                                                  • GetLastError.KERNEL32 ref: 0079174A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                  • String ID:
                                                  • API String ID: 577356006-0
                                                  • Opcode ID: e89288d59f89050decac92a7b62ff643beaa73ad6a181001229afa5d78937846
                                                  • Instruction ID: 7a262a317c3eb6a48036baa7dfda8defae5283a01d8df0bb9e76bf11359a98f0
                                                  • Opcode Fuzzy Hash: e89288d59f89050decac92a7b62ff643beaa73ad6a181001229afa5d78937846
                                                  • Instruction Fuzzy Hash: C611C1B2900305AFE7189F54EC86D6AB7B9EF04714B24852EE05653241EB74BC418A24
                                                  Function 0079D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0079D608
                                                  • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0079D645
                                                  • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0079D650
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CloseControlCreateDeviceFileHandle
                                                  • String ID:
                                                  • API String ID: 33631002-0
                                                  • Opcode ID: 81bc9202210a2ef9a482f94f66d35abd828769139ce1af4c0468be86d7d3b771
                                                  • Instruction ID: 5048d36f92c68072cf4d47c11cf967b2fcb63d3dbc323cf4b0ec143f95b11f85
                                                  • Opcode Fuzzy Hash: 81bc9202210a2ef9a482f94f66d35abd828769139ce1af4c0468be86d7d3b771
                                                  • Instruction Fuzzy Hash: F8115E75E05228BFDB218F95EC45FAFBBBCEB45B50F108115F908E7290D6744E058BA1
                                                  Function 00791663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0079168C
                                                  • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 007916A1
                                                  • FreeSid.ADVAPI32(?), ref: 007916B1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: AllocateCheckFreeInitializeMembershipToken
                                                  • String ID:
                                                  • API String ID: 3429775523-0
                                                  • Opcode ID: f7b96848838aed2bbefa93f06ac6530720ab4fcce828c331589b91f2abbe7bf2
                                                  • Instruction ID: 340a06a36e0993314124204a179f15b56c1d53561ea045f34205559060ab621f
                                                  • Opcode Fuzzy Hash: f7b96848838aed2bbefa93f06ac6530720ab4fcce828c331589b91f2abbe7bf2
                                                  • Instruction Fuzzy Hash: 48F0F471950309FBDF00DFE49C89EAEBBBCFB08604F508565EA01E2181E778AA448A58
                                                  Function 0076C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: /
                                                  • API String ID: 0-2043925204
                                                  • Opcode ID: f3cd5982e7a032a7157b7169dcc7278e286ea9e61456e4b6294fe46ba170bde1
                                                  • Instruction ID: 89615de2d43a2db4809f110597d2e4aa482c8cd14cad0fa3fa4cbe007abeff41
                                                  • Opcode Fuzzy Hash: f3cd5982e7a032a7157b7169dcc7278e286ea9e61456e4b6294fe46ba170bde1
                                                  • Instruction Fuzzy Hash: 6C412872900219AFCB209FB9DC4DDBB7778EB84314F5042A9FD46D7280E6749D418B50
                                                  Function 0078D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetUserNameW.ADVAPI32(?,?), ref: 0078D28C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: NameUser
                                                  • String ID: X64
                                                  • API String ID: 2645101109-893830106
                                                  • Opcode ID: 87c90312c729992f574511ae1200f118c0b6d9ef3db008ad7848483c25185b98
                                                  • Instruction ID: 471af3bc9bfa0d34e19a84dd057ae201154e669617ee8ef9854ae5377f2b4039
                                                  • Opcode Fuzzy Hash: 87c90312c729992f574511ae1200f118c0b6d9ef3db008ad7848483c25185b98
                                                  • Instruction Fuzzy Hash: D7D0C9B480111DEBCBA0DB90EC88DD9B37CBB04315F104155F106A2040D77899488F10
                                                  Function 0075CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                  • Instruction ID: dff60b8b050b78ab1e1de07f278d74c77ce24279c3d19f45a98db2612ee271cd
                                                  • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                  • Instruction Fuzzy Hash: 14022B72E002199FDF15CFA9C8807EDBBF1EF48315F25816AD819EB380D775AA458B90
                                                  Function 007A68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindFirstFileW.KERNEL32(?,?), ref: 007A6918
                                                  • FindClose.KERNEL32(00000000), ref: 007A6961
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Find$CloseFileFirst
                                                  • String ID:
                                                  • API String ID: 2295610775-0
                                                  • Opcode ID: 047dd874e723cffa78d6a64eb0b34d0cc84d305122c1b0e33d352e6a3cffb40b
                                                  • Instruction ID: 8a27fbdaa8a04803699af0199feaf6c3f11592cf8615fddd7509e2dd227b02bb
                                                  • Opcode Fuzzy Hash: 047dd874e723cffa78d6a64eb0b34d0cc84d305122c1b0e33d352e6a3cffb40b
                                                  • Instruction Fuzzy Hash: 151190756042019FD714DF29D488A16BBE5FF89328F18C69DE4698F6A2CB38EC05CB91
                                                  Function 007A37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,007B4891,?,?,00000035,?), ref: 007A37E4
                                                  • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,007B4891,?,?,00000035,?), ref: 007A37F4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ErrorFormatLastMessage
                                                  • String ID:
                                                  • API String ID: 3479602957-0
                                                  • Opcode ID: 814560c1e5581ff963fe85b7dd1c41677c2de5c51bd2321231373f412109c0bd
                                                  • Instruction ID: 97682608d453ada24177fec0be3aa6a01f06418daecd79a15e13b07628d9989d
                                                  • Opcode Fuzzy Hash: 814560c1e5581ff963fe85b7dd1c41677c2de5c51bd2321231373f412109c0bd
                                                  • Instruction Fuzzy Hash: FFF0E5B1705328AAEB2057769C8DFEB3BAEEFC5761F004265F509D2281D9B49904C7B0
                                                  Function 0079B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0079B25D
                                                  • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 0079B270
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: InputSendkeybd_event
                                                  • String ID:
                                                  • API String ID: 3536248340-0
                                                  • Opcode ID: 912f80785689e87e3528eb43c0030bb14dce388da360301412bb08fabf14704f
                                                  • Instruction ID: 9b94d66347af149931cc0f888821dce4f6ed3b4969e77255907422dc34934540
                                                  • Opcode Fuzzy Hash: 912f80785689e87e3528eb43c0030bb14dce388da360301412bb08fabf14704f
                                                  • Instruction Fuzzy Hash: C6F01D7180424DABDF059FA0D805BAE7BB4FF08305F10801AF955A5191C37DD6119F94
                                                  Function 007910BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,007911FC), ref: 007910D4
                                                  • CloseHandle.KERNEL32(?,?,007911FC), ref: 007910E9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: AdjustCloseHandlePrivilegesToken
                                                  • String ID:
                                                  • API String ID: 81990902-0
                                                  • Opcode ID: 10ac5c93cd06f55b8a4dd89e6faf872b9dab7e945a8c318cd35c644c0a5eef8d
                                                  • Instruction ID: 1b47b8a8e9da21099d9e3d9cdaae4d733d320610c1b532db2aa9fb4715bbb935
                                                  • Opcode Fuzzy Hash: 10ac5c93cd06f55b8a4dd89e6faf872b9dab7e945a8c318cd35c644c0a5eef8d
                                                  • Instruction Fuzzy Hash: DFE04F32004610EEE7262B11FC09E7377A9EB04310B14C82DF4A6804B1DB666CA0DB54
                                                  Function 0073CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • Variable is not of type 'Object'., xrefs: 00780C40
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Variable is not of type 'Object'.
                                                  • API String ID: 0-1840281001
                                                  • Opcode ID: 6275ce6a6b02dd0116ddfe33305d7f0bad0db872028552be877c103e0f912939
                                                  • Instruction ID: 51958b63891c436f3b41ee65014b276f7e06febf9442eda9ba5469db6eb02ebc
                                                  • Opcode Fuzzy Hash: 6275ce6a6b02dd0116ddfe33305d7f0bad0db872028552be877c103e0f912939
                                                  • Instruction Fuzzy Hash: DF32AF75A00218DFEF15EF94C889BEDB7B5BF05304F148059E806BB292D779AD49CBA0
                                                  Function 0076676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00766766,?,?,00000008,?,?,0076FEFE,00000000), ref: 00766998
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ExceptionRaise
                                                  • String ID:
                                                  • API String ID: 3997070919-0
                                                  • Opcode ID: 3f2c4b62eb44890110ee8faf561320561357fc1abbf42cb48a4954f966b3a7f7
                                                  • Instruction ID: f56c973b69fbc3373b12f96dfc6d9bd53d36b2f8dc3f147a4f1c92147021132a
                                                  • Opcode Fuzzy Hash: 3f2c4b62eb44890110ee8faf561320561357fc1abbf42cb48a4954f966b3a7f7
                                                  • Instruction Fuzzy Hash: A6B139716106099FD715CF28C48AB657BA0FF45364F69C65CEC9ACF2A2C339E991CB40
                                                  Function 0074B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: 0c6d58fc25d675e9e64b25d42f06dcbf759b7f9126dff62750b75626831f26df
                                                  • Instruction ID: 9a4466c1b423cd0b9fe496d5643c8a6cde315485626ac7b8ec9b72fb052b2dac
                                                  • Opcode Fuzzy Hash: 0c6d58fc25d675e9e64b25d42f06dcbf759b7f9126dff62750b75626831f26df
                                                  • Instruction Fuzzy Hash: 69125171900229DFDB54DF58C880AEEB7B5FF48710F54819AE849EB251EB389E81CF91
                                                  Function 007AEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • BlockInput.USER32(00000001), ref: 007AEABD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: BlockInput
                                                  • String ID:
                                                  • API String ID: 3456056419-0
                                                  • Opcode ID: 841912cffb6d3f2c089cecc61c1c02faf87b8973a94e7f87632a45e90fc764e1
                                                  • Instruction ID: c80c9fa711a1cb7015d3b04cd560c5cbc15a123e8139b56c86036563fc9290a8
                                                  • Opcode Fuzzy Hash: 841912cffb6d3f2c089cecc61c1c02faf87b8973a94e7f87632a45e90fc764e1
                                                  • Instruction Fuzzy Hash: 21E04F362002049FD710EF59D808E9AF7E9AF99760F00C41AFD49DB351DB78EC408B90
                                                  Function 007509D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,007503EE), ref: 007509DA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled
                                                  • String ID:
                                                  • API String ID: 3192549508-0
                                                  • Opcode ID: fc0c5750bbc73c609106d27d175087b132086413015a527257a8455a882e12a9
                                                  • Instruction ID: e65aa12278c6f33e46349fb82630112ff911b3fb8ab33a0b0e46ab88aed1af08
                                                  • Opcode Fuzzy Hash: fc0c5750bbc73c609106d27d175087b132086413015a527257a8455a882e12a9
                                                  • Instruction Fuzzy Hash:
                                                  Function 0075781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0
                                                  • API String ID: 0-4108050209
                                                  • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                  • Instruction ID: 82408f395f80829944d3edafc4e35b291eafad710785347137d246c07965b54c
                                                  • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                  • Instruction Fuzzy Hash: 80515A6160C7459BDB3C4568A89E7FE63899B12303F180509DC86DB282C7DDFE4DD362
                                                  Function 00766DD9 Relevance: .6, Instructions: 637COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3d51a54e35c71b41d6a1c7d7e57b47cc25a2b2f5c6af94f5d8a389b0246f005f
                                                  • Instruction ID: b643fb285969968c1ae24f49a16e21d9253cba3a754c3f29d222b045ed294de7
                                                  • Opcode Fuzzy Hash: 3d51a54e35c71b41d6a1c7d7e57b47cc25a2b2f5c6af94f5d8a389b0246f005f
                                                  • Instruction Fuzzy Hash: F4322222D2AF414DD7279634C826335A759AFB73C9F14D737EC1AB59AAEB2DC4838100
                                                  Function 0074CC39 Relevance: .6, Instructions: 635COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c21e86272b43e63a8ae8dcd487b5c1bf764bb44670e9f202392828fed0b5353d
                                                  • Instruction ID: a0b7277a602eb5457de09e69ecade2489dc08d4cd196f2a1b52f769d31aa2632
                                                  • Opcode Fuzzy Hash: c21e86272b43e63a8ae8dcd487b5c1bf764bb44670e9f202392828fed0b5353d
                                                  • Instruction Fuzzy Hash: F6325731A801058BDF2AEF29C4D467D7BA1EF45300F28816AD95ADB292E73CDD81DB71
                                                  Function 00737920 Relevance: .6, Instructions: 563COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f089b145fcf150a279c171a9452cf710fd263744be6a85438074f45a3b1f1475
                                                  • Instruction ID: 1e5829cdc29a8daa9a014e3f733c2b07126b2131b4fb909a89ea1d2766efb596
                                                  • Opcode Fuzzy Hash: f089b145fcf150a279c171a9452cf710fd263744be6a85438074f45a3b1f1475
                                                  • Instruction Fuzzy Hash: 7C22B3B0A04609DFEF14CF64C885AEEB7F5FF44340F248529E816A7292EB79AD15CB50
                                                  Function 007391C0 Relevance: .5, Instructions: 475COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 24b068290c928d323e7b99444e80f2d335f06722072e40f07dc2155239685132
                                                  • Instruction ID: b2dbc1a2285066c7907021e02b2958468eaee72da732f5f9aaebc2289d5506b0
                                                  • Opcode Fuzzy Hash: 24b068290c928d323e7b99444e80f2d335f06722072e40f07dc2155239685132
                                                  • Instruction Fuzzy Hash: E602C7B0E00105EBDF05DF64D885AAEB7B1FF48340F11C169E91A9B291EB79EE10CB91
                                                  Function 00769EEE Relevance: .3, Instructions: 294COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 084c5152fd0de6e1521bef8d823b215c38a9555fc600fe854efc5a6176a5afa5
                                                  • Instruction ID: 4cc7ee5cd507dfa1949f4b5b3c068c4b1cc6471572df43994db93485a90fc147
                                                  • Opcode Fuzzy Hash: 084c5152fd0de6e1521bef8d823b215c38a9555fc600fe854efc5a6176a5afa5
                                                  • Instruction Fuzzy Hash: 16B1F020D2AF414DD22396398931336B76CAFBB6D5F92D31BFC2774D22EB2686834141
                                                  Function 00751C77 Relevance: .3, Instructions: 254COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                  • Instruction ID: 69b40d536ced43718586e59c83e1c9848cc5eec96f1899a325f36621d453d723
                                                  • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                  • Instruction Fuzzy Hash: 319187322081E34ADB29423A85352BEFFF15A523A375A079DDCF2CA1C5FE58995CD620
                                                  Function 00751F32 Relevance: .2, Instructions: 244COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                  • Instruction ID: fb34f37064d2c75cfbe8d209a96c0748f914e0bf60a987ad1cfc93285308b5cb
                                                  • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                  • Instruction Fuzzy Hash: C99186722090E309DB6D423984741BEFFE15A933A371A079DDCF2CB1C6EE68995DD620
                                                  Function 007519B0 Relevance: .2, Instructions: 240COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                  • Instruction ID: 1eb23b498ab860ce9111aa7ffe7f64fba8e8b159eda65a01aa3809a5c4d2ddda
                                                  • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                  • Instruction Fuzzy Hash: C691C8722090E34EDB2E427A84741BDFFE15A923A335A479DD8F2CA1C1FE98D55CD620
                                                  Function 00757A4A Relevance: .2, Instructions: 237COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 55e0aff8b693f9c8d77d1e138cc9f8f473a9145aa1d20e143be2e3b7e3498faa
                                                  • Instruction ID: c6289d24472b6e5fdab02f6fed93dbfb72c8ed4106c6fd9a53bf4fbf68feaa74
                                                  • Opcode Fuzzy Hash: 55e0aff8b693f9c8d77d1e138cc9f8f473a9145aa1d20e143be2e3b7e3498faa
                                                  • Instruction Fuzzy Hash: 8D6159B160874997EA3C592CB899BFE2398DF41303F144919EC42DB281DADD9E4EC396
                                                  Function 00757CA7 Relevance: .2, Instructions: 237COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a5ef3bf8d9156789876a5fa2a70e1bd6b1c417cadc84e90e6f56461a959cf526
                                                  • Instruction ID: cb0573c51d9fcf3ee95166707402045d47a83f3647de51aa35e22e79069c0132
                                                  • Opcode Fuzzy Hash: a5ef3bf8d9156789876a5fa2a70e1bd6b1c417cadc84e90e6f56461a959cf526
                                                  • Instruction Fuzzy Hash: F6616C7170870997DE3C4928785ABFE23A8DF41703F104959ED43DB281EADEAD4EC256
                                                  Function 00751706 Relevance: .2, Instructions: 232COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                  • Instruction ID: 9d35b13dcb4c589e181dc065e38b6d5d6275db189b83c0a230b54187fe861755
                                                  • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                  • Instruction Fuzzy Hash: F88177725080E309DB2D423D85346BEFFE15A923B375A079DD8F2CA1C1EE98A95CD620
                                                  Function 007A2046 Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e6d58ad9223ad19a81624c380f30c1be0e279162be792c0e17e1ae44ed258fbc
                                                  • Instruction ID: 7350babea73bf07289ea5667f82ea44ac1f3259350dabba4fbb73feac4ffad77
                                                  • Opcode Fuzzy Hash: e6d58ad9223ad19a81624c380f30c1be0e279162be792c0e17e1ae44ed258fbc
                                                  • Instruction Fuzzy Hash: 2221A8326206118BD728CE79C81767A73E5B7A4310F15862EE4A7C37D1DE7AA904CB40
                                                  Function 007B2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeleteObject.GDI32(00000000), ref: 007B2B30
                                                  • DeleteObject.GDI32(00000000), ref: 007B2B43
                                                  • DestroyWindow.USER32 ref: 007B2B52
                                                  • GetDesktopWindow.USER32 ref: 007B2B6D
                                                  • GetWindowRect.USER32(00000000), ref: 007B2B74
                                                  • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 007B2CA3
                                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 007B2CB1
                                                  • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B2CF8
                                                  • GetClientRect.USER32(00000000,?), ref: 007B2D04
                                                  • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 007B2D40
                                                  • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B2D62
                                                  • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B2D75
                                                  • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B2D80
                                                  • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B2D89
                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B2D98
                                                  • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B2DA1
                                                  • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B2DA8
                                                  • GlobalFree.KERNEL32(00000000), ref: 007B2DB3
                                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B2DC5
                                                  • OleLoadPicture.OLEAUT32(?,00000000,00000000,007CFC38,00000000), ref: 007B2DDB
                                                  • GlobalFree.KERNEL32(00000000), ref: 007B2DEB
                                                  • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 007B2E11
                                                  • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 007B2E30
                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B2E52
                                                  • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007B303F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                  • String ID: $AutoIt v3$DISPLAY$static
                                                  • API String ID: 2211948467-2373415609
                                                  • Opcode ID: acfa9ae22203fa61e9d9793e1eac9a2332b84fb61fdd5f9bceb2457c84f95ef7
                                                  • Instruction ID: 25402dcbe04ac9470efe50f9a5f4f6330f72e3733be6634f2dc3e7a94c9cabeb
                                                  • Opcode Fuzzy Hash: acfa9ae22203fa61e9d9793e1eac9a2332b84fb61fdd5f9bceb2457c84f95ef7
                                                  • Instruction Fuzzy Hash: BA025C71900209EFDB15DF64CD89EAE7BB9FF48310F048158F919AB2A1DB78AD01CB64
                                                  Function 007C70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetTextColor.GDI32(?,00000000), ref: 007C712F
                                                  • GetSysColorBrush.USER32(0000000F), ref: 007C7160
                                                  • GetSysColor.USER32(0000000F), ref: 007C716C
                                                  • SetBkColor.GDI32(?,000000FF), ref: 007C7186
                                                  • SelectObject.GDI32(?,?), ref: 007C7195
                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 007C71C0
                                                  • GetSysColor.USER32(00000010), ref: 007C71C8
                                                  • CreateSolidBrush.GDI32(00000000), ref: 007C71CF
                                                  • FrameRect.USER32(?,?,00000000), ref: 007C71DE
                                                  • DeleteObject.GDI32(00000000), ref: 007C71E5
                                                  • InflateRect.USER32(?,000000FE,000000FE), ref: 007C7230
                                                  • FillRect.USER32(?,?,?), ref: 007C7262
                                                  • GetWindowLongW.USER32(?,000000F0), ref: 007C7284
                                                    • Part of subcall function 007C73E8: GetSysColor.USER32(00000012), ref: 007C7421
                                                    • Part of subcall function 007C73E8: SetTextColor.GDI32(?,?), ref: 007C7425
                                                    • Part of subcall function 007C73E8: GetSysColorBrush.USER32(0000000F), ref: 007C743B
                                                    • Part of subcall function 007C73E8: GetSysColor.USER32(0000000F), ref: 007C7446
                                                    • Part of subcall function 007C73E8: GetSysColor.USER32(00000011), ref: 007C7463
                                                    • Part of subcall function 007C73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 007C7471
                                                    • Part of subcall function 007C73E8: SelectObject.GDI32(?,00000000), ref: 007C7482
                                                    • Part of subcall function 007C73E8: SetBkColor.GDI32(?,00000000), ref: 007C748B
                                                    • Part of subcall function 007C73E8: SelectObject.GDI32(?,?), ref: 007C7498
                                                    • Part of subcall function 007C73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 007C74B7
                                                    • Part of subcall function 007C73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 007C74CE
                                                    • Part of subcall function 007C73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 007C74DB
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                  • String ID:
                                                  • API String ID: 4124339563-0
                                                  • Opcode ID: 0bc723b320f8db45541b739fda8eec022b27779b2a5e05e0cb7d0672d44c2fdc
                                                  • Instruction ID: 95bb14aee427f790eee61de3f5e445209ec6bf0277b9cdd4a241b30f8de1441c
                                                  • Opcode Fuzzy Hash: 0bc723b320f8db45541b739fda8eec022b27779b2a5e05e0cb7d0672d44c2fdc
                                                  • Instruction Fuzzy Hash: F8A1AE72008305EFDB069F60DC48E6B7BA9FB88320F144A1DF966961E1DB38E944CF55
                                                  Function 00748D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DestroyWindow.USER32(?,?), ref: 00748E14
                                                  • SendMessageW.USER32(?,00001308,?,00000000), ref: 00786AC5
                                                  • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00786AFE
                                                  • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00786F43
                                                    • Part of subcall function 00748F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00748BE8,?,00000000,?,?,?,?,00748BBA,00000000,?), ref: 00748FC5
                                                  • SendMessageW.USER32(?,00001053), ref: 00786F7F
                                                  • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00786F96
                                                  • ImageList_Destroy.COMCTL32(00000000,?), ref: 00786FAC
                                                  • ImageList_Destroy.COMCTL32(00000000,?), ref: 00786FB7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                  • String ID: 0
                                                  • API String ID: 2760611726-4108050209
                                                  • Opcode ID: 395a8b83b8996169868a87d212ad9b9a27c12cfb0cd078767c5ef098db8536b6
                                                  • Instruction ID: 7213cbacc98beb061ed1ee55d2a336ec9b8fcca3905b06245c6a6028a0949c70
                                                  • Opcode Fuzzy Hash: 395a8b83b8996169868a87d212ad9b9a27c12cfb0cd078767c5ef098db8536b6
                                                  • Instruction Fuzzy Hash: 0112BF30640211EFDB65EF24D848BAABBE1FB44310F548469F589DB261CB39EC91DF52
                                                  Function 007B2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DestroyWindow.USER32(00000000), ref: 007B273E
                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 007B286A
                                                  • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 007B28A9
                                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 007B28B9
                                                  • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 007B2900
                                                  • GetClientRect.USER32(00000000,?), ref: 007B290C
                                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 007B2955
                                                  • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 007B2964
                                                  • GetStockObject.GDI32(00000011), ref: 007B2974
                                                  • SelectObject.GDI32(00000000,00000000), ref: 007B2978
                                                  • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 007B2988
                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 007B2991
                                                  • DeleteDC.GDI32(00000000), ref: 007B299A
                                                  • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 007B29C6
                                                  • SendMessageW.USER32(00000030,00000000,00000001), ref: 007B29DD
                                                  • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 007B2A1D
                                                  • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 007B2A31
                                                  • SendMessageW.USER32(00000404,00000001,00000000), ref: 007B2A42
                                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 007B2A77
                                                  • GetStockObject.GDI32(00000011), ref: 007B2A82
                                                  • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 007B2A8D
                                                  • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 007B2A97
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                  • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                  • API String ID: 2910397461-517079104
                                                  • Opcode ID: fce9c20ff1cf8fed0d655dffe6d2aa43066592818c037f1267e884526df8b9e8
                                                  • Instruction ID: b9d6b04154738743201caf8bbef96b87321856106caea27af7fed2ec27f6010e
                                                  • Opcode Fuzzy Hash: fce9c20ff1cf8fed0d655dffe6d2aa43066592818c037f1267e884526df8b9e8
                                                  • Instruction Fuzzy Hash: EFB15EB1A00219AFEB14DF68CC49FAE7BA9FB08710F008118FA15E7291D778ED41CB94
                                                  Function 007A4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetErrorMode.KERNEL32(00000001), ref: 007A4AED
                                                  • GetDriveTypeW.KERNEL32(?,007CCB68,?,\\.\,007CCC08), ref: 007A4BCA
                                                  • SetErrorMode.KERNEL32(00000000,007CCB68,?,\\.\,007CCC08), ref: 007A4D36
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ErrorMode$DriveType
                                                  • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                  • API String ID: 2907320926-4222207086
                                                  • Opcode ID: b5e4b8f3f17a57304e7673a7823a677b1b215600dad1c8a71b91d394a494b175
                                                  • Instruction ID: 477d3d37a3f6fa00f0543a020e1721080ae8ed5187af508e5dff4ed14f19f138
                                                  • Opcode Fuzzy Hash: b5e4b8f3f17a57304e7673a7823a677b1b215600dad1c8a71b91d394a494b175
                                                  • Instruction Fuzzy Hash: 7061E2B1301209EBCF04DF28C99597877B0ABC6350B248215F90AAB752DBBFED41DB61
                                                  Function 007C73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetSysColor.USER32(00000012), ref: 007C7421
                                                  • SetTextColor.GDI32(?,?), ref: 007C7425
                                                  • GetSysColorBrush.USER32(0000000F), ref: 007C743B
                                                  • GetSysColor.USER32(0000000F), ref: 007C7446
                                                  • CreateSolidBrush.GDI32(?), ref: 007C744B
                                                  • GetSysColor.USER32(00000011), ref: 007C7463
                                                  • CreatePen.GDI32(00000000,00000001,00743C00), ref: 007C7471
                                                  • SelectObject.GDI32(?,00000000), ref: 007C7482
                                                  • SetBkColor.GDI32(?,00000000), ref: 007C748B
                                                  • SelectObject.GDI32(?,?), ref: 007C7498
                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 007C74B7
                                                  • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 007C74CE
                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 007C74DB
                                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 007C752A
                                                  • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 007C7554
                                                  • InflateRect.USER32(?,000000FD,000000FD), ref: 007C7572
                                                  • DrawFocusRect.USER32(?,?), ref: 007C757D
                                                  • GetSysColor.USER32(00000011), ref: 007C758E
                                                  • SetTextColor.GDI32(?,00000000), ref: 007C7596
                                                  • DrawTextW.USER32(?,007C70F5,000000FF,?,00000000), ref: 007C75A8
                                                  • SelectObject.GDI32(?,?), ref: 007C75BF
                                                  • DeleteObject.GDI32(?), ref: 007C75CA
                                                  • SelectObject.GDI32(?,?), ref: 007C75D0
                                                  • DeleteObject.GDI32(?), ref: 007C75D5
                                                  • SetTextColor.GDI32(?,?), ref: 007C75DB
                                                  • SetBkColor.GDI32(?,?), ref: 007C75E5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                  • String ID:
                                                  • API String ID: 1996641542-0
                                                  • Opcode ID: f169e3d62434d65128c4fb1b464db2eb301c3200f5ce2250df2314cf27d1311f
                                                  • Instruction ID: 6b1724d299fb6affd33f478fc3159952af850e4b23d505f78c367829edfa3403
                                                  • Opcode Fuzzy Hash: f169e3d62434d65128c4fb1b464db2eb301c3200f5ce2250df2314cf27d1311f
                                                  • Instruction Fuzzy Hash: BD616D72900218AFDF059FA4DC49EEE7FB9EB08320F158119F915BB2A1D7789940CF94
                                                  Function 007C0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCursorPos.USER32(?), ref: 007C1128
                                                  • GetDesktopWindow.USER32 ref: 007C113D
                                                  • GetWindowRect.USER32(00000000), ref: 007C1144
                                                  • GetWindowLongW.USER32(?,000000F0), ref: 007C1199
                                                  • DestroyWindow.USER32(?), ref: 007C11B9
                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 007C11ED
                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 007C120B
                                                  • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 007C121D
                                                  • SendMessageW.USER32(00000000,00000421,?,?), ref: 007C1232
                                                  • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 007C1245
                                                  • IsWindowVisible.USER32(00000000), ref: 007C12A1
                                                  • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 007C12BC
                                                  • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 007C12D0
                                                  • GetWindowRect.USER32(00000000,?), ref: 007C12E8
                                                  • MonitorFromPoint.USER32(?,?,00000002), ref: 007C130E
                                                  • GetMonitorInfoW.USER32(00000000,?), ref: 007C1328
                                                  • CopyRect.USER32(?,?), ref: 007C133F
                                                  • SendMessageW.USER32(00000000,00000412,00000000), ref: 007C13AA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                  • String ID: ($0$tooltips_class32
                                                  • API String ID: 698492251-4156429822
                                                  • Opcode ID: 2ae4a3dd5d8f60302da47c6ac30d15c624cf91e525daf76b951acad8bf2a97b7
                                                  • Instruction ID: ef049bc0e36e975ac2456d01d58c719d3688f4d4ee3440e71dcb6cf2585a1788
                                                  • Opcode Fuzzy Hash: 2ae4a3dd5d8f60302da47c6ac30d15c624cf91e525daf76b951acad8bf2a97b7
                                                  • Instruction Fuzzy Hash: AFB18C71604341AFE704DF64C988F6ABBE4FF89344F40892CF9999B262C779E844CB95
                                                  Function 007C0241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CharUpperBuffW.USER32(?,?), ref: 007C02E5
                                                  • _wcslen.LIBCMT ref: 007C031F
                                                  • _wcslen.LIBCMT ref: 007C0389
                                                  • _wcslen.LIBCMT ref: 007C03F1
                                                  • _wcslen.LIBCMT ref: 007C0475
                                                  • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 007C04C5
                                                  • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 007C0504
                                                    • Part of subcall function 0074F9F2: _wcslen.LIBCMT ref: 0074F9FD
                                                    • Part of subcall function 0079223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00792258
                                                    • Part of subcall function 0079223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0079228A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _wcslen$MessageSend$BuffCharUpper
                                                  • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                  • API String ID: 1103490817-719923060
                                                  • Opcode ID: 261ea6acef4df934f3679bdc651955b775eda33e6a225ab8122feb5e6a7f01c5
                                                  • Instruction ID: 5634de58836025837aae160b27ca7b56dd0fc9d9be04b9d968f0eb74d91c27de
                                                  • Opcode Fuzzy Hash: 261ea6acef4df934f3679bdc651955b775eda33e6a225ab8122feb5e6a7f01c5
                                                  • Instruction Fuzzy Hash: FDE18B31208241DBCB18DF24C555E2AB3E6BF88714F14496CF996AB3A2DB38ED45CBD1
                                                  Function 00748891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00748968
                                                  • GetSystemMetrics.USER32(00000007), ref: 00748970
                                                  • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0074899B
                                                  • GetSystemMetrics.USER32(00000008), ref: 007489A3
                                                  • GetSystemMetrics.USER32(00000004), ref: 007489C8
                                                  • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 007489E5
                                                  • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 007489F5
                                                  • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00748A28
                                                  • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00748A3C
                                                  • GetClientRect.USER32(00000000,000000FF), ref: 00748A5A
                                                  • GetStockObject.GDI32(00000011), ref: 00748A76
                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 00748A81
                                                    • Part of subcall function 0074912D: GetCursorPos.USER32(?), ref: 00749141
                                                    • Part of subcall function 0074912D: ScreenToClient.USER32(00000000,?), ref: 0074915E
                                                    • Part of subcall function 0074912D: GetAsyncKeyState.USER32(00000001), ref: 00749183
                                                    • Part of subcall function 0074912D: GetAsyncKeyState.USER32(00000002), ref: 0074919D
                                                  • SetTimer.USER32(00000000,00000000,00000028,007490FC), ref: 00748AA8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                  • String ID: AutoIt v3 GUI
                                                  • API String ID: 1458621304-248962490
                                                  • Opcode ID: 2b7fb19a085a0b7af16a1146adb6be0b280d36e902612dfc97381567da48a67c
                                                  • Instruction ID: eecf66bd415e0a4bcdfb41005bc80b2bbb3234b6f449a99d08c63d23c38ccaf4
                                                  • Opcode Fuzzy Hash: 2b7fb19a085a0b7af16a1146adb6be0b280d36e902612dfc97381567da48a67c
                                                  • Instruction Fuzzy Hash: 3FB17D71A40209EFDF54DFA8DC49BAE7BB5FB48314F108129FA15A7290DB78A840CB55
                                                  Function 00790D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 007910F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00791114
                                                    • Part of subcall function 007910F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00790B9B,?,?,?), ref: 00791120
                                                    • Part of subcall function 007910F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00790B9B,?,?,?), ref: 0079112F
                                                    • Part of subcall function 007910F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00790B9B,?,?,?), ref: 00791136
                                                    • Part of subcall function 007910F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0079114D
                                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00790DF5
                                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00790E29
                                                  • GetLengthSid.ADVAPI32(?), ref: 00790E40
                                                  • GetAce.ADVAPI32(?,00000000,?), ref: 00790E7A
                                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00790E96
                                                  • GetLengthSid.ADVAPI32(?), ref: 00790EAD
                                                  • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00790EB5
                                                  • HeapAlloc.KERNEL32(00000000), ref: 00790EBC
                                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00790EDD
                                                  • CopySid.ADVAPI32(00000000), ref: 00790EE4
                                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00790F13
                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00790F35
                                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00790F47
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00790F6E
                                                  • HeapFree.KERNEL32(00000000), ref: 00790F75
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00790F7E
                                                  • HeapFree.KERNEL32(00000000), ref: 00790F85
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00790F8E
                                                  • HeapFree.KERNEL32(00000000), ref: 00790F95
                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 00790FA1
                                                  • HeapFree.KERNEL32(00000000), ref: 00790FA8
                                                    • Part of subcall function 00791193: GetProcessHeap.KERNEL32(00000008,00790BB1,?,00000000,?,00790BB1,?), ref: 007911A1
                                                    • Part of subcall function 00791193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00790BB1,?), ref: 007911A8
                                                    • Part of subcall function 00791193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00790BB1,?), ref: 007911B7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                  • String ID:
                                                  • API String ID: 4175595110-0
                                                  • Opcode ID: 4931564fa9181c9678949c1b2ffc45c60ddd3af49ec32f93902705255a0f828d
                                                  • Instruction ID: 74a78da91ba0b4ce69ea61ff3d40ae47645959479749a3d2eddd2d8cfeba1b53
                                                  • Opcode Fuzzy Hash: 4931564fa9181c9678949c1b2ffc45c60ddd3af49ec32f93902705255a0f828d
                                                  • Instruction Fuzzy Hash: AB715F7291020AEFDF21DFA5EC49FAEBBB9FF04300F048119F919A6151D7799A45CBA0
                                                  Function 007BC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007BC4BD
                                                  • RegCreateKeyExW.ADVAPI32(?,?,00000000,007CCC08,00000000,?,00000000,?,?), ref: 007BC544
                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 007BC5A4
                                                  • _wcslen.LIBCMT ref: 007BC5F4
                                                  • _wcslen.LIBCMT ref: 007BC66F
                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 007BC6B2
                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 007BC7C1
                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 007BC84D
                                                  • RegCloseKey.ADVAPI32(?), ref: 007BC881
                                                  • RegCloseKey.ADVAPI32(00000000), ref: 007BC88E
                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 007BC960
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                  • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                  • API String ID: 9721498-966354055
                                                  • Opcode ID: ccf0b89525cb1ce4b5026bed1d33573c9035a0ab2bde34ac04ad3fbb6bb465f6
                                                  • Instruction ID: da1bef27275d91cface3276e3e5c2fb0be8ad365e4d0b872df851d08e02ed858
                                                  • Opcode Fuzzy Hash: ccf0b89525cb1ce4b5026bed1d33573c9035a0ab2bde34ac04ad3fbb6bb465f6
                                                  • Instruction Fuzzy Hash: 97125975604201DFDB29DF14C885B6AB7E5EF88714F14885CF88A9B3A2DB39ED41CB81
                                                  Function 007C091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CharUpperBuffW.USER32(?,?), ref: 007C09C6
                                                  • _wcslen.LIBCMT ref: 007C0A01
                                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 007C0A54
                                                  • _wcslen.LIBCMT ref: 007C0A8A
                                                  • _wcslen.LIBCMT ref: 007C0B06
                                                  • _wcslen.LIBCMT ref: 007C0B81
                                                    • Part of subcall function 0074F9F2: _wcslen.LIBCMT ref: 0074F9FD
                                                    • Part of subcall function 00792BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00792BFA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _wcslen$MessageSend$BuffCharUpper
                                                  • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                  • API String ID: 1103490817-4258414348
                                                  • Opcode ID: f8794bfebefed09acf270f5af50e115b2be7f656391db7f99b51a9426b292b26
                                                  • Instruction ID: c987ea2231a5199a4c9b254fccebbf95f0bcf9884b124ab6e1efda9137991153
                                                  • Opcode Fuzzy Hash: f8794bfebefed09acf270f5af50e115b2be7f656391db7f99b51a9426b292b26
                                                  • Instruction Fuzzy Hash: 3AE15775208701DFCB18DF28C454A2AB7E1BF98314F14895CE8969B3A2D739ED45CBD1
                                                  Function 007BC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _wcslen$BuffCharUpper
                                                  • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                  • API String ID: 1256254125-909552448
                                                  • Opcode ID: 8cdf10a4f03f74554afc78d149c978aeccf2d2a68f4e6d8fa2f6c8c5da16c1db
                                                  • Instruction ID: 1ebad172bda21fd059fad0aa68507c74ba703f30a575515483bb1d11321b13e7
                                                  • Opcode Fuzzy Hash: 8cdf10a4f03f74554afc78d149c978aeccf2d2a68f4e6d8fa2f6c8c5da16c1db
                                                  • Instruction Fuzzy Hash: 6971E37261016A8BCB22DE7CCD527FF3791AB60754B25C128FC56AB285EA3DDD44C3A0
                                                  Function 007C833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _wcslen.LIBCMT ref: 007C835A
                                                  • _wcslen.LIBCMT ref: 007C836E
                                                  • _wcslen.LIBCMT ref: 007C8391
                                                  • _wcslen.LIBCMT ref: 007C83B4
                                                  • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 007C83F2
                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,007C5BF2), ref: 007C844E
                                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 007C8487
                                                  • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 007C84CA
                                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 007C8501
                                                  • FreeLibrary.KERNEL32(?), ref: 007C850D
                                                  • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 007C851D
                                                  • DestroyIcon.USER32(?,?,?,?,?,007C5BF2), ref: 007C852C
                                                  • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 007C8549
                                                  • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 007C8555
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                  • String ID: .dll$.exe$.icl
                                                  • API String ID: 799131459-1154884017
                                                  • Opcode ID: 88d37a838fa34b76151363c130b9ad153bc8b8a9636a471cdeb5f0c5bacececb
                                                  • Instruction ID: a28642be6a4d4ae15fb97a4f88c2f4ffb3534f2d5008a017e0c305e096ff4c7c
                                                  • Opcode Fuzzy Hash: 88d37a838fa34b76151363c130b9ad153bc8b8a9636a471cdeb5f0c5bacececb
                                                  • Instruction Fuzzy Hash: B261D171540219FAEB18DF64DC45FFE77A8BB04711F10860EF915E61D1DBB8AA90CBA0
                                                  Function 00737778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                  • API String ID: 0-1645009161
                                                  • Opcode ID: 71bfd1c89ae664a9c4077e4896b2b43d533d13c4ef9ccd89fbde3ff38e3268db
                                                  • Instruction ID: 51a79d7f7a774469fbfc8c37f12ea04c8a9a7064f7702aa4d64a097a3d712490
                                                  • Opcode Fuzzy Hash: 71bfd1c89ae664a9c4077e4896b2b43d533d13c4ef9ccd89fbde3ff38e3268db
                                                  • Instruction Fuzzy Hash: 9A81C7F1604605FBEF25AF60DC46FAE77A5AF15340F044028F909AA193EBBCD915C7A1
                                                  Function 007A3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CharLowerBuffW.USER32(?,?), ref: 007A3EF8
                                                  • _wcslen.LIBCMT ref: 007A3F03
                                                  • _wcslen.LIBCMT ref: 007A3F5A
                                                  • _wcslen.LIBCMT ref: 007A3F98
                                                  • GetDriveTypeW.KERNEL32(?), ref: 007A3FD6
                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007A401E
                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007A4059
                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007A4087
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                  • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                  • API String ID: 1839972693-4113822522
                                                  • Opcode ID: 0857434b8494f6c11f187604a4811efe3d197b7efc780ea7fc3cf87ade793cf8
                                                  • Instruction ID: 9007a9f1780d88c3d45179efd96e6c1baa4babbcf314bddb1a16305eddff849c
                                                  • Opcode Fuzzy Hash: 0857434b8494f6c11f187604a4811efe3d197b7efc780ea7fc3cf87ade793cf8
                                                  • Instruction Fuzzy Hash: D371F0726042029FC710EF24C88186BB7F4EFD5758F108A2DF99693252EB39EE45CB91
                                                  Function 00795A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadIconW.USER32(00000063), ref: 00795A2E
                                                  • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00795A40
                                                  • SetWindowTextW.USER32(?,?), ref: 00795A57
                                                  • GetDlgItem.USER32(?,000003EA), ref: 00795A6C
                                                  • SetWindowTextW.USER32(00000000,?), ref: 00795A72
                                                  • GetDlgItem.USER32(?,000003E9), ref: 00795A82
                                                  • SetWindowTextW.USER32(00000000,?), ref: 00795A88
                                                  • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00795AA9
                                                  • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00795AC3
                                                  • GetWindowRect.USER32(?,?), ref: 00795ACC
                                                  • _wcslen.LIBCMT ref: 00795B33
                                                  • SetWindowTextW.USER32(?,?), ref: 00795B6F
                                                  • GetDesktopWindow.USER32 ref: 00795B75
                                                  • GetWindowRect.USER32(00000000), ref: 00795B7C
                                                  • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00795BD3
                                                  • GetClientRect.USER32(?,?), ref: 00795BE0
                                                  • PostMessageW.USER32(?,00000005,00000000,?), ref: 00795C05
                                                  • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00795C2F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                  • String ID:
                                                  • API String ID: 895679908-0
                                                  • Opcode ID: 2c5567dc16f0fdbe3a16783024ebe4063703e0295d8fbd70d8368b62ecbc84d1
                                                  • Instruction ID: bf4b1c5cf8b06f573d920071c78fd8757152ca5dc1de011e74c02cf4ca37bb69
                                                  • Opcode Fuzzy Hash: 2c5567dc16f0fdbe3a16783024ebe4063703e0295d8fbd70d8368b62ecbc84d1
                                                  • Instruction Fuzzy Hash: 96717D71900B19AFDF22DFA8DE85E6EBBF5FF48704F104518E586A25A0D778A940CB14
                                                  Function 007AFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadCursorW.USER32(00000000,00007F89), ref: 007AFE27
                                                  • LoadCursorW.USER32(00000000,00007F8A), ref: 007AFE32
                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 007AFE3D
                                                  • LoadCursorW.USER32(00000000,00007F03), ref: 007AFE48
                                                  • LoadCursorW.USER32(00000000,00007F8B), ref: 007AFE53
                                                  • LoadCursorW.USER32(00000000,00007F01), ref: 007AFE5E
                                                  • LoadCursorW.USER32(00000000,00007F81), ref: 007AFE69
                                                  • LoadCursorW.USER32(00000000,00007F88), ref: 007AFE74
                                                  • LoadCursorW.USER32(00000000,00007F80), ref: 007AFE7F
                                                  • LoadCursorW.USER32(00000000,00007F86), ref: 007AFE8A
                                                  • LoadCursorW.USER32(00000000,00007F83), ref: 007AFE95
                                                  • LoadCursorW.USER32(00000000,00007F85), ref: 007AFEA0
                                                  • LoadCursorW.USER32(00000000,00007F82), ref: 007AFEAB
                                                  • LoadCursorW.USER32(00000000,00007F84), ref: 007AFEB6
                                                  • LoadCursorW.USER32(00000000,00007F04), ref: 007AFEC1
                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 007AFECC
                                                  • GetCursorInfo.USER32(?), ref: 007AFEDC
                                                  • GetLastError.KERNEL32 ref: 007AFF1E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Cursor$Load$ErrorInfoLast
                                                  • String ID:
                                                  • API String ID: 3215588206-0
                                                  • Opcode ID: 87add5325b4258a898697ef2444012cdde50b1e9b98797624d5ae5d8436de1f9
                                                  • Instruction ID: d5249107beb6f6a82df19ac5a30b38f8b389f77b3f842674586092076b9542cf
                                                  • Opcode Fuzzy Hash: 87add5325b4258a898697ef2444012cdde50b1e9b98797624d5ae5d8436de1f9
                                                  • Instruction Fuzzy Hash: B44154B0D04319AEDB109FBA8C89C5EBFE8FF45354B54862AE11DE7281DB789901CF91
                                                  Function 007500C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 007500C6
                                                    • Part of subcall function 007500ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0080070C,00000FA0,4EC5054F,?,?,?,?,007723B3,000000FF), ref: 0075011C
                                                    • Part of subcall function 007500ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,007723B3,000000FF), ref: 00750127
                                                    • Part of subcall function 007500ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,007723B3,000000FF), ref: 00750138
                                                    • Part of subcall function 007500ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0075014E
                                                    • Part of subcall function 007500ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0075015C
                                                    • Part of subcall function 007500ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0075016A
                                                    • Part of subcall function 007500ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00750195
                                                    • Part of subcall function 007500ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007501A0
                                                  • ___scrt_fastfail.LIBCMT ref: 007500E7
                                                    • Part of subcall function 007500A3: __onexit.LIBCMT ref: 007500A9
                                                  Strings
                                                  • InitializeConditionVariable, xrefs: 00750148
                                                  • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00750122
                                                  • WakeAllConditionVariable, xrefs: 00750162
                                                  • SleepConditionVariableCS, xrefs: 00750154
                                                  • kernel32.dll, xrefs: 00750133
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                  • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                  • API String ID: 66158676-1714406822
                                                  • Opcode ID: 25ca18b3e37bb6b2e8ca8754e40f4e40d1fcad874f6477b73be1280877d99f07
                                                  • Instruction ID: 9a67bb7bc02153ed9bd98af7af57eda8ccf4922a0585af1a00c7538403affac6
                                                  • Opcode Fuzzy Hash: 25ca18b3e37bb6b2e8ca8754e40f4e40d1fcad874f6477b73be1280877d99f07
                                                  • Instruction Fuzzy Hash: 7121F9B2A44B18ABD7115B64AC1AFAE33D4EB05B62F04412DFC05D22D1DFBC98048AD5
                                                  Function 007930F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _wcslen
                                                  • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                  • API String ID: 176396367-1603158881
                                                  • Opcode ID: ae191bfc639f6ba813fdfa5cbc4893816236b956d83181ba65497ba17062c255
                                                  • Instruction ID: a4dc54efca31b3884f9e450f0fbaea8ee57bd3856201c6d67c2ffc3d574d0366
                                                  • Opcode Fuzzy Hash: ae191bfc639f6ba813fdfa5cbc4893816236b956d83181ba65497ba17062c255
                                                  • Instruction Fuzzy Hash: C5E1E332A00516EBCF189FB8D446AFEFBB0BF44710F558129E956F7250DB38AE858790
                                                  Function 007A44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CharLowerBuffW.USER32(00000000,00000000,007CCC08), ref: 007A4527
                                                  • _wcslen.LIBCMT ref: 007A453B
                                                  • _wcslen.LIBCMT ref: 007A4599
                                                  • _wcslen.LIBCMT ref: 007A45F4
                                                  • _wcslen.LIBCMT ref: 007A463F
                                                  • _wcslen.LIBCMT ref: 007A46A7
                                                    • Part of subcall function 0074F9F2: _wcslen.LIBCMT ref: 0074F9FD
                                                  • GetDriveTypeW.KERNEL32(?,007F6BF0,00000061), ref: 007A4743
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _wcslen$BuffCharDriveLowerType
                                                  • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                  • API String ID: 2055661098-1000479233
                                                  • Opcode ID: cdb78347af05c12fd7e3c739fa81dbb54ad59e6b190731bd84dfbcfb480c3710
                                                  • Instruction ID: 77cfb6c0a09eb2fb0b925bcbc81a7848f43a0b8b20272edad5d5120eb761d9ee
                                                  • Opcode Fuzzy Hash: cdb78347af05c12fd7e3c739fa81dbb54ad59e6b190731bd84dfbcfb480c3710
                                                  • Instruction Fuzzy Hash: C2B123716083029FC710DF28C894A7AB7E4BFE6720F104A1DF596C7292D7BAD844CB62
                                                  Function 007BAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _wcslen.LIBCMT ref: 007BB198
                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 007BB1B0
                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 007BB1D4
                                                  • _wcslen.LIBCMT ref: 007BB200
                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 007BB214
                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 007BB236
                                                  • _wcslen.LIBCMT ref: 007BB332
                                                    • Part of subcall function 007A05A7: GetStdHandle.KERNEL32(000000F6), ref: 007A05C6
                                                  • _wcslen.LIBCMT ref: 007BB34B
                                                  • _wcslen.LIBCMT ref: 007BB366
                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 007BB3B6
                                                  • GetLastError.KERNEL32(00000000), ref: 007BB407
                                                  • CloseHandle.KERNEL32(?), ref: 007BB439
                                                  • CloseHandle.KERNEL32(00000000), ref: 007BB44A
                                                  • CloseHandle.KERNEL32(00000000), ref: 007BB45C
                                                  • CloseHandle.KERNEL32(00000000), ref: 007BB46E
                                                  • CloseHandle.KERNEL32(?), ref: 007BB4E3
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                  • String ID:
                                                  • API String ID: 2178637699-0
                                                  • Opcode ID: 147651c2e36f615ee71e6ab4e99a44fbab5259429b2bcd73367887fde9c1a1b2
                                                  • Instruction ID: da8c7e687a824332d2e1d5245ad34f49082e4a1dacb03a6303bc5e5983187516
                                                  • Opcode Fuzzy Hash: 147651c2e36f615ee71e6ab4e99a44fbab5259429b2bcd73367887fde9c1a1b2
                                                  • Instruction Fuzzy Hash: 9AF18B71508240DFD724EF24C895BAABBE1BF85314F14855DF8998B2A2CB79EC44CB52
                                                  Function 007B3FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,007CCC08), ref: 007B40BB
                                                  • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 007B40CD
                                                  • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,007CCC08), ref: 007B40F2
                                                  • FreeLibrary.KERNEL32(00000000,?,007CCC08), ref: 007B413E
                                                  • StringFromGUID2.OLE32(?,?,00000028,?,007CCC08), ref: 007B41A8
                                                  • SysFreeString.OLEAUT32(00000009), ref: 007B4262
                                                  • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 007B42C8
                                                  • SysFreeString.OLEAUT32(?), ref: 007B42F2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                  • String ID: GetModuleHandleExW$kernel32.dll
                                                  • API String ID: 354098117-199464113
                                                  • Opcode ID: 9c9d784dfd2653b71d24196c0946267b1fcc9cc1a405e3266c9c6a1d4e473433
                                                  • Instruction ID: c9cf7846d504311e583d8eab2c16ce00e7ac70638fcd18802b9657d79319402a
                                                  • Opcode Fuzzy Hash: 9c9d784dfd2653b71d24196c0946267b1fcc9cc1a405e3266c9c6a1d4e473433
                                                  • Instruction Fuzzy Hash: F1120A75A00119EFDB14DF94C888FAEBBB5FF45314F248098E909AB252D735ED46CBA0
                                                  Function 0073326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetMenuItemCount.USER32(00801990), ref: 00772F8D
                                                  • GetMenuItemCount.USER32(00801990), ref: 0077303D
                                                  • GetCursorPos.USER32(?), ref: 00773081
                                                  • SetForegroundWindow.USER32(00000000), ref: 0077308A
                                                  • TrackPopupMenuEx.USER32(00801990,00000000,?,00000000,00000000,00000000), ref: 0077309D
                                                  • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 007730A9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                  • String ID: 0
                                                  • API String ID: 36266755-4108050209
                                                  • Opcode ID: a971dd54788bb80950bdd3d60fcd1b7c2ddcc76582012da465d80488de3cd796
                                                  • Instruction ID: ff6933936437c8ccc48004a6340246fbfe22822f0c4fc236a9b6bf02a5c5dbd0
                                                  • Opcode Fuzzy Hash: a971dd54788bb80950bdd3d60fcd1b7c2ddcc76582012da465d80488de3cd796
                                                  • Instruction Fuzzy Hash: E071E771644205BEFF318F64DC49FAABF65FF05364F208216F5286A1E2C7B9A910DB50
                                                  Function 007C6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DestroyWindow.USER32(00000000,?), ref: 007C6DEB
                                                    • Part of subcall function 00736B57: _wcslen.LIBCMT ref: 00736B6A
                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 007C6E5F
                                                  • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 007C6E81
                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 007C6E94
                                                  • DestroyWindow.USER32(?), ref: 007C6EB5
                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00730000,00000000), ref: 007C6EE4
                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 007C6EFD
                                                  • GetDesktopWindow.USER32 ref: 007C6F16
                                                  • GetWindowRect.USER32(00000000), ref: 007C6F1D
                                                  • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 007C6F35
                                                  • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 007C6F4D
                                                    • Part of subcall function 00749944: GetWindowLongW.USER32(?,000000EB), ref: 00749952
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                  • String ID: 0$tooltips_class32
                                                  • API String ID: 2429346358-3619404913
                                                  • Opcode ID: 7e022e9ca31a47271f9eea59426a5ae8d032685f2e4461faaebd8c3845e63bec
                                                  • Instruction ID: 81ae29dd39aab99dd22eae6bd752de940e13ac0e26fa690c15a9744e65f1fcdf
                                                  • Opcode Fuzzy Hash: 7e022e9ca31a47271f9eea59426a5ae8d032685f2e4461faaebd8c3845e63bec
                                                  • Instruction Fuzzy Hash: 2E7167B4104244AFEB21CF18DC88FAABBE9FF89304F54441EF98997261C778E906DB15
                                                  Function 007C911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00749BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00749BB2
                                                  • DragQueryPoint.SHELL32(?,?), ref: 007C9147
                                                    • Part of subcall function 007C7674: ClientToScreen.USER32(?,?), ref: 007C769A
                                                    • Part of subcall function 007C7674: GetWindowRect.USER32(?,?), ref: 007C7710
                                                    • Part of subcall function 007C7674: PtInRect.USER32(?,?,007C8B89), ref: 007C7720
                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 007C91B0
                                                  • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 007C91BB
                                                  • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 007C91DE
                                                  • SendMessageW.USER32(?,000000C2,00000001,?), ref: 007C9225
                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 007C923E
                                                  • SendMessageW.USER32(?,000000B1,?,?), ref: 007C9255
                                                  • SendMessageW.USER32(?,000000B1,?,?), ref: 007C9277
                                                  • DragFinish.SHELL32(?), ref: 007C927E
                                                  • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 007C9371
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                  • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                  • API String ID: 221274066-3440237614
                                                  • Opcode ID: fcad6182d0d8406d57545b186c58f3355cb303838114189764fc1034a1c40c8f
                                                  • Instruction ID: b226f5c77a882f3bc709520c1c7cd8f9f6e811c2d990f088284f3f9ab52cb1d5
                                                  • Opcode Fuzzy Hash: fcad6182d0d8406d57545b186c58f3355cb303838114189764fc1034a1c40c8f
                                                  • Instruction Fuzzy Hash: 7C617C71108301AFD705DF64DC89EAFBBE8FF88750F00491EF695922A1DB749A49CB62
                                                  Function 007AC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 007AC4B0
                                                  • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 007AC4C3
                                                  • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 007AC4D7
                                                  • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 007AC4F0
                                                  • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 007AC533
                                                  • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 007AC549
                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 007AC554
                                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 007AC584
                                                  • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 007AC5DC
                                                  • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 007AC5F0
                                                  • InternetCloseHandle.WININET(00000000), ref: 007AC5FB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                  • String ID:
                                                  • API String ID: 3800310941-3916222277
                                                  • Opcode ID: e0b7a5e1c361723781edecd08cb1a065117dca990c686cd7a1bd2fce256b70b6
                                                  • Instruction ID: 05fa6ef16e6d21ae1866e3fee8530df9e80abd0390750a3f1b6494381cdc1069
                                                  • Opcode Fuzzy Hash: e0b7a5e1c361723781edecd08cb1a065117dca990c686cd7a1bd2fce256b70b6
                                                  • Instruction Fuzzy Hash: 6D516DB1500204BFDB228F60C948EAB7BFCFF49744F10851DF94996610DB38E954DB64
                                                  Function 007C856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 007C8592
                                                  • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007C85A2
                                                  • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007C85AD
                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007C85BA
                                                  • GlobalLock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007C85C8
                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007C85D7
                                                  • GlobalUnlock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007C85E0
                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007C85E7
                                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007C85F8
                                                  • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,007CFC38,?), ref: 007C8611
                                                  • GlobalFree.KERNEL32(00000000), ref: 007C8621
                                                  • GetObjectW.GDI32(?,00000018,?), ref: 007C8641
                                                  • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 007C8671
                                                  • DeleteObject.GDI32(?), ref: 007C8699
                                                  • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 007C86AF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                  • String ID:
                                                  • API String ID: 3840717409-0
                                                  • Opcode ID: 3d2a8618b4da9ce7809652806ead1023cfb8864114b389fc1afe961cffa763ef
                                                  • Instruction ID: 0424da6b3b174cd62a0149f85c58bbd788be24428b92da4c732eaa185f6f9a54
                                                  • Opcode Fuzzy Hash: 3d2a8618b4da9ce7809652806ead1023cfb8864114b389fc1afe961cffa763ef
                                                  • Instruction Fuzzy Hash: BC411A75600208AFDB129FA5DC48EAA7BB8FF89711F14805CF909E7260DB789D01CB65
                                                  Function 007A14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VariantInit.OLEAUT32(00000000), ref: 007A1502
                                                  • VariantCopy.OLEAUT32(?,?), ref: 007A150B
                                                  • VariantClear.OLEAUT32(?), ref: 007A1517
                                                  • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 007A15FB
                                                  • VarR8FromDec.OLEAUT32(?,?), ref: 007A1657
                                                  • VariantInit.OLEAUT32(?), ref: 007A1708
                                                  • SysFreeString.OLEAUT32(?), ref: 007A178C
                                                  • VariantClear.OLEAUT32(?), ref: 007A17D8
                                                  • VariantClear.OLEAUT32(?), ref: 007A17E7
                                                  • VariantInit.OLEAUT32(00000000), ref: 007A1823
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                  • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                  • API String ID: 1234038744-3931177956
                                                  • Opcode ID: 4d73a8d6d709807c7b9eb426dc1a087955d3e7f275de4f67e3ffb5b2ee6da7de
                                                  • Instruction ID: 94a1b57af7520447761cda66723d8b2cc4a7d47ed38e57e0cf42055e80f5a679
                                                  • Opcode Fuzzy Hash: 4d73a8d6d709807c7b9eb426dc1a087955d3e7f275de4f67e3ffb5b2ee6da7de
                                                  • Instruction Fuzzy Hash: D0D12171E00505EBEB049FA4D899B7DB7B1BF86700F94825AF446AB181DB3CED20DB61
                                                  Function 007BB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                    • Part of subcall function 007BC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007BB6AE,?,?), ref: 007BC9B5
                                                    • Part of subcall function 007BC998: _wcslen.LIBCMT ref: 007BC9F1
                                                    • Part of subcall function 007BC998: _wcslen.LIBCMT ref: 007BCA68
                                                    • Part of subcall function 007BC998: _wcslen.LIBCMT ref: 007BCA9E
                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007BB6F4
                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 007BB772
                                                  • RegDeleteValueW.ADVAPI32(?,?), ref: 007BB80A
                                                  • RegCloseKey.ADVAPI32(?), ref: 007BB87E
                                                  • RegCloseKey.ADVAPI32(?), ref: 007BB89C
                                                  • LoadLibraryA.KERNEL32(advapi32.dll), ref: 007BB8F2
                                                  • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 007BB904
                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 007BB922
                                                  • FreeLibrary.KERNEL32(00000000), ref: 007BB983
                                                  • RegCloseKey.ADVAPI32(00000000), ref: 007BB994
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                  • String ID: RegDeleteKeyExW$advapi32.dll
                                                  • API String ID: 146587525-4033151799
                                                  • Opcode ID: bc1dde6a0498ab27f57213d271764977464a9fb1bde49a18389276a49122b397
                                                  • Instruction ID: 07b410058ae99eacd8238b9ad3bfa66cc080f9aca0d954781d8873c6606c63eb
                                                  • Opcode Fuzzy Hash: bc1dde6a0498ab27f57213d271764977464a9fb1bde49a18389276a49122b397
                                                  • Instruction Fuzzy Hash: 4FC18D35208201EFD714DF14C499F6ABBE5FF84318F14845CE99A4B2A2CBB9EC45CB91
                                                  Function 007B255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDC.USER32(00000000), ref: 007B25D8
                                                  • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 007B25E8
                                                  • CreateCompatibleDC.GDI32(?), ref: 007B25F4
                                                  • SelectObject.GDI32(00000000,?), ref: 007B2601
                                                  • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 007B266D
                                                  • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 007B26AC
                                                  • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 007B26D0
                                                  • SelectObject.GDI32(?,?), ref: 007B26D8
                                                  • DeleteObject.GDI32(?), ref: 007B26E1
                                                  • DeleteDC.GDI32(?), ref: 007B26E8
                                                  • ReleaseDC.USER32(00000000,?), ref: 007B26F3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                  • String ID: (
                                                  • API String ID: 2598888154-3887548279
                                                  • Opcode ID: 43c905e2c75d96a79226ab427648266479fd92bc1fd54be7955a13a2463ea746
                                                  • Instruction ID: aaaf5dba9835d55265c9563b5ce028545a5fee9c889c512deed68a9514882ab9
                                                  • Opcode Fuzzy Hash: 43c905e2c75d96a79226ab427648266479fd92bc1fd54be7955a13a2463ea746
                                                  • Instruction Fuzzy Hash: C96102B5D00219EFCF05CFA8C888EAEBBB5FF48310F248529E959A7250E734A941CF54
                                                  Function 0076DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • ___free_lconv_mon.LIBCMT ref: 0076DAA1
                                                    • Part of subcall function 0076D63C: _free.LIBCMT ref: 0076D659
                                                    • Part of subcall function 0076D63C: _free.LIBCMT ref: 0076D66B
                                                    • Part of subcall function 0076D63C: _free.LIBCMT ref: 0076D67D
                                                    • Part of subcall function 0076D63C: _free.LIBCMT ref: 0076D68F
                                                    • Part of subcall function 0076D63C: _free.LIBCMT ref: 0076D6A1
                                                    • Part of subcall function 0076D63C: _free.LIBCMT ref: 0076D6B3
                                                    • Part of subcall function 0076D63C: _free.LIBCMT ref: 0076D6C5
                                                    • Part of subcall function 0076D63C: _free.LIBCMT ref: 0076D6D7
                                                    • Part of subcall function 0076D63C: _free.LIBCMT ref: 0076D6E9
                                                    • Part of subcall function 0076D63C: _free.LIBCMT ref: 0076D6FB
                                                    • Part of subcall function 0076D63C: _free.LIBCMT ref: 0076D70D
                                                    • Part of subcall function 0076D63C: _free.LIBCMT ref: 0076D71F
                                                    • Part of subcall function 0076D63C: _free.LIBCMT ref: 0076D731
                                                  • _free.LIBCMT ref: 0076DA96
                                                    • Part of subcall function 007629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0076D7D1,00000000,00000000,00000000,00000000,?,0076D7F8,00000000,00000007,00000000,?,0076DBF5,00000000), ref: 007629DE
                                                    • Part of subcall function 007629C8: GetLastError.KERNEL32(00000000,?,0076D7D1,00000000,00000000,00000000,00000000,?,0076D7F8,00000000,00000007,00000000,?,0076DBF5,00000000,00000000), ref: 007629F0
                                                  • _free.LIBCMT ref: 0076DAB8
                                                  • _free.LIBCMT ref: 0076DACD
                                                  • _free.LIBCMT ref: 0076DAD8
                                                  • _free.LIBCMT ref: 0076DAFA
                                                  • _free.LIBCMT ref: 0076DB0D
                                                  • _free.LIBCMT ref: 0076DB1B
                                                  • _free.LIBCMT ref: 0076DB26
                                                  • _free.LIBCMT ref: 0076DB5E
                                                  • _free.LIBCMT ref: 0076DB65
                                                  • _free.LIBCMT ref: 0076DB82
                                                  • _free.LIBCMT ref: 0076DB9A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                  • String ID:
                                                  • API String ID: 161543041-0
                                                  • Opcode ID: 418e756c597c9e9618e658e7bc9428ebb01972b251289780e4752343f5558b50
                                                  • Instruction ID: c13264bfcf39a3a9d056ecac252137473e821dcde77fa00a07fbac8fdfd19c4c
                                                  • Opcode Fuzzy Hash: 418e756c597c9e9618e658e7bc9428ebb01972b251289780e4752343f5558b50
                                                  • Instruction Fuzzy Hash: 00317C71B04704DFEB35AA78E849B5A77E9FF40350F154429E84AE72A2DA38BC408F20
                                                  Function 0079365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetClassNameW.USER32(?,?,00000100), ref: 0079369C
                                                  • _wcslen.LIBCMT ref: 007936A7
                                                  • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00793797
                                                  • GetClassNameW.USER32(?,?,00000400), ref: 0079380C
                                                  • GetDlgCtrlID.USER32(?), ref: 0079385D
                                                  • GetWindowRect.USER32(?,?), ref: 00793882
                                                  • GetParent.USER32(?), ref: 007938A0
                                                  • ScreenToClient.USER32(00000000), ref: 007938A7
                                                  • GetClassNameW.USER32(?,?,00000100), ref: 00793921
                                                  • GetWindowTextW.USER32(?,?,00000400), ref: 0079395D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                  • String ID: %s%u
                                                  • API String ID: 4010501982-679674701
                                                  • Opcode ID: decce0707330b898312c369b482e2819862f0cfdbc5db5bd92b8c08a5bf8e51d
                                                  • Instruction ID: 42c08d373c8c50ed7358835eb26386527a7485938c20649992058102752958f5
                                                  • Opcode Fuzzy Hash: decce0707330b898312c369b482e2819862f0cfdbc5db5bd92b8c08a5bf8e51d
                                                  • Instruction Fuzzy Hash: F591E371204606EFDB19DF64D885FEAF7A8FF44314F008629F999D2190DB38EA45CBA1
                                                  Function 00794954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetClassNameW.USER32(?,?,00000400), ref: 00794994
                                                  • GetWindowTextW.USER32(?,?,00000400), ref: 007949DA
                                                  • _wcslen.LIBCMT ref: 007949EB
                                                  • CharUpperBuffW.USER32(?,00000000), ref: 007949F7
                                                  • _wcsstr.LIBVCRUNTIME ref: 00794A2C
                                                  • GetClassNameW.USER32(00000018,?,00000400), ref: 00794A64
                                                  • GetWindowTextW.USER32(?,?,00000400), ref: 00794A9D
                                                  • GetClassNameW.USER32(00000018,?,00000400), ref: 00794AE6
                                                  • GetClassNameW.USER32(?,?,00000400), ref: 00794B20
                                                  • GetWindowRect.USER32(?,?), ref: 00794B8B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                  • String ID: ThumbnailClass
                                                  • API String ID: 1311036022-1241985126
                                                  • Opcode ID: 713850d6ae5f9c67646846a1fa39271be719da309a6d804fb123a064be6fd50f
                                                  • Instruction ID: ba0d8e19e51fd9bae3d9e85485d55d72e96e7743da158a059094edbfffbab3ae
                                                  • Opcode Fuzzy Hash: 713850d6ae5f9c67646846a1fa39271be719da309a6d804fb123a064be6fd50f
                                                  • Instruction Fuzzy Hash: A491BEB21042099FDF05CF14E985FAA77E8FF84314F048469FD899A196DB38ED46CBA1
                                                  Function 007C8D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00749BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00749BB2
                                                  • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 007C8D5A
                                                  • GetFocus.USER32 ref: 007C8D6A
                                                  • GetDlgCtrlID.USER32(00000000), ref: 007C8D75
                                                  • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 007C8E1D
                                                  • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 007C8ECF
                                                  • GetMenuItemCount.USER32(?), ref: 007C8EEC
                                                  • GetMenuItemID.USER32(?,00000000), ref: 007C8EFC
                                                  • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 007C8F2E
                                                  • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 007C8F70
                                                  • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 007C8FA1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                  • String ID: 0
                                                  • API String ID: 1026556194-4108050209
                                                  • Opcode ID: a50e1f47f9397104247c3cc29095ab3b50cd82d823293b82a81d0dfc70ec00f0
                                                  • Instruction ID: 966c6dfc001165b417d40c5591da4e2e68a69b79cfca0e67e44dd02bfcf02526
                                                  • Opcode Fuzzy Hash: a50e1f47f9397104247c3cc29095ab3b50cd82d823293b82a81d0dfc70ec00f0
                                                  • Instruction Fuzzy Hash: 0481B071508301AFDB51CF24D888FABBBE9FB88314F14095DF99997291DB78D901CBA2
                                                  Function 0079BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetMenuItemInfoW.USER32(00801990,000000FF,00000000,00000030), ref: 0079BFAC
                                                  • SetMenuItemInfoW.USER32(00801990,00000004,00000000,00000030), ref: 0079BFE1
                                                  • Sleep.KERNEL32(000001F4), ref: 0079BFF3
                                                  • GetMenuItemCount.USER32(?), ref: 0079C039
                                                  • GetMenuItemID.USER32(?,00000000), ref: 0079C056
                                                  • GetMenuItemID.USER32(?,-00000001), ref: 0079C082
                                                  • GetMenuItemID.USER32(?,?), ref: 0079C0C9
                                                  • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0079C10F
                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0079C124
                                                  • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0079C145
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                  • String ID: 0
                                                  • API String ID: 1460738036-4108050209
                                                  • Opcode ID: 84126e45f75933227e66296eda0373a6da044dce0a14bfeea94de8621055c274
                                                  • Instruction ID: 4145834c54887a910c6c43c3f0d80226b87b3d24f36cf62c924c425d96cb4bdf
                                                  • Opcode Fuzzy Hash: 84126e45f75933227e66296eda0373a6da044dce0a14bfeea94de8621055c274
                                                  • Instruction Fuzzy Hash: A96191B090024AEFDF12CF68ED88EEE7BB9FB05344F104159E915A3291D739AD15CB60
                                                  Function 0079DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0079DC20
                                                  • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0079DC46
                                                  • _wcslen.LIBCMT ref: 0079DC50
                                                  • _wcsstr.LIBVCRUNTIME ref: 0079DCA0
                                                  • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0079DCBC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                  • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                  • API String ID: 1939486746-1459072770
                                                  • Opcode ID: b8506797330482c7a1dac7ad1e083803cdea1d3f30dd2f634faa624b525769ec
                                                  • Instruction ID: ed487f14ffe77dcdee2eaa7b6644fe68759b15437931b53a6496e5b264fb52f3
                                                  • Opcode Fuzzy Hash: b8506797330482c7a1dac7ad1e083803cdea1d3f30dd2f634faa624b525769ec
                                                  • Instruction Fuzzy Hash: F14128B2A40215FADB15AB749C0BEFF776CEF41751F10006EFA04A6182EBBC9D0587A4
                                                  Function 007BCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 007BCC64
                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 007BCC8D
                                                  • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 007BCD48
                                                    • Part of subcall function 007BCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 007BCCAA
                                                    • Part of subcall function 007BCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 007BCCBD
                                                    • Part of subcall function 007BCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 007BCCCF
                                                    • Part of subcall function 007BCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 007BCD05
                                                    • Part of subcall function 007BCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 007BCD28
                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 007BCCF3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                  • String ID: RegDeleteKeyExW$advapi32.dll
                                                  • API String ID: 2734957052-4033151799
                                                  • Opcode ID: c6825d31494934241fb85558a1f89e1eb933b3939e4042e34542bff70024f86c
                                                  • Instruction ID: c79d5c4f42150e724ebf007e78d38c2bb610bce627df5941d4267cfa0f506508
                                                  • Opcode Fuzzy Hash: c6825d31494934241fb85558a1f89e1eb933b3939e4042e34542bff70024f86c
                                                  • Instruction Fuzzy Hash: 473180B5A01129BBD7228B51DC88EFFBB7CEF55750F008169E909E6240D6389A45DAB0
                                                  Function 007A3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 007A3D40
                                                  • _wcslen.LIBCMT ref: 007A3D6D
                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 007A3D9D
                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 007A3DBE
                                                  • RemoveDirectoryW.KERNEL32(?), ref: 007A3DCE
                                                  • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 007A3E55
                                                  • CloseHandle.KERNEL32(00000000), ref: 007A3E60
                                                  • CloseHandle.KERNEL32(00000000), ref: 007A3E6B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                  • String ID: :$\$\??\%s
                                                  • API String ID: 1149970189-3457252023
                                                  • Opcode ID: 02385c054568213d20a4f592415fffff0355112faddd783416a0b6e9c4a0369d
                                                  • Instruction ID: 5b379b1eeb68194576dee132884d6e0fb108bc40f72589de047eee6f1637c425
                                                  • Opcode Fuzzy Hash: 02385c054568213d20a4f592415fffff0355112faddd783416a0b6e9c4a0369d
                                                  • Instruction Fuzzy Hash: B43181B2A00249ABDB219FA0DC49FEB37BCFF89740F1041A9F909D6160E77897448B64
                                                  Function 0079E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • timeGetTime.WINMM ref: 0079E6B4
                                                    • Part of subcall function 0074E551: timeGetTime.WINMM(?,?,0079E6D4), ref: 0074E555
                                                  • Sleep.KERNEL32(0000000A), ref: 0079E6E1
                                                  • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0079E705
                                                  • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0079E727
                                                  • SetActiveWindow.USER32 ref: 0079E746
                                                  • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0079E754
                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 0079E773
                                                  • Sleep.KERNEL32(000000FA), ref: 0079E77E
                                                  • IsWindow.USER32 ref: 0079E78A
                                                  • EndDialog.USER32(00000000), ref: 0079E79B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                  • String ID: BUTTON
                                                  • API String ID: 1194449130-3405671355
                                                  • Opcode ID: c9f04244b44a55a277b31f89aa48182d673b607a97c2dabaf2a7a6267a476f71
                                                  • Instruction ID: 8c9a4f8420fd96593e8861f23a8a0d7aee148df6d2067e2ebefc65d8f0ca3dba
                                                  • Opcode Fuzzy Hash: c9f04244b44a55a277b31f89aa48182d673b607a97c2dabaf2a7a6267a476f71
                                                  • Instruction Fuzzy Hash: 8C2193B0200205AFEF01DFA0FC8DE253B69F764758F148428F519912A1DBBEAC50CB29
                                                  Function 0079E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                  • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0079EA5D
                                                  • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0079EA73
                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0079EA84
                                                  • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0079EA96
                                                  • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0079EAA7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: SendString$_wcslen
                                                  • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                  • API String ID: 2420728520-1007645807
                                                  • Opcode ID: 596405f2423ffe194de2d462104def63ee1a1ac390319a32ccc6a126552a6fec
                                                  • Instruction ID: 6387caa5219c8490a1b9ac51316c7c27089ab5a18356fa0231c21a6d6c700f3e
                                                  • Opcode Fuzzy Hash: 596405f2423ffe194de2d462104def63ee1a1ac390319a32ccc6a126552a6fec
                                                  • Instruction Fuzzy Hash: 46117371A9021DB9EB20E7A1DC4AEFF6A7CEBD1B00F404429B511A21D1EEB86D05C6B0
                                                  Function 00799F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetKeyboardState.USER32(?), ref: 0079A012
                                                  • SetKeyboardState.USER32(?), ref: 0079A07D
                                                  • GetAsyncKeyState.USER32(000000A0), ref: 0079A09D
                                                  • GetKeyState.USER32(000000A0), ref: 0079A0B4
                                                  • GetAsyncKeyState.USER32(000000A1), ref: 0079A0E3
                                                  • GetKeyState.USER32(000000A1), ref: 0079A0F4
                                                  • GetAsyncKeyState.USER32(00000011), ref: 0079A120
                                                  • GetKeyState.USER32(00000011), ref: 0079A12E
                                                  • GetAsyncKeyState.USER32(00000012), ref: 0079A157
                                                  • GetKeyState.USER32(00000012), ref: 0079A165
                                                  • GetAsyncKeyState.USER32(0000005B), ref: 0079A18E
                                                  • GetKeyState.USER32(0000005B), ref: 0079A19C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: State$Async$Keyboard
                                                  • String ID:
                                                  • API String ID: 541375521-0
                                                  • Opcode ID: 7c60de9b26324910c1d9735db3bcda9cf89113d266fa342a29cf321f0a57d825
                                                  • Instruction ID: 3491e2a7d656b987203e88987e60f79cba0afddc65570bd98b7494a51690fcfd
                                                  • Opcode Fuzzy Hash: 7c60de9b26324910c1d9735db3bcda9cf89113d266fa342a29cf321f0a57d825
                                                  • Instruction Fuzzy Hash: E6510B2094538839FF35DB64A815BEAFFB59F02380F08859DD5C2571C2EA5C9A4CC7A2
                                                  Function 00795CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDlgItem.USER32(?,00000001), ref: 00795CE2
                                                  • GetWindowRect.USER32(00000000,?), ref: 00795CFB
                                                  • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00795D59
                                                  • GetDlgItem.USER32(?,00000002), ref: 00795D69
                                                  • GetWindowRect.USER32(00000000,?), ref: 00795D7B
                                                  • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00795DCF
                                                  • GetDlgItem.USER32(?,000003E9), ref: 00795DDD
                                                  • GetWindowRect.USER32(00000000,?), ref: 00795DEF
                                                  • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00795E31
                                                  • GetDlgItem.USER32(?,000003EA), ref: 00795E44
                                                  • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00795E5A
                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00795E67
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$ItemMoveRect$Invalidate
                                                  • String ID:
                                                  • API String ID: 3096461208-0
                                                  • Opcode ID: 7fa79abfb30250a74892b73bd6e30d69cc683afd82c71bce63ec645e5e032e88
                                                  • Instruction ID: bf72422d104103c299fc6260853329c58d8023a8512c8542ac5cb6a600459daa
                                                  • Opcode Fuzzy Hash: 7fa79abfb30250a74892b73bd6e30d69cc683afd82c71bce63ec645e5e032e88
                                                  • Instruction Fuzzy Hash: 8A51FDB1B00615AFDF19CF68DD89EAEBBB5FB48300F148229F519E6290D7749E04CB50
                                                  Function 00748BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00748F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00748BE8,?,00000000,?,?,?,?,00748BBA,00000000,?), ref: 00748FC5
                                                  • DestroyWindow.USER32(?), ref: 00748C81
                                                  • KillTimer.USER32(00000000,?,?,?,?,00748BBA,00000000,?), ref: 00748D1B
                                                  • DestroyAcceleratorTable.USER32(00000000), ref: 00786973
                                                  • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00748BBA,00000000,?), ref: 007869A1
                                                  • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00748BBA,00000000,?), ref: 007869B8
                                                  • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00748BBA,00000000), ref: 007869D4
                                                  • DeleteObject.GDI32(00000000), ref: 007869E6
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                  • String ID:
                                                  • API String ID: 641708696-0
                                                  • Opcode ID: a73076c3136fe9c292174acb4695a4ba9f1f74ddf6a7a748430156fe6cc392cd
                                                  • Instruction ID: c2277f8da7d63b5d32e72ff0e8cd37e936a0c8a155835819c696b1221d9602f2
                                                  • Opcode Fuzzy Hash: a73076c3136fe9c292174acb4695a4ba9f1f74ddf6a7a748430156fe6cc392cd
                                                  • Instruction Fuzzy Hash: B7618031502614DFCB66DF14D98CB29BBF1FB40322F54855CE0469B6A0CB79AD90CF66
                                                  Function 00749838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00749944: GetWindowLongW.USER32(?,000000EB), ref: 00749952
                                                  • GetSysColor.USER32(0000000F), ref: 00749862
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ColorLongWindow
                                                  • String ID:
                                                  • API String ID: 259745315-0
                                                  • Opcode ID: 56b1a66c43f972a9be92b2f290f8322e9a1ecfd9510c0d652dc7fb2e624c719f
                                                  • Instruction ID: 90a626e9fec581bc56a6ffda73f6878de5d06c8e5edd39974d1f2d9d7ac5b3d3
                                                  • Opcode Fuzzy Hash: 56b1a66c43f972a9be92b2f290f8322e9a1ecfd9510c0d652dc7fb2e624c719f
                                                  • Instruction Fuzzy Hash: C24194311446449FDB219F3D9C88FBA3B69AB46331F284619FAA68B1E1D739DC42DB10
                                                  Function 00768D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .u
                                                  • API String ID: 0-2311707517
                                                  • Opcode ID: 50f392450137344d69f84999291142032dd66dd91e841b067e6b8134264e59e6
                                                  • Instruction ID: 44ac48d67144164a810a3f44a7713da06de9735124664d592cd14061183186a9
                                                  • Opcode Fuzzy Hash: 50f392450137344d69f84999291142032dd66dd91e841b067e6b8134264e59e6
                                                  • Instruction Fuzzy Hash: BEC1D374A0424AEFCF51DFA8D845BEDBBB4BF09310F044159ED16A7392CB789941CB61
                                                  Function 007996E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0077F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00799717
                                                  • LoadStringW.USER32(00000000,?,0077F7F8,00000001), ref: 00799720
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                  • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0077F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00799742
                                                  • LoadStringW.USER32(00000000,?,0077F7F8,00000001), ref: 00799745
                                                  • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00799866
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: HandleLoadModuleString$Message_wcslen
                                                  • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                  • API String ID: 747408836-2268648507
                                                  • Opcode ID: 634d81566463116237f3f634a8f7b9d3554783c5fc8adb569157000e0c499e15
                                                  • Instruction ID: aeb44b949173cc9385032c148c41cdf3ab75c135c2859ebafdcd79e838c386c8
                                                  • Opcode Fuzzy Hash: 634d81566463116237f3f634a8f7b9d3554783c5fc8adb569157000e0c499e15
                                                  • Instruction Fuzzy Hash: 88414FB2800209EAEF14FBE4DD4ADEEB778AF55340F504029F60572192EB796F48CB61
                                                  Function 007906DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00736B57: _wcslen.LIBCMT ref: 00736B6A
                                                  • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 007907A2
                                                  • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 007907BE
                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 007907DA
                                                  • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00790804
                                                  • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0079082C
                                                  • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00790837
                                                  • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0079083C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                  • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                  • API String ID: 323675364-22481851
                                                  • Opcode ID: 63d351c44af6b1d6374eea8ad7820d04b65d8f5c73a2a88cc57a866807855486
                                                  • Instruction ID: d7329d8bb2a5cee48efe4852e4d527129ff9dd8466bc17af3014c74740cdabcf
                                                  • Opcode Fuzzy Hash: 63d351c44af6b1d6374eea8ad7820d04b65d8f5c73a2a88cc57a866807855486
                                                  • Instruction Fuzzy Hash: 0E4119B2C10229EFDF15EBA4DC89CEDB778BF44350F148129E945A3161EB786E44CB90
                                                  Function 007C3F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 007C403B
                                                  • CreateCompatibleDC.GDI32(00000000), ref: 007C4042
                                                  • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 007C4055
                                                  • SelectObject.GDI32(00000000,00000000), ref: 007C405D
                                                  • GetPixel.GDI32(00000000,00000000,00000000), ref: 007C4068
                                                  • DeleteDC.GDI32(00000000), ref: 007C4072
                                                  • GetWindowLongW.USER32(?,000000EC), ref: 007C407C
                                                  • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 007C4092
                                                  • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 007C409E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                  • String ID: static
                                                  • API String ID: 2559357485-2160076837
                                                  • Opcode ID: f75a6e38c536b8e8eb968fd8f0c1978207895ee3e18a7362d0a7ee9a1de2f930
                                                  • Instruction ID: 0b1ac278b3476f13a5a5f48ae29de8a38941221767a151c70325ec77f5333f4a
                                                  • Opcode Fuzzy Hash: f75a6e38c536b8e8eb968fd8f0c1978207895ee3e18a7362d0a7ee9a1de2f930
                                                  • Instruction Fuzzy Hash: A8318C32540219AFDF229FA4DC49FDA3BA8FF0D320F10421CFA18A61A0D779D861DB64
                                                  Function 007B3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VariantInit.OLEAUT32(?), ref: 007B3C5C
                                                  • CoInitialize.OLE32(00000000), ref: 007B3C8A
                                                  • CoUninitialize.OLE32 ref: 007B3C94
                                                  • _wcslen.LIBCMT ref: 007B3D2D
                                                  • GetRunningObjectTable.OLE32(00000000,?), ref: 007B3DB1
                                                  • SetErrorMode.KERNEL32(00000001,00000029), ref: 007B3ED5
                                                  • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 007B3F0E
                                                  • CoGetObject.OLE32(?,00000000,007CFB98,?), ref: 007B3F2D
                                                  • SetErrorMode.KERNEL32(00000000), ref: 007B3F40
                                                  • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 007B3FC4
                                                  • VariantClear.OLEAUT32(?), ref: 007B3FD8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                  • String ID:
                                                  • API String ID: 429561992-0
                                                  • Opcode ID: 878a8306f0788f2a0b45d8a9c63c583380f69105929c79e435e939c0302bcff6
                                                  • Instruction ID: 4cb576fd9b53302f8131b94aa0ebb8fce27cc9153a2f774bcf2ba24a9e87ab85
                                                  • Opcode Fuzzy Hash: 878a8306f0788f2a0b45d8a9c63c583380f69105929c79e435e939c0302bcff6
                                                  • Instruction Fuzzy Hash: ACC154B1608205EFD700DF68C884A6BBBE9FF89744F04491DF98A9B251DB34EE45CB52
                                                  Function 007A7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CoInitialize.OLE32(00000000), ref: 007A7AF3
                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 007A7B8F
                                                  • SHGetDesktopFolder.SHELL32(?), ref: 007A7BA3
                                                  • CoCreateInstance.OLE32(007CFD08,00000000,00000001,007F6E6C,?), ref: 007A7BEF
                                                  • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 007A7C74
                                                  • CoTaskMemFree.OLE32(?,?), ref: 007A7CCC
                                                  • SHBrowseForFolderW.SHELL32(?), ref: 007A7D57
                                                  • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 007A7D7A
                                                  • CoTaskMemFree.OLE32(00000000), ref: 007A7D81
                                                  • CoTaskMemFree.OLE32(00000000), ref: 007A7DD6
                                                  • CoUninitialize.OLE32 ref: 007A7DDC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                  • String ID:
                                                  • API String ID: 2762341140-0
                                                  • Opcode ID: 4ced55cc0f06fb2ca5c0174492fe2a509eca97b875ee65d362ec52d7bae50547
                                                  • Instruction ID: 47f2046fd59827b0bfdc0f6b425f55d9478b8117ea94ecc212017cc6679e017a
                                                  • Opcode Fuzzy Hash: 4ced55cc0f06fb2ca5c0174492fe2a509eca97b875ee65d362ec52d7bae50547
                                                  • Instruction Fuzzy Hash: 68C13C75A04109EFDB14DF64C888DAEBBF9FF49314F148198E91A9B262D734EE41CB90
                                                  Function 007C541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 007C5504
                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 007C5515
                                                  • CharNextW.USER32(00000158), ref: 007C5544
                                                  • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 007C5585
                                                  • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 007C559B
                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 007C55AC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$CharNext
                                                  • String ID:
                                                  • API String ID: 1350042424-0
                                                  • Opcode ID: d7d26fd6457abe3b8d8e12156f414f3df16235131c49cc5ec1942043cf77f148
                                                  • Instruction ID: 7219a44bc5b3d53cb7fe09a41877e43b0057a99116d3137337d1f817c1298d37
                                                  • Opcode Fuzzy Hash: d7d26fd6457abe3b8d8e12156f414f3df16235131c49cc5ec1942043cf77f148
                                                  • Instruction Fuzzy Hash: 0B618E71900608EFDF119F54CC84EFE7BB9EB09720F10818DF925A6291D77AAAC0DB60
                                                  Function 0078FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0078FAAF
                                                  • SafeArrayAllocData.OLEAUT32(?), ref: 0078FB08
                                                  • VariantInit.OLEAUT32(?), ref: 0078FB1A
                                                  • SafeArrayAccessData.OLEAUT32(?,?), ref: 0078FB3A
                                                  • VariantCopy.OLEAUT32(?,?), ref: 0078FB8D
                                                  • SafeArrayUnaccessData.OLEAUT32(?), ref: 0078FBA1
                                                  • VariantClear.OLEAUT32(?), ref: 0078FBB6
                                                  • SafeArrayDestroyData.OLEAUT32(?), ref: 0078FBC3
                                                  • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0078FBCC
                                                  • VariantClear.OLEAUT32(?), ref: 0078FBDE
                                                  • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0078FBE9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                  • String ID:
                                                  • API String ID: 2706829360-0
                                                  • Opcode ID: e4aec8a09db0a0e8fb0cc8b41eb825a4ed678ac61306b5e3bcaa913e8a17c8d3
                                                  • Instruction ID: fd0dd76ff716d54480fa2c5b375d916e1cc99f4281928dc7d56482cf873a5cb3
                                                  • Opcode Fuzzy Hash: e4aec8a09db0a0e8fb0cc8b41eb825a4ed678ac61306b5e3bcaa913e8a17c8d3
                                                  • Instruction Fuzzy Hash: 52415375A00219DFDB05EF64C858DADBFB9FF48354F00C069E945A7261D738AA45CFA0
                                                  Function 00799C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetKeyboardState.USER32(?), ref: 00799CA1
                                                  • GetAsyncKeyState.USER32(000000A0), ref: 00799D22
                                                  • GetKeyState.USER32(000000A0), ref: 00799D3D
                                                  • GetAsyncKeyState.USER32(000000A1), ref: 00799D57
                                                  • GetKeyState.USER32(000000A1), ref: 00799D6C
                                                  • GetAsyncKeyState.USER32(00000011), ref: 00799D84
                                                  • GetKeyState.USER32(00000011), ref: 00799D96
                                                  • GetAsyncKeyState.USER32(00000012), ref: 00799DAE
                                                  • GetKeyState.USER32(00000012), ref: 00799DC0
                                                  • GetAsyncKeyState.USER32(0000005B), ref: 00799DD8
                                                  • GetKeyState.USER32(0000005B), ref: 00799DEA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: State$Async$Keyboard
                                                  • String ID:
                                                  • API String ID: 541375521-0
                                                  • Opcode ID: f0f3c0df78e31e8a60889ce5c00a9bef796244c4b83aabed6121e759ab838be0
                                                  • Instruction ID: 1ee1d5ed79590a7b08e65ad82f792a229659bc1fe5761ed6d42b935c931d80af
                                                  • Opcode Fuzzy Hash: f0f3c0df78e31e8a60889ce5c00a9bef796244c4b83aabed6121e759ab838be0
                                                  • Instruction Fuzzy Hash: CE41D6346047C969FF318678A8447B5BEA06F12344F08805EDBC6566C2EBAD99C8C7A2
                                                  Function 007B055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WSAStartup.WSOCK32(00000101,?), ref: 007B05BC
                                                  • inet_addr.WSOCK32(?), ref: 007B061C
                                                  • gethostbyname.WSOCK32(?), ref: 007B0628
                                                  • IcmpCreateFile.IPHLPAPI ref: 007B0636
                                                  • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 007B06C6
                                                  • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 007B06E5
                                                  • IcmpCloseHandle.IPHLPAPI(?), ref: 007B07B9
                                                  • WSACleanup.WSOCK32 ref: 007B07BF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                  • String ID: Ping
                                                  • API String ID: 1028309954-2246546115
                                                  • Opcode ID: 57f00080e0438c81d4623151171208988eb6b8083874424e8cca11ed49c0c812
                                                  • Instruction ID: e7def2166d0b161b336b06bba9b4ceaba1ed2ef0aded1cc62d74224112dc1b5d
                                                  • Opcode Fuzzy Hash: 57f00080e0438c81d4623151171208988eb6b8083874424e8cca11ed49c0c812
                                                  • Instruction Fuzzy Hash: 05917C756082019FD720CF15C488F5ABBE4AF44318F1485A9F5698B6A2CB38ED45CFD1
                                                  Function 007B8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _wcslen$BuffCharLower
                                                  • String ID: cdecl$none$stdcall$winapi
                                                  • API String ID: 707087890-567219261
                                                  • Opcode ID: 32dd58cb5dedbddefd9f89e372dd07363eb1e2e39e4f09f4760a9f8098a80169
                                                  • Instruction ID: 4387ff6cf1cc40264980fb26e17f3947429210c6b758c79b7a4c213d035e7bdc
                                                  • Opcode Fuzzy Hash: 32dd58cb5dedbddefd9f89e372dd07363eb1e2e39e4f09f4760a9f8098a80169
                                                  • Instruction Fuzzy Hash: E451A131A04116EBCF54DF68C941AFEB7A9BF64324B20422AE926E73C5DB38DD40C791
                                                  Function 007B372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CoInitialize.OLE32 ref: 007B3774
                                                  • CoUninitialize.OLE32 ref: 007B377F
                                                  • CoCreateInstance.OLE32(?,00000000,00000017,007CFB78,?), ref: 007B37D9
                                                  • IIDFromString.OLE32(?,?), ref: 007B384C
                                                  • VariantInit.OLEAUT32(?), ref: 007B38E4
                                                  • VariantClear.OLEAUT32(?), ref: 007B3936
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                  • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                  • API String ID: 636576611-1287834457
                                                  • Opcode ID: 2f29fcd541e7660acaacec45bbb0636d9ec5c0bbbc044e40af6ce2ea58dd43f0
                                                  • Instruction ID: c14d9bbd0d547632bbdfd74135dcab00361b6b6e37676fdcf1a12366180b1d48
                                                  • Opcode Fuzzy Hash: 2f29fcd541e7660acaacec45bbb0636d9ec5c0bbbc044e40af6ce2ea58dd43f0
                                                  • Instruction Fuzzy Hash: 8061A0B0608311EFD711DF54C889FAAB7E4AF45710F00490DF5859B291D778EE88CBA2
                                                  Function 007A3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 007A33CF
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                  • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 007A33F0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: LoadString$_wcslen
                                                  • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                  • API String ID: 4099089115-3080491070
                                                  • Opcode ID: 23da3cbd7d5cd1f58851ec8127e90f91b1818ba6b371abacac8c26772a592331
                                                  • Instruction ID: 9776b8add1c89a06852fbdc38727bbecfcd307ce06859dafcca5d2f1f3c10680
                                                  • Opcode Fuzzy Hash: 23da3cbd7d5cd1f58851ec8127e90f91b1818ba6b371abacac8c26772a592331
                                                  • Instruction Fuzzy Hash: DF5181B1D00209EAEF15EBA0CD4AEEEB778AF04340F108165F60572162EB7D2F58DB60
                                                  Function 0079B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _wcslen$BuffCharUpper
                                                  • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                  • API String ID: 1256254125-769500911
                                                  • Opcode ID: 922cb5484e8af478e0f01324470d3241c3dcde1f102b1932219dd60dee0ded7b
                                                  • Instruction ID: 6e74becd2261f92ac0c10c621d547c1bb0d978194845ea4b89dfdda72395ea46
                                                  • Opcode Fuzzy Hash: 922cb5484e8af478e0f01324470d3241c3dcde1f102b1932219dd60dee0ded7b
                                                  • Instruction Fuzzy Hash: F341D832A00026DBCF106F7DEE915BE77B5AFA0754B244229E561D7284E739ED81C790
                                                  Function 007A5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetErrorMode.KERNEL32(00000001), ref: 007A53A0
                                                  • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 007A5416
                                                  • GetLastError.KERNEL32 ref: 007A5420
                                                  • SetErrorMode.KERNEL32(00000000,READY), ref: 007A54A7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Error$Mode$DiskFreeLastSpace
                                                  • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                  • API String ID: 4194297153-14809454
                                                  • Opcode ID: b6b0afa0ec145d7161b321884ab3c672dc36c701a9d862d8201f471ff42ae3ab
                                                  • Instruction ID: d584736a34480c052da551efe1df2f2bdee88062cd7c21f9be863c9d4b7901ee
                                                  • Opcode Fuzzy Hash: b6b0afa0ec145d7161b321884ab3c672dc36c701a9d862d8201f471ff42ae3ab
                                                  • Instruction Fuzzy Hash: 3D31E575A00648DFDB10DF68C488EA97BB4FF8A305F188269E505CB352D778DD82CB91
                                                  Function 007C3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateMenu.USER32 ref: 007C3C79
                                                  • SetMenu.USER32(?,00000000), ref: 007C3C88
                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007C3D10
                                                  • IsMenu.USER32(?), ref: 007C3D24
                                                  • CreatePopupMenu.USER32 ref: 007C3D2E
                                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 007C3D5B
                                                  • DrawMenuBar.USER32 ref: 007C3D63
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                  • String ID: 0$F
                                                  • API String ID: 161812096-3044882817
                                                  • Opcode ID: 50c21ad2334bf2dadbb97729fb6bd6616e57d32ade427debb5e1077b8de5842f
                                                  • Instruction ID: a8555a2601b277584c8ededfad016ca8cc219c0de91a67236926fd2ca56128eb
                                                  • Opcode Fuzzy Hash: 50c21ad2334bf2dadbb97729fb6bd6616e57d32ade427debb5e1077b8de5842f
                                                  • Instruction Fuzzy Hash: B2414A75A01209EFDB14CF64E844FAABBB5FF49351F14802DF946A7360D778AA10CB94
                                                  Function 00791EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                    • Part of subcall function 00793CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00793CCA
                                                  • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00791F64
                                                  • GetDlgCtrlID.USER32 ref: 00791F6F
                                                  • GetParent.USER32 ref: 00791F8B
                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 00791F8E
                                                  • GetDlgCtrlID.USER32(?), ref: 00791F97
                                                  • GetParent.USER32(?), ref: 00791FAB
                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 00791FAE
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                  • String ID: ComboBox$ListBox
                                                  • API String ID: 711023334-1403004172
                                                  • Opcode ID: 6e4a4cc43dc4154ec9a098e7e55c92e09a0d490dbc9307926932aacb3cf2387d
                                                  • Instruction ID: 933547dd0c82d3db3010e97e69f8b2d5f365d6a76edef75e68d05586693dece6
                                                  • Opcode Fuzzy Hash: 6e4a4cc43dc4154ec9a098e7e55c92e09a0d490dbc9307926932aacb3cf2387d
                                                  • Instruction Fuzzy Hash: E521B070900218BBDF05AFA0DC89DFEBBB9EF05310F004599FA65A7291CB7D5914DB64
                                                  Function 00791FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                    • Part of subcall function 00793CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00793CCA
                                                  • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00792043
                                                  • GetDlgCtrlID.USER32 ref: 0079204E
                                                  • GetParent.USER32 ref: 0079206A
                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 0079206D
                                                  • GetDlgCtrlID.USER32(?), ref: 00792076
                                                  • GetParent.USER32(?), ref: 0079208A
                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 0079208D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                  • String ID: ComboBox$ListBox
                                                  • API String ID: 711023334-1403004172
                                                  • Opcode ID: dc2aeefb1fd25dc7077da1ca705b848726623712624b8664ecc88ed445cfb534
                                                  • Instruction ID: 7d83342103521c02201923b2f02c7eaa829e77b553ab2400c222f5a0871a2294
                                                  • Opcode Fuzzy Hash: dc2aeefb1fd25dc7077da1ca705b848726623712624b8664ecc88ed445cfb534
                                                  • Instruction Fuzzy Hash: 0B21D1B5D00218BBDF11AFA4DD89EFEBBB8EF05300F104445FA55A72A2CA7D4915DB60
                                                  Function 007C3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 007C3A9D
                                                  • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 007C3AA0
                                                  • GetWindowLongW.USER32(?,000000F0), ref: 007C3AC7
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 007C3AEA
                                                  • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 007C3B62
                                                  • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 007C3BAC
                                                  • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 007C3BC7
                                                  • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 007C3BE2
                                                  • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 007C3BF6
                                                  • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 007C3C13
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$LongWindow
                                                  • String ID:
                                                  • API String ID: 312131281-0
                                                  • Opcode ID: f889dfb6e4bc11b2e097b1fb565472a3638fd7ef4f34a1a5cb47d9d55464428d
                                                  • Instruction ID: cdae83ba409c7e00039981f936258c2c471e7dfb4788d06d097ec6b96d29f98a
                                                  • Opcode Fuzzy Hash: f889dfb6e4bc11b2e097b1fb565472a3638fd7ef4f34a1a5cb47d9d55464428d
                                                  • Instruction Fuzzy Hash: BF616C75900248AFDB20DFA8CC85FEE77B8EB09710F104199FA15E72A1D778AE45DB60
                                                  Function 0079B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentThreadId.KERNEL32 ref: 0079B151
                                                  • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0079A1E1,?,00000001), ref: 0079B165
                                                  • GetWindowThreadProcessId.USER32(00000000), ref: 0079B16C
                                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0079A1E1,?,00000001), ref: 0079B17B
                                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 0079B18D
                                                  • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0079A1E1,?,00000001), ref: 0079B1A6
                                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0079A1E1,?,00000001), ref: 0079B1B8
                                                  • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0079A1E1,?,00000001), ref: 0079B1FD
                                                  • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0079A1E1,?,00000001), ref: 0079B212
                                                  • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0079A1E1,?,00000001), ref: 0079B21D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                  • String ID:
                                                  • API String ID: 2156557900-0
                                                  • Opcode ID: dfa9e6b60cf50c3978e3cb6565d7fe94357122b37b079e2988d05536f9e9cc5c
                                                  • Instruction ID: 8550d552d1ecb7792de8690fba9cd5c27e0d7ee50f0ddbdd8e0eef6dbe90069a
                                                  • Opcode Fuzzy Hash: dfa9e6b60cf50c3978e3cb6565d7fe94357122b37b079e2988d05536f9e9cc5c
                                                  • Instruction Fuzzy Hash: EF318771540608AFDF11DF64FE49FAE7BADFB91311F108009FA09E6190D7B8AA418F68
                                                  Function 00762C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 00762C94
                                                    • Part of subcall function 007629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0076D7D1,00000000,00000000,00000000,00000000,?,0076D7F8,00000000,00000007,00000000,?,0076DBF5,00000000), ref: 007629DE
                                                    • Part of subcall function 007629C8: GetLastError.KERNEL32(00000000,?,0076D7D1,00000000,00000000,00000000,00000000,?,0076D7F8,00000000,00000007,00000000,?,0076DBF5,00000000,00000000), ref: 007629F0
                                                  • _free.LIBCMT ref: 00762CA0
                                                  • _free.LIBCMT ref: 00762CAB
                                                  • _free.LIBCMT ref: 00762CB6
                                                  • _free.LIBCMT ref: 00762CC1
                                                  • _free.LIBCMT ref: 00762CCC
                                                  • _free.LIBCMT ref: 00762CD7
                                                  • _free.LIBCMT ref: 00762CE2
                                                  • _free.LIBCMT ref: 00762CED
                                                  • _free.LIBCMT ref: 00762CFB
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: c9d6cc95a08e35ccc20717721e7fec5b2f8f0c15e5fe4da0bda7b9061a4e6924
                                                  • Instruction ID: 89d1c53f786821556404a75bd8f6ecc30eaf192d3133ced25fec8337e52aba3f
                                                  • Opcode Fuzzy Hash: c9d6cc95a08e35ccc20717721e7fec5b2f8f0c15e5fe4da0bda7b9061a4e6924
                                                  • Instruction Fuzzy Hash: 2D11D376200608EFCB46EF54D846CDC3BA5FF45390F4140A0F9496B232D635EA519F90
                                                  Function 007A7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 007A7FAD
                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 007A7FC1
                                                  • GetFileAttributesW.KERNEL32(?), ref: 007A7FEB
                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 007A8005
                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 007A8017
                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 007A8060
                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 007A80B0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CurrentDirectory$AttributesFile
                                                  • String ID: *.*
                                                  • API String ID: 769691225-438819550
                                                  • Opcode ID: ef69f517af8868ba0c88c36076706440e8d025d6a54f2926a9f67afd970b2efe
                                                  • Instruction ID: 8409e42868461d16b9781097d653408a47cbf5a114d46e1ee1f017edd190a99e
                                                  • Opcode Fuzzy Hash: ef69f517af8868ba0c88c36076706440e8d025d6a54f2926a9f67afd970b2efe
                                                  • Instruction Fuzzy Hash: 4E81AE7250C245DBDB28EF14C8449ABB3E8BBCA310F144A5EF889D7251EB38DD49CB52
                                                  Function 00735BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetWindowLongW.USER32(?,000000EB), ref: 00735C7A
                                                    • Part of subcall function 00735D0A: GetClientRect.USER32(?,?), ref: 00735D30
                                                    • Part of subcall function 00735D0A: GetWindowRect.USER32(?,?), ref: 00735D71
                                                    • Part of subcall function 00735D0A: ScreenToClient.USER32(?,?), ref: 00735D99
                                                  • GetDC.USER32 ref: 007746F5
                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00774708
                                                  • SelectObject.GDI32(00000000,00000000), ref: 00774716
                                                  • SelectObject.GDI32(00000000,00000000), ref: 0077472B
                                                  • ReleaseDC.USER32(?,00000000), ref: 00774733
                                                  • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 007747C4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                  • String ID: U
                                                  • API String ID: 4009187628-3372436214
                                                  • Opcode ID: 1e57af67fafc37f8d2090c362cf6c07ce2ede13ebe1b9f780f7f09cf2687b836
                                                  • Instruction ID: d0a1b769b602edc013a7ff1c5e8be594c8614cc5d119af4f8b8b5808ca52ac95
                                                  • Opcode Fuzzy Hash: 1e57af67fafc37f8d2090c362cf6c07ce2ede13ebe1b9f780f7f09cf2687b836
                                                  • Instruction Fuzzy Hash: 20712531500205DFDF268F64C984EBA3BB5FF4A3A4F148269ED595A166C339CC41DFA0
                                                  Function 007A359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 007A35E4
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                  • LoadStringW.USER32(00802390,?,00000FFF,?), ref: 007A360A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: LoadString$_wcslen
                                                  • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                  • API String ID: 4099089115-2391861430
                                                  • Opcode ID: c8bd7f0895cb144f5ad2fd1c090193405898691aab5ca216276f50d96215d9e9
                                                  • Instruction ID: fb6e2376c0f123deaf5fc8fe3d0f1cb06631ba229a9f814204b3e451ef1bbd18
                                                  • Opcode Fuzzy Hash: c8bd7f0895cb144f5ad2fd1c090193405898691aab5ca216276f50d96215d9e9
                                                  • Instruction Fuzzy Hash: E1515FB1800209FAEF15EBA0DC4AEEDBB78AF45310F144125F205721A2EB791B99DF61
                                                  Function 007C8B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00749BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00749BB2
                                                    • Part of subcall function 0074912D: GetCursorPos.USER32(?), ref: 00749141
                                                    • Part of subcall function 0074912D: ScreenToClient.USER32(00000000,?), ref: 0074915E
                                                    • Part of subcall function 0074912D: GetAsyncKeyState.USER32(00000001), ref: 00749183
                                                    • Part of subcall function 0074912D: GetAsyncKeyState.USER32(00000002), ref: 0074919D
                                                  • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 007C8B6B
                                                  • ImageList_EndDrag.COMCTL32 ref: 007C8B71
                                                  • ReleaseCapture.USER32 ref: 007C8B77
                                                  • SetWindowTextW.USER32(?,00000000), ref: 007C8C12
                                                  • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 007C8C25
                                                  • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 007C8CFF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                  • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                  • API String ID: 1924731296-2107944366
                                                  • Opcode ID: ddfc0a241c000fe62d763b5067b7a47ee49a016ca0a8b3b25214729dba49943c
                                                  • Instruction ID: da224d8f8e570d40c28a2e978110d0286c6382c2eb41b2bb6ad88f665a7af3f2
                                                  • Opcode Fuzzy Hash: ddfc0a241c000fe62d763b5067b7a47ee49a016ca0a8b3b25214729dba49943c
                                                  • Instruction Fuzzy Hash: E9518D71104304AFE754DF24DC9AFAA77E4FB88710F40062DFA56A72E2CB789944CB62
                                                  Function 007AC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 007AC272
                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 007AC29A
                                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 007AC2CA
                                                  • GetLastError.KERNEL32 ref: 007AC322
                                                  • SetEvent.KERNEL32(?), ref: 007AC336
                                                  • InternetCloseHandle.WININET(00000000), ref: 007AC341
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                  • String ID:
                                                  • API String ID: 3113390036-3916222277
                                                  • Opcode ID: 7f7107e940d0f8d7da1fba8e0e892880da54dae6a2103d2c1935771cbfbaa758
                                                  • Instruction ID: 715c3f0da28e26669b966bb98502b73a51fc963e8cf1eac927bdfa78c87dea02
                                                  • Opcode Fuzzy Hash: 7f7107e940d0f8d7da1fba8e0e892880da54dae6a2103d2c1935771cbfbaa758
                                                  • Instruction Fuzzy Hash: 93317FB1500204BFDB229F648C88EAB7BFCEB8A744F14861EF44AD2200DB38DD059B65
                                                  Function 0079989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00773AAF,?,?,Bad directive syntax error,007CCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 007998BC
                                                  • LoadStringW.USER32(00000000,?,00773AAF,?), ref: 007998C3
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                  • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00799987
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: HandleLoadMessageModuleString_wcslen
                                                  • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                  • API String ID: 858772685-4153970271
                                                  • Opcode ID: 8aa8c58c97fcb069ec2ed284fe12653876eeaa40e89d80b2482cbce0df04bd7d
                                                  • Instruction ID: 4fb31eb6d24310801e50edb4694f46c65221cad7f49533232f222fbd54793565
                                                  • Opcode Fuzzy Hash: 8aa8c58c97fcb069ec2ed284fe12653876eeaa40e89d80b2482cbce0df04bd7d
                                                  • Instruction Fuzzy Hash: 6121747194021DEBEF15AF90CC0AEFD7775FF14300F044459F619651A2EB79A618DB50
                                                  Function 0079209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetParent.USER32 ref: 007920AB
                                                  • GetClassNameW.USER32(00000000,?,00000100), ref: 007920C0
                                                  • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0079214D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ClassMessageNameParentSend
                                                  • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                  • API String ID: 1290815626-3381328864
                                                  • Opcode ID: 07afb9f41328ad7fcb1b42b82d5f700d66c30ece2b4378e2b02383c6e0270507
                                                  • Instruction ID: 3526b4d9135ccda01606bd2e409f4d54a8e8437fcb2bb979686487e6fd482e52
                                                  • Opcode Fuzzy Hash: 07afb9f41328ad7fcb1b42b82d5f700d66c30ece2b4378e2b02383c6e0270507
                                                  • Instruction Fuzzy Hash: 8D11E7B66C870EFAFA017324EC0ADF6379CDB04325B204116FB04B51D2FAAD58565614
                                                  Function 0076CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                  • String ID:
                                                  • API String ID: 1282221369-0
                                                  • Opcode ID: dbaafdbc6c25e768fb9346e1e0aa8f18a2a643fa9359361747a43c258874a696
                                                  • Instruction ID: 56716046c4b3581c0438e3f30db13ecddf39b6e5d2187f55c545b04dcbf3b666
                                                  • Opcode Fuzzy Hash: dbaafdbc6c25e768fb9346e1e0aa8f18a2a643fa9359361747a43c258874a696
                                                  • Instruction Fuzzy Hash: D2613972A04301EFDB26AFB49849BBD7BA5EF05350F04416DFD87A7242D63E9D019BA0
                                                  Function 00748B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00786890
                                                  • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 007868A9
                                                  • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 007868B9
                                                  • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 007868D1
                                                  • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 007868F2
                                                  • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00748874,00000000,00000000,00000000,000000FF,00000000), ref: 00786901
                                                  • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0078691E
                                                  • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00748874,00000000,00000000,00000000,000000FF,00000000), ref: 0078692D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                  • String ID:
                                                  • API String ID: 1268354404-0
                                                  • Opcode ID: cd7437bf3ee885d3aac6d75dec755852dbcf08b4551413f502ae595ed52148c0
                                                  • Instruction ID: 8c9b321fe63904428cd4ee14c48498a192673c92403cb666a852040d3c32d59c
                                                  • Opcode Fuzzy Hash: cd7437bf3ee885d3aac6d75dec755852dbcf08b4551413f502ae595ed52148c0
                                                  • Instruction Fuzzy Hash: E5515AB0A40209EFDB20DF25CC59FAA7BB6FB48760F10451CF956972A0DB78E990DB50
                                                  Function 007AC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 007AC182
                                                  • GetLastError.KERNEL32 ref: 007AC195
                                                  • SetEvent.KERNEL32(?), ref: 007AC1A9
                                                    • Part of subcall function 007AC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 007AC272
                                                    • Part of subcall function 007AC253: GetLastError.KERNEL32 ref: 007AC322
                                                    • Part of subcall function 007AC253: SetEvent.KERNEL32(?), ref: 007AC336
                                                    • Part of subcall function 007AC253: InternetCloseHandle.WININET(00000000), ref: 007AC341
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                  • String ID:
                                                  • API String ID: 337547030-0
                                                  • Opcode ID: da26848f2d0a9d316e4d92b2ab3327aa28bf318fe9907f965ec31d5de950d1a4
                                                  • Instruction ID: 0a75a493dd595b5872ec674bee2ed438b3a510deaea6bde6e175f96f0957cda2
                                                  • Opcode Fuzzy Hash: da26848f2d0a9d316e4d92b2ab3327aa28bf318fe9907f965ec31d5de950d1a4
                                                  • Instruction Fuzzy Hash: 13319071200605FFDB229FB5DD48A66BBF8FF9A300B04861DF95A86650D739E814DBA0
                                                  Function 007925A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00793A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00793A57
                                                    • Part of subcall function 00793A3D: GetCurrentThreadId.KERNEL32 ref: 00793A5E
                                                    • Part of subcall function 00793A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,007925B3), ref: 00793A65
                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 007925BD
                                                  • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 007925DB
                                                  • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 007925DF
                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 007925E9
                                                  • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00792601
                                                  • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00792605
                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 0079260F
                                                  • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00792623
                                                  • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00792627
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                  • String ID:
                                                  • API String ID: 2014098862-0
                                                  • Opcode ID: bbcdb38e02771a22b9ac54df422738bfda10e040ae66c8a59b6796fe3ae020eb
                                                  • Instruction ID: cb767929d5e647c59ee53a7ea5447cd5499299cecc299867a3f5694a2c1561b9
                                                  • Opcode Fuzzy Hash: bbcdb38e02771a22b9ac54df422738bfda10e040ae66c8a59b6796fe3ae020eb
                                                  • Instruction Fuzzy Hash: 3601D470790214BBFB1077699C8FF593F59DB4EB12F114045F318AE1D1C9EA28458AAD
                                                  Function 00791803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00791449,?,?,00000000), ref: 0079180C
                                                  • HeapAlloc.KERNEL32(00000000,?,00791449,?,?,00000000), ref: 00791813
                                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00791449,?,?,00000000), ref: 00791828
                                                  • GetCurrentProcess.KERNEL32(?,00000000,?,00791449,?,?,00000000), ref: 00791830
                                                  • DuplicateHandle.KERNEL32(00000000,?,00791449,?,?,00000000), ref: 00791833
                                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00791449,?,?,00000000), ref: 00791843
                                                  • GetCurrentProcess.KERNEL32(00791449,00000000,?,00791449,?,?,00000000), ref: 0079184B
                                                  • DuplicateHandle.KERNEL32(00000000,?,00791449,?,?,00000000), ref: 0079184E
                                                  • CreateThread.KERNEL32(00000000,00000000,00791874,00000000,00000000,00000000), ref: 00791868
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                  • String ID:
                                                  • API String ID: 1957940570-0
                                                  • Opcode ID: 33d5a6492c607d25c6a9967bdb107867b2926be3c380befec0c8a5e48118401e
                                                  • Instruction ID: 231b9917fec8a9ce6bf8a338df31b0b9cc51fa591a37b065a2700e0a6991dce2
                                                  • Opcode Fuzzy Hash: 33d5a6492c607d25c6a9967bdb107867b2926be3c380befec0c8a5e48118401e
                                                  • Instruction Fuzzy Hash: 2C01BFB5240348BFE711AB66DC4EF5B3B6CEB89B11F458415FA05DB191C6749C00CB24
                                                  Function 00763E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: __alldvrm$_strrchr
                                                  • String ID: }}u$}}u$}}u
                                                  • API String ID: 1036877536-1480117039
                                                  • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                  • Instruction ID: 82d6463344cd8e83c18c87b518482ca4439b5ccf84b29e749301f7d153a9e8cb
                                                  • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                  • Instruction Fuzzy Hash: 6CA14972E003969FDB25CF18C8917AEBBE5EF66350F1441ADED969B282C23C8D81C750
                                                  Function 007BA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0079D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0079D501
                                                    • Part of subcall function 0079D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0079D50F
                                                    • Part of subcall function 0079D4DC: CloseHandle.KERNEL32(00000000), ref: 0079D5DC
                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 007BA16D
                                                  • GetLastError.KERNEL32 ref: 007BA180
                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 007BA1B3
                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 007BA268
                                                  • GetLastError.KERNEL32(00000000), ref: 007BA273
                                                  • CloseHandle.KERNEL32(00000000), ref: 007BA2C4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                  • String ID: SeDebugPrivilege
                                                  • API String ID: 2533919879-2896544425
                                                  • Opcode ID: 3a2d53acda8dbc04c25ca05923cc3f74a3ebbd7bb3baf0eb35ba3ea90bae5498
                                                  • Instruction ID: 90773ce832931bb6a256fde804ca73951f7d5cc5895cd50f333b4fb77083c50a
                                                  • Opcode Fuzzy Hash: 3a2d53acda8dbc04c25ca05923cc3f74a3ebbd7bb3baf0eb35ba3ea90bae5498
                                                  • Instruction Fuzzy Hash: EB618071204242AFE721EF19C498F95BBE1BF44318F18849CE4568B7A3C77AED45CB92
                                                  Function 007C3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 007C3925
                                                  • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 007C393A
                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 007C3954
                                                  • _wcslen.LIBCMT ref: 007C3999
                                                  • SendMessageW.USER32(?,00001057,00000000,?), ref: 007C39C6
                                                  • SendMessageW.USER32(?,00001061,?,0000000F), ref: 007C39F4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Window_wcslen
                                                  • String ID: SysListView32
                                                  • API String ID: 2147712094-78025650
                                                  • Opcode ID: b5eb8863385d89bb1bbe4956108caf61c799555da1b59ff195909ccbaf3ae32b
                                                  • Instruction ID: 65bcf4aa0fd0293f7270d6aa4b1dc31405dd26b97def536c050415b7d537cb4a
                                                  • Opcode Fuzzy Hash: b5eb8863385d89bb1bbe4956108caf61c799555da1b59ff195909ccbaf3ae32b
                                                  • Instruction Fuzzy Hash: 2641A371A00219EBEF219F64CC49FEA77A9FF08354F10456EF958E7281D7799A80CB90
                                                  Function 0079BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0079BCFD
                                                  • IsMenu.USER32(00000000), ref: 0079BD1D
                                                  • CreatePopupMenu.USER32 ref: 0079BD53
                                                  • GetMenuItemCount.USER32(01955978), ref: 0079BDA4
                                                  • InsertMenuItemW.USER32(01955978,?,00000001,00000030), ref: 0079BDCC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                  • String ID: 0$2
                                                  • API String ID: 93392585-3793063076
                                                  • Opcode ID: f0667add44d2cb38000f18c0c57e1129b1a3f3f8e22b2a34985ee469070894c6
                                                  • Instruction ID: 0ad031991f8752f1c9911f8759c84b4a8e842f953efcc5be59c668f1a008f44f
                                                  • Opcode Fuzzy Hash: f0667add44d2cb38000f18c0c57e1129b1a3f3f8e22b2a34985ee469070894c6
                                                  • Instruction Fuzzy Hash: CD51B070B00209DBDF11CFA8FA89BAEBBF4BF45314F248159E415D7291D778A941CBA1
                                                  Function 00752D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _ValidateLocalCookies.LIBCMT ref: 00752D4B
                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00752D53
                                                  • _ValidateLocalCookies.LIBCMT ref: 00752DE1
                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00752E0C
                                                  • _ValidateLocalCookies.LIBCMT ref: 00752E61
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                  • String ID: &Hu$csm
                                                  • API String ID: 1170836740-2527861355
                                                  • Opcode ID: b65977079d0f83bd75f3418b7100e6f685a817615b6723341c1b6f69698997e7
                                                  • Instruction ID: 1dd3efced6346a83e68eb1c28f47bfc60c01d62c5a06988f51a068dce9c11d7c
                                                  • Opcode Fuzzy Hash: b65977079d0f83bd75f3418b7100e6f685a817615b6723341c1b6f69698997e7
                                                  • Instruction Fuzzy Hash: 0741A734A00209EBCF14DF68C849ADEBBB5BF46365F148155EC146B353D7B9AA0ACBD0
                                                  Function 0079C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadIconW.USER32(00000000,00007F03), ref: 0079C913
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: IconLoad
                                                  • String ID: blank$info$question$stop$warning
                                                  • API String ID: 2457776203-404129466
                                                  • Opcode ID: e57bbdff4063cecf961e9369c65c8de143e7f9fbe85bd98d9601cca45cd9f401
                                                  • Instruction ID: 25c1ccf66b0f9130514d0e0b13bb32bf53f592851ce6ff3bc33af35a025ca995
                                                  • Opcode Fuzzy Hash: e57bbdff4063cecf961e9369c65c8de143e7f9fbe85bd98d9601cca45cd9f401
                                                  • Instruction Fuzzy Hash: 2811EE31689306BEEF06A754AC83CEA779CDF15369B10402AF504A6282D7AD6D405374
                                                  Function 0079DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                  • String ID: 0.0.0.0
                                                  • API String ID: 642191829-3771769585
                                                  • Opcode ID: cc6465187603d8f243090b98cbb91e003f097782cb0243ee12433c115503deeb
                                                  • Instruction ID: aecf1a76a1d75d9d6b401d6cc2d22d94f8091a813f36fb3a7dcd7da1f5e25c51
                                                  • Opcode Fuzzy Hash: cc6465187603d8f243090b98cbb91e003f097782cb0243ee12433c115503deeb
                                                  • Instruction Fuzzy Hash: 521106B1904115EBDF31AB60AC4AEEF77ACDF10751F00016DF50996091EFBD9E818A60
                                                  Function 007C9F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00749BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00749BB2
                                                  • GetSystemMetrics.USER32(0000000F), ref: 007C9FC7
                                                  • GetSystemMetrics.USER32(0000000F), ref: 007C9FE7
                                                  • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 007CA224
                                                  • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 007CA242
                                                  • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 007CA263
                                                  • ShowWindow.USER32(00000003,00000000), ref: 007CA282
                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 007CA2A7
                                                  • DefDlgProcW.USER32(?,00000005,?,?), ref: 007CA2CA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                  • String ID:
                                                  • API String ID: 1211466189-0
                                                  • Opcode ID: f1119248989409174fa628d44e305d1ec5c0de4191f2280d79f5e5b69a99a49b
                                                  • Instruction ID: 38f9cf8a1e9efea08bfdc8c0e1cbe9e37101036d17508f98684ae2a0bea35847
                                                  • Opcode Fuzzy Hash: f1119248989409174fa628d44e305d1ec5c0de4191f2280d79f5e5b69a99a49b
                                                  • Instruction Fuzzy Hash: D3B1CD31600219EFDF14CF68C989BAE7BB2FF84706F08806DED499B295D739A940CB51
                                                  Function 0079ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _wcslen$LocalTime
                                                  • String ID:
                                                  • API String ID: 952045576-0
                                                  • Opcode ID: 28b482f2470280d6ae6e474d3a1f9fdcff4d9d27e5b502f4dfabbba956c7e189
                                                  • Instruction ID: 8d42c7e09f67d075e2be9b35e7bbcd75458a98311ff3db914563586c0bccfd56
                                                  • Opcode Fuzzy Hash: 28b482f2470280d6ae6e474d3a1f9fdcff4d9d27e5b502f4dfabbba956c7e189
                                                  • Instruction Fuzzy Hash: E541B566C10118B5DB21EBF4888E9CFB7B8FF45311F508466E914E3122FB78E649C3A5
                                                  Function 0074F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0078682C,00000004,00000000,00000000), ref: 0074F953
                                                  • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0078682C,00000004,00000000,00000000), ref: 0078F3D1
                                                  • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0078682C,00000004,00000000,00000000), ref: 0078F454
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ShowWindow
                                                  • String ID:
                                                  • API String ID: 1268545403-0
                                                  • Opcode ID: d1819faa231796ed9baf0ff6b8a177040f0db03a1e582464ffd705aab008d8cf
                                                  • Instruction ID: df2711207a9b5cec927e700e307dbbf768f3d5d6964f6d9e91c7197522e96f60
                                                  • Opcode Fuzzy Hash: d1819faa231796ed9baf0ff6b8a177040f0db03a1e582464ffd705aab008d8cf
                                                  • Instruction Fuzzy Hash: C9411B31608680FED739AF29C98CB2A7B91AF56314F14843DE08BD6960C73DB880CB11
                                                  Function 007C2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeleteObject.GDI32(00000000), ref: 007C2D1B
                                                  • GetDC.USER32(00000000), ref: 007C2D23
                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 007C2D2E
                                                  • ReleaseDC.USER32(00000000,00000000), ref: 007C2D3A
                                                  • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 007C2D76
                                                  • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 007C2D87
                                                  • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,007C5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 007C2DC2
                                                  • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 007C2DE1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                  • String ID:
                                                  • API String ID: 3864802216-0
                                                  • Opcode ID: cb18c087dcb69041d93a121a694c75c5bc03175ab6cbba00e2949eb2479d26ed
                                                  • Instruction ID: 3807f973be2f5f1eb3991162baf065dbed4e61d6d39d4278f0200cca497cd67a
                                                  • Opcode Fuzzy Hash: cb18c087dcb69041d93a121a694c75c5bc03175ab6cbba00e2949eb2479d26ed
                                                  • Instruction Fuzzy Hash: BE31A072201214BFEB154F50CC89FEB3FADEF19711F048059FE09AA291C6799C41CBA4
                                                  Function 00795622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _memcmp
                                                  • String ID:
                                                  • API String ID: 2931989736-0
                                                  • Opcode ID: 88f4d5b5e0cc2fd7afa3dc4fd9926c5ad6911ac0e489afe4fae20e2db6601b48
                                                  • Instruction ID: 4093cfe38bf8c5ee4959a7e3d3da6fff137581ad910aaaf816b1d126433a9c4e
                                                  • Opcode Fuzzy Hash: 88f4d5b5e0cc2fd7afa3dc4fd9926c5ad6911ac0e489afe4fae20e2db6601b48
                                                  • Instruction Fuzzy Hash: E321DBA1741A29B7DA165E20BD96FFB335DAF20786F840028FD049A581F76CEE1483B5
                                                  Function 007B4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: NULL Pointer assignment$Not an Object type
                                                  • API String ID: 0-572801152
                                                  • Opcode ID: 373521ef08a6887cefc0894a8e7f193344465d0823b790109a6ed7139b2aa159
                                                  • Instruction ID: f5bd6ae64e2d7b332abafc6df3dac9d3d7886d82b1e25e13d7587d9344c27ee7
                                                  • Opcode Fuzzy Hash: 373521ef08a6887cefc0894a8e7f193344465d0823b790109a6ed7139b2aa159
                                                  • Instruction Fuzzy Hash: 53D1B1B1A0060A9FDF14DFA8C885FEEB7B5BF48354F148069E915AB281E774DD41CB90
                                                  Function 00771522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,007717FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 007715CE
                                                  • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,007717FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00771651
                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,007717FB,?,007717FB,00000000,00000000,?,00000000,?,?,?,?), ref: 007716E4
                                                  • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,007717FB,00000000,00000000,?,00000000,?,?,?,?), ref: 007716FB
                                                    • Part of subcall function 00763820: RtlAllocateHeap.NTDLL(00000000,?,00801444,?,0074FDF5,?,?,0073A976,00000010,00801440,007313FC,?,007313C6,?,00731129), ref: 00763852
                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,007717FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00771777
                                                  • __freea.LIBCMT ref: 007717A2
                                                  • __freea.LIBCMT ref: 007717AE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                  • String ID:
                                                  • API String ID: 2829977744-0
                                                  • Opcode ID: a8057e887d8f6ca34400b8fb8b1ce70a61eb3ce56c4400914058d867ead1eacc
                                                  • Instruction ID: c907648d2c0683f9af81f4a291ec405a53ba562f9810d8bf93dc1796f815a5b1
                                                  • Opcode Fuzzy Hash: a8057e887d8f6ca34400b8fb8b1ce70a61eb3ce56c4400914058d867ead1eacc
                                                  • Instruction Fuzzy Hash: 4F91C571E002169ADF288E7CCC85EEE7BB59F45790F988659E80AE7141DB3DDD40C7A0
                                                  Function 007B4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Variant$ClearInit
                                                  • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                  • API String ID: 2610073882-625585964
                                                  • Opcode ID: e3ff50907a2d049aae6094c06c421f89d5b521bd4a199cfb31a8c97f078e8096
                                                  • Instruction ID: f38beb9d1a57282d5f01478fed9d71ea4846bbbbeaa19486e1790323e405d9f0
                                                  • Opcode Fuzzy Hash: e3ff50907a2d049aae6094c06c421f89d5b521bd4a199cfb31a8c97f078e8096
                                                  • Instruction Fuzzy Hash: 01918171A00219ABDF24CFA4C848FEE7BB8EF46714F108559F505AB282DB789945CBA0
                                                  Function 007A1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 007A125C
                                                  • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 007A1284
                                                  • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 007A12A8
                                                  • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 007A12D8
                                                  • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 007A135F
                                                  • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 007A13C4
                                                  • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 007A1430
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                  • String ID:
                                                  • API String ID: 2550207440-0
                                                  • Opcode ID: 82be063d9f78fa5f8b9c3c5c5e7afc82756bef2fddf87b01ce46c21551d90d9c
                                                  • Instruction ID: bebdfd7f6679d8f525330555e8400f650ff689787f3e16e36d3f0737b09af034
                                                  • Opcode Fuzzy Hash: 82be063d9f78fa5f8b9c3c5c5e7afc82756bef2fddf87b01ce46c21551d90d9c
                                                  • Instruction Fuzzy Hash: 6291C271A002099FEB01DF98C888BBE77B5FF86325F508129E941EB291D77CE941CB90
                                                  Function 0074948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ObjectSelect$BeginCreatePath
                                                  • String ID:
                                                  • API String ID: 3225163088-0
                                                  • Opcode ID: f0179b6997baf7a56b2edc0249b916cd55cf735e7a30194b0bb2a883326fef9d
                                                  • Instruction ID: a8998283ef45b0736c57e8254fb8f5f9dfaf6bb214b331e66ae05fa36e220c93
                                                  • Opcode Fuzzy Hash: f0179b6997baf7a56b2edc0249b916cd55cf735e7a30194b0bb2a883326fef9d
                                                  • Instruction Fuzzy Hash: F8914A71D40219EFCB15CFA9CC88AEEBBB8FF49320F248159E515B7291D378A951CB60
                                                  Function 007B3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VariantInit.OLEAUT32(?), ref: 007B396B
                                                  • CharUpperBuffW.USER32(?,?), ref: 007B3A7A
                                                  • _wcslen.LIBCMT ref: 007B3A8A
                                                  • VariantClear.OLEAUT32(?), ref: 007B3C1F
                                                    • Part of subcall function 007A0CDF: VariantInit.OLEAUT32(00000000), ref: 007A0D1F
                                                    • Part of subcall function 007A0CDF: VariantCopy.OLEAUT32(?,?), ref: 007A0D28
                                                    • Part of subcall function 007A0CDF: VariantClear.OLEAUT32(?), ref: 007A0D34
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                  • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                  • API String ID: 4137639002-1221869570
                                                  • Opcode ID: 9ba4aba2ee69d5269b4c17218a139899d41ea49dbc36d985c71594eb6e647bda
                                                  • Instruction ID: 95702cb40f2e2d9328a298bfcea7cea52bc114d50b1243d0b0f6edfc73983a22
                                                  • Opcode Fuzzy Hash: 9ba4aba2ee69d5269b4c17218a139899d41ea49dbc36d985c71594eb6e647bda
                                                  • Instruction Fuzzy Hash: 6F9125756083059FCB14DF24C485AAAB7E4BF89314F14892DF8899B352DB38EE45CB92
                                                  Function 007B4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0079000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0078FF41,80070057,?,?,?,0079035E), ref: 0079002B
                                                    • Part of subcall function 0079000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0078FF41,80070057,?,?), ref: 00790046
                                                    • Part of subcall function 0079000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0078FF41,80070057,?,?), ref: 00790054
                                                    • Part of subcall function 0079000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0078FF41,80070057,?), ref: 00790064
                                                  • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 007B4C51
                                                  • _wcslen.LIBCMT ref: 007B4D59
                                                  • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 007B4DCF
                                                  • CoTaskMemFree.OLE32(?), ref: 007B4DDA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                  • String ID: NULL Pointer assignment
                                                  • API String ID: 614568839-2785691316
                                                  • Opcode ID: f28729b333a623fbf0010908f159fce70407dbab2e0cf11b9e2b9d9f99501887
                                                  • Instruction ID: f8ebb5ba96bcc7e40bb8833a948bdf2b49cb41983f30ff86d4cda1a0899f227b
                                                  • Opcode Fuzzy Hash: f28729b333a623fbf0010908f159fce70407dbab2e0cf11b9e2b9d9f99501887
                                                  • Instruction Fuzzy Hash: D3911671D0021DEFDF15DFA4D885AEEB7B9BF08310F108169E915A7252DB789A44CFA0
                                                  Function 007C20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetMenu.USER32(?), ref: 007C2183
                                                  • GetMenuItemCount.USER32(00000000), ref: 007C21B5
                                                  • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 007C21DD
                                                  • _wcslen.LIBCMT ref: 007C2213
                                                  • GetMenuItemID.USER32(?,?), ref: 007C224D
                                                  • GetSubMenu.USER32(?,?), ref: 007C225B
                                                    • Part of subcall function 00793A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00793A57
                                                    • Part of subcall function 00793A3D: GetCurrentThreadId.KERNEL32 ref: 00793A5E
                                                    • Part of subcall function 00793A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,007925B3), ref: 00793A65
                                                  • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 007C22E3
                                                    • Part of subcall function 0079E97B: Sleep.KERNEL32 ref: 0079E9F3
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                  • String ID:
                                                  • API String ID: 4196846111-0
                                                  • Opcode ID: 00874e22739c8074e161613c46fd971472a0acd12dc27fbc35c9ffbec7d93d80
                                                  • Instruction ID: 7d220481cc0dfd56217c2ecfa0122160ff5290aad60e67b7e5c43dbb4fe33aac
                                                  • Opcode Fuzzy Hash: 00874e22739c8074e161613c46fd971472a0acd12dc27fbc35c9ffbec7d93d80
                                                  • Instruction Fuzzy Hash: DF715C75A00215EFCB15EF64C845EAEB7B5FF48320F15845DE816AB352DB38EE428B90
                                                  Function 007C7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsWindow.USER32(019556F8), ref: 007C7F37
                                                  • IsWindowEnabled.USER32(019556F8), ref: 007C7F43
                                                  • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 007C801E
                                                  • SendMessageW.USER32(019556F8,000000B0,?,?), ref: 007C8051
                                                  • IsDlgButtonChecked.USER32(?,?), ref: 007C8089
                                                  • GetWindowLongW.USER32(019556F8,000000EC), ref: 007C80AB
                                                  • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 007C80C3
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                  • String ID:
                                                  • API String ID: 4072528602-0
                                                  • Opcode ID: 297669032de6edcff52e6ee67cc94fabdc5282305b8e57407baf9df61e100d38
                                                  • Instruction ID: e1513c10f3576942c2c016a88b6a950c935a72ffc43c005cf6a621a33dfd98b8
                                                  • Opcode Fuzzy Hash: 297669032de6edcff52e6ee67cc94fabdc5282305b8e57407baf9df61e100d38
                                                  • Instruction Fuzzy Hash: 8A719D74608204AFEF299F64C8D4FAABBB9FF09340F14405DE945972A1CB39AD46DF11
                                                  Function 0079AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetParent.USER32(?), ref: 0079AEF9
                                                  • GetKeyboardState.USER32(?), ref: 0079AF0E
                                                  • SetKeyboardState.USER32(?), ref: 0079AF6F
                                                  • PostMessageW.USER32(?,00000101,00000010,?), ref: 0079AF9D
                                                  • PostMessageW.USER32(?,00000101,00000011,?), ref: 0079AFBC
                                                  • PostMessageW.USER32(?,00000101,00000012,?), ref: 0079AFFD
                                                  • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0079B020
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessagePost$KeyboardState$Parent
                                                  • String ID:
                                                  • API String ID: 87235514-0
                                                  • Opcode ID: 3b9007d29087454802d9d2e82b0a79df4e231815f044bd74e25e4e5477108369
                                                  • Instruction ID: 283c24cb5f431440a7295c1fcac1a03a4280349bf6cdf00b360d49fcbbb0e45f
                                                  • Opcode Fuzzy Hash: 3b9007d29087454802d9d2e82b0a79df4e231815f044bd74e25e4e5477108369
                                                  • Instruction Fuzzy Hash: 0F51A3A0A047D53DFF364338AD49BBA7EAA6B06304F088589E1D9558C2D3DDECC8D791
                                                  Function 0079ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetParent.USER32(00000000), ref: 0079AD19
                                                  • GetKeyboardState.USER32(?), ref: 0079AD2E
                                                  • SetKeyboardState.USER32(?), ref: 0079AD8F
                                                  • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0079ADBB
                                                  • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0079ADD8
                                                  • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0079AE17
                                                  • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0079AE38
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessagePost$KeyboardState$Parent
                                                  • String ID:
                                                  • API String ID: 87235514-0
                                                  • Opcode ID: 6d841d04ddea2d4010e968172c6e168e4a3d5b8793f65fd2a5f75c0764742f17
                                                  • Instruction ID: 778e50e3f950722c4d743d686ab486181854cae8801e6446ac814788093c6315
                                                  • Opcode Fuzzy Hash: 6d841d04ddea2d4010e968172c6e168e4a3d5b8793f65fd2a5f75c0764742f17
                                                  • Instruction Fuzzy Hash: 5C51F9A1A057D53DFF378334AC56B7A7EA86B46300F088598E1D5568C2D39CEC84D792
                                                  Function 0076542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetConsoleCP.KERNEL32(00773CD6,?,?,?,?,?,?,?,?,00765BA3,?,?,00773CD6,?,?), ref: 00765470
                                                  • __fassign.LIBCMT ref: 007654EB
                                                  • __fassign.LIBCMT ref: 00765506
                                                  • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00773CD6,00000005,00000000,00000000), ref: 0076552C
                                                  • WriteFile.KERNEL32(?,00773CD6,00000000,00765BA3,00000000,?,?,?,?,?,?,?,?,?,00765BA3,?), ref: 0076554B
                                                  • WriteFile.KERNEL32(?,?,00000001,00765BA3,00000000,?,?,?,?,?,?,?,?,?,00765BA3,?), ref: 00765584
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                  • String ID:
                                                  • API String ID: 1324828854-0
                                                  • Opcode ID: 4973ef646e3d9173590d2a41a1c60983bdaef4a1d97e3aae843a6247cd355f3d
                                                  • Instruction ID: afe31b342cdca506ef264a259e1ff3a23528ccc804bb36043bf1ef0093a6b641
                                                  • Opcode Fuzzy Hash: 4973ef646e3d9173590d2a41a1c60983bdaef4a1d97e3aae843a6247cd355f3d
                                                  • Instruction Fuzzy Hash: 4451B4B09006499FDB11CFA8D845AEEBBFAEF09300F14415EE957E7292E6349A51CF60
                                                  Function 007B10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 007B304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 007B307A
                                                    • Part of subcall function 007B304E: _wcslen.LIBCMT ref: 007B309B
                                                  • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 007B1112
                                                  • WSAGetLastError.WSOCK32 ref: 007B1121
                                                  • WSAGetLastError.WSOCK32 ref: 007B11C9
                                                  • closesocket.WSOCK32(00000000), ref: 007B11F9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                  • String ID:
                                                  • API String ID: 2675159561-0
                                                  • Opcode ID: 43db11de12bb7e35535146f7c04e367ec8cacbdae03f4928f42f873141884b4c
                                                  • Instruction ID: 0ed71ace105dac267fb2c286b65f5e4f3385313899b4f38d736cbfc102908f2a
                                                  • Opcode Fuzzy Hash: 43db11de12bb7e35535146f7c04e367ec8cacbdae03f4928f42f873141884b4c
                                                  • Instruction Fuzzy Hash: 4941F43160020CAFEB119F18C898BEAB7E9EF45324F548059F9099B292C778AD41CBA1
                                                  Function 0079CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0079DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0079CF22,?), ref: 0079DDFD
                                                    • Part of subcall function 0079DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0079CF22,?), ref: 0079DE16
                                                  • lstrcmpiW.KERNEL32(?,?), ref: 0079CF45
                                                  • MoveFileW.KERNEL32(?,?), ref: 0079CF7F
                                                  • _wcslen.LIBCMT ref: 0079D005
                                                  • _wcslen.LIBCMT ref: 0079D01B
                                                  • SHFileOperationW.SHELL32(?), ref: 0079D061
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                  • String ID: \*.*
                                                  • API String ID: 3164238972-1173974218
                                                  • Opcode ID: 579d7fa4d14add55db6712c815a3a5754d185317a1cf729b71e4c4f8d0c7930b
                                                  • Instruction ID: 9ff8da092662160963333128b1b452296e79f430d3f6f9f8b174a666779b9659
                                                  • Opcode Fuzzy Hash: 579d7fa4d14add55db6712c815a3a5754d185317a1cf729b71e4c4f8d0c7930b
                                                  • Instruction Fuzzy Hash: 7E41487294511C9FDF13EBA4D985EDDB7B9AF08380F1400E6E509E7141EB78AB48CB50
                                                  Function 007C2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 007C2E1C
                                                  • GetWindowLongW.USER32(?,000000F0), ref: 007C2E4F
                                                  • GetWindowLongW.USER32(?,000000F0), ref: 007C2E84
                                                  • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 007C2EB6
                                                  • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 007C2EE0
                                                  • GetWindowLongW.USER32(?,000000F0), ref: 007C2EF1
                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007C2F0B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: LongWindow$MessageSend
                                                  • String ID:
                                                  • API String ID: 2178440468-0
                                                  • Opcode ID: b15233a422407c86168b0e15fdab595eb9b25967bb62102c97839df6472cb0fd
                                                  • Instruction ID: f598d6130f0f3492ab6bfaf7efb0748836902148f110db5f248df1375fcef38a
                                                  • Opcode Fuzzy Hash: b15233a422407c86168b0e15fdab595eb9b25967bb62102c97839df6472cb0fd
                                                  • Instruction Fuzzy Hash: A0310630604154AFDB61DF58DD88FA53BE1FB4A720F1541ACF904AF2B2CB75A841DB45
                                                  Function 00797726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00797769
                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0079778F
                                                  • SysAllocString.OLEAUT32(00000000), ref: 00797792
                                                  • SysAllocString.OLEAUT32(?), ref: 007977B0
                                                  • SysFreeString.OLEAUT32(?), ref: 007977B9
                                                  • StringFromGUID2.OLE32(?,?,00000028), ref: 007977DE
                                                  • SysAllocString.OLEAUT32(?), ref: 007977EC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                  • String ID:
                                                  • API String ID: 3761583154-0
                                                  • Opcode ID: cdbdeb124f58f0608989d77f827966f2c1261f71d025da9a81a0ee5356e95533
                                                  • Instruction ID: 42c6c667604457170e90e4f7a94bf1921b398c36750ed5390fc0a9531daa6d4c
                                                  • Opcode Fuzzy Hash: cdbdeb124f58f0608989d77f827966f2c1261f71d025da9a81a0ee5356e95533
                                                  • Instruction Fuzzy Hash: 6E21C176604219AFDF14DFE9DC89CBB77ACEB093647048029FA08DB260D678DD41C764
                                                  Function 007977FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00797842
                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00797868
                                                  • SysAllocString.OLEAUT32(00000000), ref: 0079786B
                                                  • SysAllocString.OLEAUT32 ref: 0079788C
                                                  • SysFreeString.OLEAUT32 ref: 00797895
                                                  • StringFromGUID2.OLE32(?,?,00000028), ref: 007978AF
                                                  • SysAllocString.OLEAUT32(?), ref: 007978BD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                  • String ID:
                                                  • API String ID: 3761583154-0
                                                  • Opcode ID: fea768a692f1234d88458e83ff5b2c7403004150b1af7440b76d7f6dc0bb246a
                                                  • Instruction ID: 87de121b18a7a20e4ae679868b0db68b243b661e9450e967279aa647732e7eb4
                                                  • Opcode Fuzzy Hash: fea768a692f1234d88458e83ff5b2c7403004150b1af7440b76d7f6dc0bb246a
                                                  • Instruction Fuzzy Hash: A921A171608214AFDF149FA8EC8CDAA77ECFB08360714C125F915CB2A1D678DC41CB68
                                                  Function 007A04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetStdHandle.KERNEL32(0000000C), ref: 007A04F2
                                                  • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 007A052E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CreateHandlePipe
                                                  • String ID: nul
                                                  • API String ID: 1424370930-2873401336
                                                  • Opcode ID: d3c30415835da977901bbfbd6d711db17d1f4c6ab3d04d6a937937b5310ad122
                                                  • Instruction ID: 37536f6d368a03e63d8d8c2665ea315942d21afaecf4ad232341ed09f9783cc1
                                                  • Opcode Fuzzy Hash: d3c30415835da977901bbfbd6d711db17d1f4c6ab3d04d6a937937b5310ad122
                                                  • Instruction Fuzzy Hash: 912171719003059BDB209F69DC48E5A7BB4BF86764F204F19F8A1D62E0D7749960CFA0
                                                  Function 007A05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetStdHandle.KERNEL32(000000F6), ref: 007A05C6
                                                  • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 007A0601
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CreateHandlePipe
                                                  • String ID: nul
                                                  • API String ID: 1424370930-2873401336
                                                  • Opcode ID: 0cc27db4efdd98903eb0c68669207ba4c647942d5c878be786d3f0a04b0328fa
                                                  • Instruction ID: d490d53915d6bed1c234f2fd7c84da3f4fd4e170bbe676e04f736d398de73987
                                                  • Opcode Fuzzy Hash: 0cc27db4efdd98903eb0c68669207ba4c647942d5c878be786d3f0a04b0328fa
                                                  • Instruction Fuzzy Hash: 3621A1755003059BDB208F698C08E9A77F4BFD6724F204F19F8A1E32E0E7749860CB90
                                                  Function 007C40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0073600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0073604C
                                                    • Part of subcall function 0073600E: GetStockObject.GDI32(00000011), ref: 00736060
                                                    • Part of subcall function 0073600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0073606A
                                                  • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 007C4112
                                                  • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 007C411F
                                                  • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 007C412A
                                                  • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 007C4139
                                                  • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 007C4145
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$CreateObjectStockWindow
                                                  • String ID: Msctls_Progress32
                                                  • API String ID: 1025951953-3636473452
                                                  • Opcode ID: b8618cff46b15a28db114dce2a360b4fbef60d00075b9ddd8c42c5f89917b1ac
                                                  • Instruction ID: 4871d32417304d411457d51c045d0d40e3eff088167cd83a24bf931f07856a22
                                                  • Opcode Fuzzy Hash: b8618cff46b15a28db114dce2a360b4fbef60d00075b9ddd8c42c5f89917b1ac
                                                  • Instruction Fuzzy Hash: 6F1190B214021DBEFF119E64CC86EE77F9DEF08798F008115FA18A2150C6769C61DBA4
                                                  Function 0076D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0076D7A3: _free.LIBCMT ref: 0076D7CC
                                                  • _free.LIBCMT ref: 0076D82D
                                                    • Part of subcall function 007629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0076D7D1,00000000,00000000,00000000,00000000,?,0076D7F8,00000000,00000007,00000000,?,0076DBF5,00000000), ref: 007629DE
                                                    • Part of subcall function 007629C8: GetLastError.KERNEL32(00000000,?,0076D7D1,00000000,00000000,00000000,00000000,?,0076D7F8,00000000,00000007,00000000,?,0076DBF5,00000000,00000000), ref: 007629F0
                                                  • _free.LIBCMT ref: 0076D838
                                                  • _free.LIBCMT ref: 0076D843
                                                  • _free.LIBCMT ref: 0076D897
                                                  • _free.LIBCMT ref: 0076D8A2
                                                  • _free.LIBCMT ref: 0076D8AD
                                                  • _free.LIBCMT ref: 0076D8B8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                  • Instruction ID: 968aff69c1daaf8c1fefb4794c77d348fcc70363310c17bb57c17638be7af8aa
                                                  • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                  • Instruction Fuzzy Hash: 55114F71A50B04EAD531BFB0CC4FFCB7BDC6F40700F440825BA9BA68A3DA69B9064A51
                                                  Function 0079DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0079DA74
                                                  • LoadStringW.USER32(00000000), ref: 0079DA7B
                                                  • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0079DA91
                                                  • LoadStringW.USER32(00000000), ref: 0079DA98
                                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0079DADC
                                                  Strings
                                                  • %s (%d) : ==> %s: %s %s, xrefs: 0079DAB9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: HandleLoadModuleString$Message
                                                  • String ID: %s (%d) : ==> %s: %s %s
                                                  • API String ID: 4072794657-3128320259
                                                  • Opcode ID: e0879b499735ee5342c097654ec1c923d77b78ac0f8a96b8590a3e5f80bd21de
                                                  • Instruction ID: d796c692b56e88a92de7c5be18c2176ca152d67a470386d1241e4a2beb5f5b5f
                                                  • Opcode Fuzzy Hash: e0879b499735ee5342c097654ec1c923d77b78ac0f8a96b8590a3e5f80bd21de
                                                  • Instruction Fuzzy Hash: 810136F65002087FFB11ABA49D89EF7776CE708701F408499F74AE2041EA789E854F74
                                                  Function 007A096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InterlockedExchange.KERNEL32(0194E930,0194E930), ref: 007A097B
                                                  • EnterCriticalSection.KERNEL32(0194E910,00000000), ref: 007A098D
                                                  • TerminateThread.KERNEL32(?,000001F6), ref: 007A099B
                                                  • WaitForSingleObject.KERNEL32(?,000003E8), ref: 007A09A9
                                                  • CloseHandle.KERNEL32(?), ref: 007A09B8
                                                  • InterlockedExchange.KERNEL32(0194E930,000001F6), ref: 007A09C8
                                                  • LeaveCriticalSection.KERNEL32(0194E910), ref: 007A09CF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                  • String ID:
                                                  • API String ID: 3495660284-0
                                                  • Opcode ID: 415275b8aa65a772569051a6e7483df64d2602e68d28703767ea0ee6d58f6b38
                                                  • Instruction ID: 99011147b87751ab25d7d14fecb0604481e0fe185c28692bfc474ca50c388ab8
                                                  • Opcode Fuzzy Hash: 415275b8aa65a772569051a6e7483df64d2602e68d28703767ea0ee6d58f6b38
                                                  • Instruction Fuzzy Hash: 55F03C32442A02BBD7425FA4EE8DFD6BB39FF41702F406129F206908A0C778A465CF94
                                                  Function 007B1C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 007B1DC0
                                                  • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 007B1DE1
                                                  • WSAGetLastError.WSOCK32 ref: 007B1DF2
                                                  • htons.WSOCK32(?,?,?,?,?), ref: 007B1EDB
                                                  • inet_ntoa.WSOCK32(?), ref: 007B1E8C
                                                    • Part of subcall function 007939E8: _strlen.LIBCMT ref: 007939F2
                                                    • Part of subcall function 007B3224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,007AEC0C), ref: 007B3240
                                                  • _strlen.LIBCMT ref: 007B1F35
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                  • String ID:
                                                  • API String ID: 3203458085-0
                                                  • Opcode ID: 0651ea2632d8815f752df8e20ce6fd21a0c3898739231e246105da2f5df7e186
                                                  • Instruction ID: a0ec3eabb897ae8230780c5d5049a58bfe11a311349b2cda21e77fcf79893dcf
                                                  • Opcode Fuzzy Hash: 0651ea2632d8815f752df8e20ce6fd21a0c3898739231e246105da2f5df7e186
                                                  • Instruction Fuzzy Hash: 31B1E030204340EFD324DF24C8A9F6A7BE5AF85318F94894CF5565B2A2CB79ED42CB91
                                                  Function 00735D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetClientRect.USER32(?,?), ref: 00735D30
                                                  • GetWindowRect.USER32(?,?), ref: 00735D71
                                                  • ScreenToClient.USER32(?,?), ref: 00735D99
                                                  • GetClientRect.USER32(?,?), ref: 00735ED7
                                                  • GetWindowRect.USER32(?,?), ref: 00735EF8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Rect$Client$Window$Screen
                                                  • String ID:
                                                  • API String ID: 1296646539-0
                                                  • Opcode ID: 2e4ba682ce4efcb903353532f8c70119cd8af05fad839c758de9ba289f0bca37
                                                  • Instruction ID: 320eaa3cfd9698e5632a15f5faaac59a244106a097708db829a3864aaa9fc272
                                                  • Opcode Fuzzy Hash: 2e4ba682ce4efcb903353532f8c70119cd8af05fad839c758de9ba289f0bca37
                                                  • Instruction Fuzzy Hash: 6FB16875A00B4ADBDB10CFA9C4807EEB7F1FF58310F14851AE8A9D7250DB38AA51DB54
                                                  Function 007601B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __allrem.LIBCMT ref: 007600BA
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007600D6
                                                  • __allrem.LIBCMT ref: 007600ED
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0076010B
                                                  • __allrem.LIBCMT ref: 00760122
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00760140
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                  • String ID:
                                                  • API String ID: 1992179935-0
                                                  • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                  • Instruction ID: cc4ebb148f48189665b4f959b7387193020bb4140770d266f589c5fa4cc68057
                                                  • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                  • Instruction Fuzzy Hash: 05810772600706EBE7249E28CC45BAF73E9AF42364F24453AFD52D66C1EBB8D9448790
                                                  Function 007661FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,007582D9,007582D9,?,?,?,0076644F,00000001,00000001,8BE85006), ref: 00766258
                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0076644F,00000001,00000001,8BE85006,?,?,?), ref: 007662DE
                                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 007663D8
                                                  • __freea.LIBCMT ref: 007663E5
                                                    • Part of subcall function 00763820: RtlAllocateHeap.NTDLL(00000000,?,00801444,?,0074FDF5,?,?,0073A976,00000010,00801440,007313FC,?,007313C6,?,00731129), ref: 00763852
                                                  • __freea.LIBCMT ref: 007663EE
                                                  • __freea.LIBCMT ref: 00766413
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1414292761-0
                                                  • Opcode ID: 146284835b913188740d7135f2ac83e6e04ee47e3e1269178c41e90eebda1832
                                                  • Instruction ID: 8f685bbdcc92b0abb3db2ae05773d05a334587ee5c185325c4523d2644f64bde
                                                  • Opcode Fuzzy Hash: 146284835b913188740d7135f2ac83e6e04ee47e3e1269178c41e90eebda1832
                                                  • Instruction Fuzzy Hash: 4751C172A00216AFEB258F65CC85EBF7BA9EF44750F554629FC06DA241EB38DC40C6A0
                                                  Function 007BBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                    • Part of subcall function 007BC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007BB6AE,?,?), ref: 007BC9B5
                                                    • Part of subcall function 007BC998: _wcslen.LIBCMT ref: 007BC9F1
                                                    • Part of subcall function 007BC998: _wcslen.LIBCMT ref: 007BCA68
                                                    • Part of subcall function 007BC998: _wcslen.LIBCMT ref: 007BCA9E
                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007BBCCA
                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 007BBD25
                                                  • RegCloseKey.ADVAPI32(00000000), ref: 007BBD6A
                                                  • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 007BBD99
                                                  • RegCloseKey.ADVAPI32(?,?,00000000), ref: 007BBDF3
                                                  • RegCloseKey.ADVAPI32(?), ref: 007BBDFF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                  • String ID:
                                                  • API String ID: 1120388591-0
                                                  • Opcode ID: 4c3497ab743222a2aca9432fab1d8bc3ca33df68bf6b89378743a23a20b068ff
                                                  • Instruction ID: 3a1b1058aaba3f9c15a854ad131600afb47bd0f4501c97d396ab642fd59ca32b
                                                  • Opcode Fuzzy Hash: 4c3497ab743222a2aca9432fab1d8bc3ca33df68bf6b89378743a23a20b068ff
                                                  • Instruction Fuzzy Hash: 09818C30208241EFD714DF24C895E6ABBE5FF84308F14895CF9994B2A2DB79ED45CB92
                                                  Function 0078F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VariantInit.OLEAUT32(00000035), ref: 0078F7B9
                                                  • SysAllocString.OLEAUT32(00000001), ref: 0078F860
                                                  • VariantCopy.OLEAUT32(0078FA64,00000000), ref: 0078F889
                                                  • VariantClear.OLEAUT32(0078FA64), ref: 0078F8AD
                                                  • VariantCopy.OLEAUT32(0078FA64,00000000), ref: 0078F8B1
                                                  • VariantClear.OLEAUT32(?), ref: 0078F8BB
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Variant$ClearCopy$AllocInitString
                                                  • String ID:
                                                  • API String ID: 3859894641-0
                                                  • Opcode ID: 441f40a8b4d1615ba9829a8a81df0d82d28427df05ad79a87b83fe43c2ebefd0
                                                  • Instruction ID: 0b20850be16222562043e1d83147a8ec9d28674a43ab69d0a78192ec38f50d5d
                                                  • Opcode Fuzzy Hash: 441f40a8b4d1615ba9829a8a81df0d82d28427df05ad79a87b83fe43c2ebefd0
                                                  • Instruction Fuzzy Hash: 7C51C831641310FADF24BF66D899B29B3A4EF45310F249467E905DF292DB7C9C40CB66
                                                  Function 007A910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00737620: _wcslen.LIBCMT ref: 00737625
                                                    • Part of subcall function 00736B57: _wcslen.LIBCMT ref: 00736B6A
                                                  • GetOpenFileNameW.COMDLG32(00000058), ref: 007A94E5
                                                  • _wcslen.LIBCMT ref: 007A9506
                                                  • _wcslen.LIBCMT ref: 007A952D
                                                  • GetSaveFileNameW.COMDLG32(00000058), ref: 007A9585
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _wcslen$FileName$OpenSave
                                                  • String ID: X
                                                  • API String ID: 83654149-3081909835
                                                  • Opcode ID: 76d7c886510063154cd7abac784ad33371123c16808d2bed907e679cc9e805c2
                                                  • Instruction ID: b060f44015b5bef11826b46f74539ea36b474d517a754f1657690ddaf27d1e49
                                                  • Opcode Fuzzy Hash: 76d7c886510063154cd7abac784ad33371123c16808d2bed907e679cc9e805c2
                                                  • Instruction Fuzzy Hash: 40E19071508340DFD724DF24C885A6AB7E0BFC5314F048A6DF9899B2A2DB39ED15CB92
                                                  Function 0074920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00749BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00749BB2
                                                  • BeginPaint.USER32(?,?,?), ref: 00749241
                                                  • GetWindowRect.USER32(?,?), ref: 007492A5
                                                  • ScreenToClient.USER32(?,?), ref: 007492C2
                                                  • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 007492D3
                                                  • EndPaint.USER32(?,?,?,?,?), ref: 00749321
                                                  • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 007871EA
                                                    • Part of subcall function 00749339: BeginPath.GDI32(00000000), ref: 00749357
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                  • String ID:
                                                  • API String ID: 3050599898-0
                                                  • Opcode ID: 71fdb994f919e272595898334cb5303958dac0bb7bfd02a52c1c2e8d9529970e
                                                  • Instruction ID: f4134e39bcb25ac7e3a316f96744e3466914699ca461f66abe22d1cdd7ad1d03
                                                  • Opcode Fuzzy Hash: 71fdb994f919e272595898334cb5303958dac0bb7bfd02a52c1c2e8d9529970e
                                                  • Instruction Fuzzy Hash: EF419C70504200EFDB21DF25CC88FAB7BA8FB86330F144269FA95872E1C7799845DB62
                                                  Function 007A07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InterlockedExchange.KERNEL32(?,000001F5), ref: 007A080C
                                                  • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 007A0847
                                                  • EnterCriticalSection.KERNEL32(?), ref: 007A0863
                                                  • LeaveCriticalSection.KERNEL32(?), ref: 007A08DC
                                                  • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 007A08F3
                                                  • InterlockedExchange.KERNEL32(?,000001F6), ref: 007A0921
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                  • String ID:
                                                  • API String ID: 3368777196-0
                                                  • Opcode ID: 1975ab8011d69600e7c0a3664b9e5275004bd660d2cfb18a98e506812af1e3ed
                                                  • Instruction ID: 5ec8c2c5e84e4239477aad4ef0b745fb03064a482a9ec9db8d3be7085991542a
                                                  • Opcode Fuzzy Hash: 1975ab8011d69600e7c0a3664b9e5275004bd660d2cfb18a98e506812af1e3ed
                                                  • Instruction Fuzzy Hash: D041BD71900205EFDF05EF64DC85AAAB7B8FF45300F1480A9ED049A297D738EE65DBA4
                                                  Function 007C81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0078F3AB,00000000,?,?,00000000,?,0078682C,00000004,00000000,00000000), ref: 007C824C
                                                  • EnableWindow.USER32(?,00000000), ref: 007C8272
                                                  • ShowWindow.USER32(FFFFFFFF,00000000), ref: 007C82D1
                                                  • ShowWindow.USER32(?,00000004), ref: 007C82E5
                                                  • EnableWindow.USER32(?,00000001), ref: 007C830B
                                                  • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 007C832F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$Show$Enable$MessageSend
                                                  • String ID:
                                                  • API String ID: 642888154-0
                                                  • Opcode ID: 7497bc5699302017cd49ebe0ffe422e56f6eb44b71b70f7620b70341c212ef29
                                                  • Instruction ID: 48f06a8e2d39a6d03df4b36857d9466b1fa4ab124b1b4fb0ec2ee26c83da8d54
                                                  • Opcode Fuzzy Hash: 7497bc5699302017cd49ebe0ffe422e56f6eb44b71b70f7620b70341c212ef29
                                                  • Instruction Fuzzy Hash: 7C418334601644EFDFA6CF25C89DFE87BE1FB4A714F1851ADE5084B2A2CB35A841CB52
                                                  Function 00794C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsWindowVisible.USER32(?), ref: 00794C95
                                                  • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00794CB2
                                                  • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00794CEA
                                                  • _wcslen.LIBCMT ref: 00794D08
                                                  • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00794D10
                                                  • _wcsstr.LIBVCRUNTIME ref: 00794D1A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                  • String ID:
                                                  • API String ID: 72514467-0
                                                  • Opcode ID: a36ed660dc87c02f8666f74798bf5ecf6c1a517422382be87b7bf9927b76b675
                                                  • Instruction ID: 81112e304758d309de793164c26c01e6a1508fe981461138dda5074313bb3a26
                                                  • Opcode Fuzzy Hash: a36ed660dc87c02f8666f74798bf5ecf6c1a517422382be87b7bf9927b76b675
                                                  • Instruction Fuzzy Hash: F9212936204210BBEF155B35AD09E7B7BACDF45750F10806DF909DA191EB69DC0283A0
                                                  Function 007A581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00733AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00733A97,?,?,00732E7F,?,?,?,00000000), ref: 00733AC2
                                                  • _wcslen.LIBCMT ref: 007A587B
                                                  • CoInitialize.OLE32(00000000), ref: 007A5995
                                                  • CoCreateInstance.OLE32(007CFCF8,00000000,00000001,007CFB68,?), ref: 007A59AE
                                                  • CoUninitialize.OLE32 ref: 007A59CC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                  • String ID: .lnk
                                                  • API String ID: 3172280962-24824748
                                                  • Opcode ID: 0822b1ac22b9578245ed19e3ec713d3c1599a619b4076fd8a8dc0439e4d83d8e
                                                  • Instruction ID: 3e6788684f4d120b623e42a2da1b39f32f09a0d8902fc597627d3ede1d07f58d
                                                  • Opcode Fuzzy Hash: 0822b1ac22b9578245ed19e3ec713d3c1599a619b4076fd8a8dc0439e4d83d8e
                                                  • Instruction Fuzzy Hash: 90D165B5608601DFC714DF24C484A2ABBE1FF8A710F148A5DF8899B362D739EC45CB92
                                                  Function 0079175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00790FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00790FCA
                                                    • Part of subcall function 00790FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00790FD6
                                                    • Part of subcall function 00790FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00790FE5
                                                    • Part of subcall function 00790FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00790FEC
                                                    • Part of subcall function 00790FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00791002
                                                  • GetLengthSid.ADVAPI32(?,00000000,00791335), ref: 007917AE
                                                  • GetProcessHeap.KERNEL32(00000008,00000000), ref: 007917BA
                                                  • HeapAlloc.KERNEL32(00000000), ref: 007917C1
                                                  • CopySid.ADVAPI32(00000000,00000000,?), ref: 007917DA
                                                  • GetProcessHeap.KERNEL32(00000000,00000000,00791335), ref: 007917EE
                                                  • HeapFree.KERNEL32(00000000), ref: 007917F5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                  • String ID:
                                                  • API String ID: 3008561057-0
                                                  • Opcode ID: 962ee0856919c20a21ebdfa67c48555efa1c622fc29a2700d25cd4590766d6ab
                                                  • Instruction ID: d9e36dcab33c2b8999a25b8f809bf4c553dae0c739baf263b5d63d2f886acf87
                                                  • Opcode Fuzzy Hash: 962ee0856919c20a21ebdfa67c48555efa1c622fc29a2700d25cd4590766d6ab
                                                  • Instruction Fuzzy Hash: 7011AC72500606FFDF119FA5EC49FAE7BA9EB41355F548018F44597220D739A950CB60
                                                  Function 007914CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 007914FF
                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00791506
                                                  • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00791515
                                                  • CloseHandle.KERNEL32(00000004), ref: 00791520
                                                  • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0079154F
                                                  • DestroyEnvironmentBlock.USERENV(00000000), ref: 00791563
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                  • String ID:
                                                  • API String ID: 1413079979-0
                                                  • Opcode ID: e1c284e1e78c125434a2cc1f69be10a32985222aa8da32c9d2725a35827535cf
                                                  • Instruction ID: 15af9c3bd5701fd36b21ca7f9c37d274b8c2e8720b93ca28b7faf4a27675eee7
                                                  • Opcode Fuzzy Hash: e1c284e1e78c125434a2cc1f69be10a32985222aa8da32c9d2725a35827535cf
                                                  • Instruction Fuzzy Hash: D511297250024AABDF128F98ED49FDE7BA9FF48744F058019FA09A2060C379CE61DB61
                                                  Function 00753382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,00753379,00752FE5), ref: 00753390
                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0075339E
                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007533B7
                                                  • SetLastError.KERNEL32(00000000,?,00753379,00752FE5), ref: 00753409
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastValue___vcrt_
                                                  • String ID:
                                                  • API String ID: 3852720340-0
                                                  • Opcode ID: 08cc955d1a9b7b6155058f69aeed015f990ef45685cbd5fffc2075ef3be3fdb6
                                                  • Instruction ID: 10507c56a7a303985c9d89dfd4b2b47f56c2a16a8d9ec5efd5f6a53a004b7cf7
                                                  • Opcode Fuzzy Hash: 08cc955d1a9b7b6155058f69aeed015f990ef45685cbd5fffc2075ef3be3fdb6
                                                  • Instruction Fuzzy Hash: 8C01B132609315AEEA2627747D8A9F62B94EB053FB720422DFC10891F1EFAD4D0E954C
                                                  Function 00762D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,00765686,00773CD6,?,00000000,?,00765B6A,?,?,?,?,?,0075E6D1,?,007F8A48), ref: 00762D78
                                                  • _free.LIBCMT ref: 00762DAB
                                                  • _free.LIBCMT ref: 00762DD3
                                                  • SetLastError.KERNEL32(00000000,?,?,?,?,0075E6D1,?,007F8A48,00000010,00734F4A,?,?,00000000,00773CD6), ref: 00762DE0
                                                  • SetLastError.KERNEL32(00000000,?,?,?,?,0075E6D1,?,007F8A48,00000010,00734F4A,?,?,00000000,00773CD6), ref: 00762DEC
                                                  • _abort.LIBCMT ref: 00762DF2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$_free$_abort
                                                  • String ID:
                                                  • API String ID: 3160817290-0
                                                  • Opcode ID: 654cd4e5dc742769a0801211613ea86810fb6e237cde46f2d6793546b43a036f
                                                  • Instruction ID: 9d029e6cd860c8d56ea6a866aaf50de75e01e312ed6651a4a56a7cdc787ff5bb
                                                  • Opcode Fuzzy Hash: 654cd4e5dc742769a0801211613ea86810fb6e237cde46f2d6793546b43a036f
                                                  • Instruction Fuzzy Hash: B9F0A931704E01B7C2972734BC1EE5E1659BBC27A1F254518FC2B921E3EF2C98034561
                                                  Function 007C8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00749639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00749693
                                                    • Part of subcall function 00749639: SelectObject.GDI32(?,00000000), ref: 007496A2
                                                    • Part of subcall function 00749639: BeginPath.GDI32(?), ref: 007496B9
                                                    • Part of subcall function 00749639: SelectObject.GDI32(?,00000000), ref: 007496E2
                                                  • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 007C8A4E
                                                  • LineTo.GDI32(?,00000003,00000000), ref: 007C8A62
                                                  • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 007C8A70
                                                  • LineTo.GDI32(?,00000000,00000003), ref: 007C8A80
                                                  • EndPath.GDI32(?), ref: 007C8A90
                                                  • StrokePath.GDI32(?), ref: 007C8AA0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                  • String ID:
                                                  • API String ID: 43455801-0
                                                  • Opcode ID: 709b035e05d766fd71d26ee61b27622e415b9634efdcff4be2ad3038ffa6e617
                                                  • Instruction ID: e871bfbcf4290b49a4d4d383ce0849dfabca1d771bcf0fb9a292c9bcad2c2b8c
                                                  • Opcode Fuzzy Hash: 709b035e05d766fd71d26ee61b27622e415b9634efdcff4be2ad3038ffa6e617
                                                  • Instruction Fuzzy Hash: EF11F77640010CFFDF129F90DC88EAA7F6CEB08350F04C01AFA599A1A1C7759D95DBA0
                                                  Function 007951FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDC.USER32(00000000), ref: 00795218
                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 00795229
                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00795230
                                                  • ReleaseDC.USER32(00000000,00000000), ref: 00795238
                                                  • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0079524F
                                                  • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00795261
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CapsDevice$Release
                                                  • String ID:
                                                  • API String ID: 1035833867-0
                                                  • Opcode ID: 79fe858cc525b7e5672bc8229e10d1b7c1e71f7bdb73f4cbb252aea222d40ec1
                                                  • Instruction ID: 8ba139bb95e82afb08bc45b096389173ad814bd5e3dae94dc0533b3ca7615138
                                                  • Opcode Fuzzy Hash: 79fe858cc525b7e5672bc8229e10d1b7c1e71f7bdb73f4cbb252aea222d40ec1
                                                  • Instruction Fuzzy Hash: 9D0184B5A01B18BBEF115BA59D49E4EBF78FB44351F048065FA08A7280D6749800CB64
                                                  Function 00731BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00731BF4
                                                  • MapVirtualKeyW.USER32(00000010,00000000), ref: 00731BFC
                                                  • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00731C07
                                                  • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00731C12
                                                  • MapVirtualKeyW.USER32(00000011,00000000), ref: 00731C1A
                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00731C22
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Virtual
                                                  • String ID:
                                                  • API String ID: 4278518827-0
                                                  • Opcode ID: b8b9d22dc3fe60d14565962de263d60ae832ce4ba791e13da2409e70aff79d61
                                                  • Instruction ID: 47701ac711b9abb8b3937981ebf4ce68b69ea6e0e9b053aa7365f60b6f293fa8
                                                  • Opcode Fuzzy Hash: b8b9d22dc3fe60d14565962de263d60ae832ce4ba791e13da2409e70aff79d61
                                                  • Instruction Fuzzy Hash: 650167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00415BE15C4BA42C7F5A864CBE5
                                                  Function 0079EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0079EB30
                                                  • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0079EB46
                                                  • GetWindowThreadProcessId.USER32(?,?), ref: 0079EB55
                                                  • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0079EB64
                                                  • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0079EB6E
                                                  • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0079EB75
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                  • String ID:
                                                  • API String ID: 839392675-0
                                                  • Opcode ID: d7143bf1945b77b7f5948c3cb7ce484e00995efb167e26889d29e3e0ed84a30d
                                                  • Instruction ID: f9bac21371f8c638e1f765e91486bd20cd4ea1db457efdf043c79f475f35b490
                                                  • Opcode Fuzzy Hash: d7143bf1945b77b7f5948c3cb7ce484e00995efb167e26889d29e3e0ed84a30d
                                                  • Instruction Fuzzy Hash: 6CF030B2540158BBE72257539D0EEEF3B7CEFCAB15F00815CF605E1191D7A85A01C6B9
                                                  Function 00787439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetClientRect.USER32(?), ref: 00787452
                                                  • SendMessageW.USER32(?,00001328,00000000,?), ref: 00787469
                                                  • GetWindowDC.USER32(?), ref: 00787475
                                                  • GetPixel.GDI32(00000000,?,?), ref: 00787484
                                                  • ReleaseDC.USER32(?,00000000), ref: 00787496
                                                  • GetSysColor.USER32(00000005), ref: 007874B0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                  • String ID:
                                                  • API String ID: 272304278-0
                                                  • Opcode ID: 2e1bacb85e287b2fb6dabc91436dbee3b0088c46d6322ef87ba04b015012042e
                                                  • Instruction ID: e7e6c19ed0db371b026cdd1aafef8775511a9a57afead63c4be9045caf016136
                                                  • Opcode Fuzzy Hash: 2e1bacb85e287b2fb6dabc91436dbee3b0088c46d6322ef87ba04b015012042e
                                                  • Instruction Fuzzy Hash: E001A231400205EFDB529FA4DC08FAE7BB5FF04311F254068F91AA21A1CB391D51EB10
                                                  Function 00791874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0079187F
                                                  • UnloadUserProfile.USERENV(?,?), ref: 0079188B
                                                  • CloseHandle.KERNEL32(?), ref: 00791894
                                                  • CloseHandle.KERNEL32(?), ref: 0079189C
                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 007918A5
                                                  • HeapFree.KERNEL32(00000000), ref: 007918AC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                  • String ID:
                                                  • API String ID: 146765662-0
                                                  • Opcode ID: 9d0eba0da9c1bb6fce4188efc1d1d7829fd85915a705ac88035b6f5faf4bdc06
                                                  • Instruction ID: 049c9f6dcf45702a78e969ede36ef0ac122199ace3f6c4d7be0a711fee9844eb
                                                  • Opcode Fuzzy Hash: 9d0eba0da9c1bb6fce4188efc1d1d7829fd85915a705ac88035b6f5faf4bdc06
                                                  • Instruction Fuzzy Hash: 86E01A76404505BFDB025FA2ED0CD0ABF39FF49B22B10C228F22981470CB369820DF58
                                                  Function 007B7B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00750242: EnterCriticalSection.KERNEL32(0080070C,00801884,?,?,0074198B,00802518,?,?,?,007312F9,00000000), ref: 0075024D
                                                    • Part of subcall function 00750242: LeaveCriticalSection.KERNEL32(0080070C,?,0074198B,00802518,?,?,?,007312F9,00000000), ref: 0075028A
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                    • Part of subcall function 007500A3: __onexit.LIBCMT ref: 007500A9
                                                  • __Init_thread_footer.LIBCMT ref: 007B7BFB
                                                    • Part of subcall function 007501F8: EnterCriticalSection.KERNEL32(0080070C,?,?,00748747,00802514), ref: 00750202
                                                    • Part of subcall function 007501F8: LeaveCriticalSection.KERNEL32(0080070C,?,00748747,00802514), ref: 00750235
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                  • String ID: +Tx$5$G$Variable must be of type 'Object'.
                                                  • API String ID: 535116098-374083743
                                                  • Opcode ID: 3bb1b31f2ca582e708866aae223afaa0a988e6b410b6278f7f844a718377e242
                                                  • Instruction ID: 46f9bc4e2dbea18c4599e05460b8a341e3f2bd2f92ef38505018da3d3a27a994
                                                  • Opcode Fuzzy Hash: 3bb1b31f2ca582e708866aae223afaa0a988e6b410b6278f7f844a718377e242
                                                  • Instruction Fuzzy Hash: 89916A70A04209EFCB18EF54D895EEDB7B5FF84340F148059F8069B292DB79AE45CB61
                                                  Function 0079C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00737620: _wcslen.LIBCMT ref: 00737625
                                                  • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0079C6EE
                                                  • _wcslen.LIBCMT ref: 0079C735
                                                  • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0079C79C
                                                  • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0079C7CA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ItemMenu$Info_wcslen$Default
                                                  • String ID: 0
                                                  • API String ID: 1227352736-4108050209
                                                  • Opcode ID: 1d41b3493a07cc6e464919d54a9e6bc7d42fa9b1a87a1ace8c95fae9ea2e3c59
                                                  • Instruction ID: ce0f9d2c78123b4972f2bf2fd9b7d054864e90471d1791829530a72d41171d04
                                                  • Opcode Fuzzy Hash: 1d41b3493a07cc6e464919d54a9e6bc7d42fa9b1a87a1ace8c95fae9ea2e3c59
                                                  • Instruction Fuzzy Hash: 2051CF716043009BDF569F68E889B6BB7E8EF49320F040A2DF995D32E1DB78D904CB52
                                                  Function 0079719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00797206
                                                  • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0079723C
                                                  • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0079724D
                                                  • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 007972CF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ErrorMode$AddressCreateInstanceProc
                                                  • String ID: DllGetClassObject
                                                  • API String ID: 753597075-1075368562
                                                  • Opcode ID: ad8f16ff5408d75712db0f2a04dcb666dac06601958594b7b2726ca11e4abeb2
                                                  • Instruction ID: e08f2e78ed2b421ccc690f3bae10d2b37a6322d5ef557658c1b429573c2d5a58
                                                  • Opcode Fuzzy Hash: ad8f16ff5408d75712db0f2a04dcb666dac06601958594b7b2726ca11e4abeb2
                                                  • Instruction Fuzzy Hash: 7C415CB1624204EFDF19CF54D884A9A7BB9FF44710B2580ADBD099F20AD7B8D944DBA0
                                                  Function 007C3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007C3E35
                                                  • IsMenu.USER32(?), ref: 007C3E4A
                                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 007C3E92
                                                  • DrawMenuBar.USER32 ref: 007C3EA5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Menu$Item$DrawInfoInsert
                                                  • String ID: 0
                                                  • API String ID: 3076010158-4108050209
                                                  • Opcode ID: 6732be51c3200d869bab7f6145488805ee267700d755d1aec34cc2a6c8cb3443
                                                  • Instruction ID: d026055555f36f2ac6377c33fe17f24051b28dfa193df38b9e6c5a935aed9460
                                                  • Opcode Fuzzy Hash: 6732be51c3200d869bab7f6145488805ee267700d755d1aec34cc2a6c8cb3443
                                                  • Instruction Fuzzy Hash: 49414875A00209EFDB10DF50D884EAABBB9FF49354F04812DF915A7250D738AE55CFA0
                                                  Function 00791DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                    • Part of subcall function 00793CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00793CCA
                                                  • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00791E66
                                                  • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00791E79
                                                  • SendMessageW.USER32(?,00000189,?,00000000), ref: 00791EA9
                                                    • Part of subcall function 00736B57: _wcslen.LIBCMT ref: 00736B6A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$_wcslen$ClassName
                                                  • String ID: ComboBox$ListBox
                                                  • API String ID: 2081771294-1403004172
                                                  • Opcode ID: 922204bc0d4b83f1322778aa60fffa8864558fc6cb28f4b3e15abb8c1176df46
                                                  • Instruction ID: 9594fb23047f5354c17671e0bfe0a2a764d82f3de7b3a239762cce5665fa9bec
                                                  • Opcode Fuzzy Hash: 922204bc0d4b83f1322778aa60fffa8864558fc6cb28f4b3e15abb8c1176df46
                                                  • Instruction Fuzzy Hash: B121F3B5A00104FAEF14AB64EC4ACFFB7B8DF45350F548519F925A71E1DB7C49198620
                                                  Function 007C2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 007C2F8D
                                                  • LoadLibraryW.KERNEL32(?), ref: 007C2F94
                                                  • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 007C2FA9
                                                  • DestroyWindow.USER32(?), ref: 007C2FB1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$DestroyLibraryLoadWindow
                                                  • String ID: SysAnimate32
                                                  • API String ID: 3529120543-1011021900
                                                  • Opcode ID: 6d58028d4ad8287ae10aa21898931d8cc6ba0004e8cccd2ad8f78b1411d194a5
                                                  • Instruction ID: db082e925492e5c14cb948120f4a4926180bb42b3ce35e0cd23ec149f740c8c0
                                                  • Opcode Fuzzy Hash: 6d58028d4ad8287ae10aa21898931d8cc6ba0004e8cccd2ad8f78b1411d194a5
                                                  • Instruction Fuzzy Hash: D121DC71200209ABEB218F64DC84FBB37BDEB58324F10462CFA10D21A2C739DC429760
                                                  Function 00754D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00754D1E,007628E9,?,00754CBE,007628E9,007F88B8,0000000C,00754E15,007628E9,00000002), ref: 00754D8D
                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00754DA0
                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,00754D1E,007628E9,?,00754CBE,007628E9,007F88B8,0000000C,00754E15,007628E9,00000002,00000000), ref: 00754DC3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                  • String ID: CorExitProcess$mscoree.dll
                                                  • API String ID: 4061214504-1276376045
                                                  • Opcode ID: 9d43ff430f6d347b8730e8172f480628911bc96ce2d86effcc58dbdc05c918a9
                                                  • Instruction ID: 01437544a0736930dfdb3cbb8792d1e7fe9053cb20013a2ecce06d2d8c1474ef
                                                  • Opcode Fuzzy Hash: 9d43ff430f6d347b8730e8172f480628911bc96ce2d86effcc58dbdc05c918a9
                                                  • Instruction Fuzzy Hash: 17F0AF30A00208BBDB129F90DC09FEEBFB5EF04712F0440A8FD09A2260CB785D84CAD4
                                                  Function 0078D3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryA.KERNEL32 ref: 0078D3AD
                                                  • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0078D3BF
                                                  • FreeLibrary.KERNEL32(00000000), ref: 0078D3E5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Library$AddressFreeLoadProc
                                                  • String ID: GetSystemWow64DirectoryW$X64
                                                  • API String ID: 145871493-2590602151
                                                  • Opcode ID: d459458793b8c879a950bf2d3622ff77b3ab7fa50fedc46a271aab1d73b741b9
                                                  • Instruction ID: 94bc2ba1f83d1439360c27954ae9103630efdb4605fe0fb2f44e496781318bb1
                                                  • Opcode Fuzzy Hash: d459458793b8c879a950bf2d3622ff77b3ab7fa50fedc46a271aab1d73b741b9
                                                  • Instruction Fuzzy Hash: B8F055B08C5A21EBD73237118C08D2DB310BF00701B58816CF80AE21D0DB2CCD408783
                                                  Function 00734E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00734EDD,?,00801418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00734E9C
                                                  • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00734EAE
                                                  • FreeLibrary.KERNEL32(00000000,?,?,00734EDD,?,00801418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00734EC0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Library$AddressFreeLoadProc
                                                  • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                  • API String ID: 145871493-3689287502
                                                  • Opcode ID: 0345eca22966fa603f938d44540f2c173d528748c1fcc8bd9ef00830e9c7d8e0
                                                  • Instruction ID: 492b5af3629bed1b3bd89145d9689c9b0f6f736a306262744c3b04349b472505
                                                  • Opcode Fuzzy Hash: 0345eca22966fa603f938d44540f2c173d528748c1fcc8bd9ef00830e9c7d8e0
                                                  • Instruction Fuzzy Hash: B6E0CD75E415225BE2331B266C18F6F6754AFC1F62F0D411DFD08D3211DB6CDD0240A4
                                                  Function 00734E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00773CDE,?,00801418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00734E62
                                                  • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00734E74
                                                  • FreeLibrary.KERNEL32(00000000,?,?,00773CDE,?,00801418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00734E87
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Library$AddressFreeLoadProc
                                                  • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                  • API String ID: 145871493-1355242751
                                                  • Opcode ID: f84730ec2022bd2a3897e32b6bab1de1bf7800375652717d7d415ed1bb93ecf6
                                                  • Instruction ID: 350dcb54b2d8c5fe914f8595c87b82b63e465df498dc939be9cce0640a0c2b37
                                                  • Opcode Fuzzy Hash: f84730ec2022bd2a3897e32b6bab1de1bf7800375652717d7d415ed1bb93ecf6
                                                  • Instruction Fuzzy Hash: D7D02B7294263157A6331B26BC0CE8F2B18AF81F1130D411CF908E3111CF2CCD02C1D4
                                                  Function 007A2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 007A2C05
                                                  • DeleteFileW.KERNEL32(?), ref: 007A2C87
                                                  • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 007A2C9D
                                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 007A2CAE
                                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 007A2CC0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: File$Delete$Copy
                                                  • String ID:
                                                  • API String ID: 3226157194-0
                                                  • Opcode ID: 4c2bfe5d344e6c8676db8d3dc4e295faad8db39b52c530194e29e75f41eaaba6
                                                  • Instruction ID: 09160c9e858698752f043ccea66a535e51fc0826c52b5227c806bdddf7e2a879
                                                  • Opcode Fuzzy Hash: 4c2bfe5d344e6c8676db8d3dc4e295faad8db39b52c530194e29e75f41eaaba6
                                                  • Instruction Fuzzy Hash: F2B18F71901119EBDF25DBA8CC89EDEB77DEF49310F0041A6FA09E6142EB389E458F61
                                                  Function 007BA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcessId.KERNEL32 ref: 007BA427
                                                  • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 007BA435
                                                  • GetProcessIoCounters.KERNEL32(00000000,?), ref: 007BA468
                                                  • CloseHandle.KERNEL32(?), ref: 007BA63D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Process$CloseCountersCurrentHandleOpen
                                                  • String ID:
                                                  • API String ID: 3488606520-0
                                                  • Opcode ID: edff4b352492bd981cec8c5b40251947450f558290610a1d2da11a5d4f3ec5f9
                                                  • Instruction ID: d3efdd07154bb3aad7f82ac00d8ce071be0b797a8651af15435154fdc7a22af9
                                                  • Opcode Fuzzy Hash: edff4b352492bd981cec8c5b40251947450f558290610a1d2da11a5d4f3ec5f9
                                                  • Instruction Fuzzy Hash: 37A1A471604301AFE720EF28C886F2AB7E5AF44714F14885DF59A9B292D778EC41CB92
                                                  Function 0076BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,007D3700), ref: 0076BB91
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,0080121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0076BC09
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00801270,000000FF,?,0000003F,00000000,?), ref: 0076BC36
                                                  • _free.LIBCMT ref: 0076BB7F
                                                    • Part of subcall function 007629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0076D7D1,00000000,00000000,00000000,00000000,?,0076D7F8,00000000,00000007,00000000,?,0076DBF5,00000000), ref: 007629DE
                                                    • Part of subcall function 007629C8: GetLastError.KERNEL32(00000000,?,0076D7D1,00000000,00000000,00000000,00000000,?,0076D7F8,00000000,00000007,00000000,?,0076DBF5,00000000,00000000), ref: 007629F0
                                                  • _free.LIBCMT ref: 0076BD4B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                  • String ID:
                                                  • API String ID: 1286116820-0
                                                  • Opcode ID: f0272e844ff9253ebca44c29079140aee162820d9f9385e71d0e34e112ff3722
                                                  • Instruction ID: 35d4481ed1979210ec30a5824f2cd03ae9d04ebf15b86f0e660e52ed0cd9e8b0
                                                  • Opcode Fuzzy Hash: f0272e844ff9253ebca44c29079140aee162820d9f9385e71d0e34e112ff3722
                                                  • Instruction Fuzzy Hash: F251FB71900209EFCB10DF65DC859BEB7BCFF42360B14426AE956D72A1EB385E85CB60
                                                  Function 0079E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0079DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0079CF22,?), ref: 0079DDFD
                                                    • Part of subcall function 0079DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0079CF22,?), ref: 0079DE16
                                                    • Part of subcall function 0079E199: GetFileAttributesW.KERNEL32(?,0079CF95), ref: 0079E19A
                                                  • lstrcmpiW.KERNEL32(?,?), ref: 0079E473
                                                  • MoveFileW.KERNEL32(?,?), ref: 0079E4AC
                                                  • _wcslen.LIBCMT ref: 0079E5EB
                                                  • _wcslen.LIBCMT ref: 0079E603
                                                  • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0079E650
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                  • String ID:
                                                  • API String ID: 3183298772-0
                                                  • Opcode ID: 0cb1f20b8e1d586eb1433d3f518e1ba6879e66fa9766c64e761518ef300610c4
                                                  • Instruction ID: 7ee04eefa2532ca4fc5153b8d3e2b3ebef147edef3505e738f4e0364fd780b61
                                                  • Opcode Fuzzy Hash: 0cb1f20b8e1d586eb1433d3f518e1ba6879e66fa9766c64e761518ef300610c4
                                                  • Instruction Fuzzy Hash: 345154B25083859BDB24DB94DC859DFB3ECAF84340F00491EF689D3191EF78A688C766
                                                  Function 007BB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                    • Part of subcall function 007BC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007BB6AE,?,?), ref: 007BC9B5
                                                    • Part of subcall function 007BC998: _wcslen.LIBCMT ref: 007BC9F1
                                                    • Part of subcall function 007BC998: _wcslen.LIBCMT ref: 007BCA68
                                                    • Part of subcall function 007BC998: _wcslen.LIBCMT ref: 007BCA9E
                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007BBAA5
                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 007BBB00
                                                  • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 007BBB63
                                                  • RegCloseKey.ADVAPI32(?,?), ref: 007BBBA6
                                                  • RegCloseKey.ADVAPI32(00000000), ref: 007BBBB3
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                  • String ID:
                                                  • API String ID: 826366716-0
                                                  • Opcode ID: 273735843184897888d24bd3d76e3fa321ef0571ac545fc4c540d05dc029a172
                                                  • Instruction ID: 787e3fdaae5da62dafdbadd9d895e60d75272371cbb1e392309d4df239ef3c0b
                                                  • Opcode Fuzzy Hash: 273735843184897888d24bd3d76e3fa321ef0571ac545fc4c540d05dc029a172
                                                  • Instruction Fuzzy Hash: DE617971208241AFD314DF24C894F6ABBE5FF84308F14855CF4998B2A2DB79ED45CB92
                                                  Function 00798BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VariantInit.OLEAUT32(?), ref: 00798BCD
                                                  • VariantClear.OLEAUT32 ref: 00798C3E
                                                  • VariantClear.OLEAUT32 ref: 00798C9D
                                                  • VariantClear.OLEAUT32(?), ref: 00798D10
                                                  • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00798D3B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Variant$Clear$ChangeInitType
                                                  • String ID:
                                                  • API String ID: 4136290138-0
                                                  • Opcode ID: 04490e5aa797a707b084a4d47359f0d84bac1b0c4ece523fefb4505648b7eaa7
                                                  • Instruction ID: b802e86413f7a8412171b72f61d84f31d32af1ace5d44830fd9feaea1e65ad26
                                                  • Opcode Fuzzy Hash: 04490e5aa797a707b084a4d47359f0d84bac1b0c4ece523fefb4505648b7eaa7
                                                  • Instruction Fuzzy Hash: 0C515BB5A00219EFCB14CF68D894EAAB7F8FF8D310B158559E919DB350E734E911CB90
                                                  Function 007A8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 007A8BAE
                                                  • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 007A8BDA
                                                  • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 007A8C32
                                                  • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 007A8C57
                                                  • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 007A8C5F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: PrivateProfile$SectionWrite$String
                                                  • String ID:
                                                  • API String ID: 2832842796-0
                                                  • Opcode ID: 289e41ea7810d8244b30a2fb922c53ae4f9ce666d2e54aeb656c217e5d33fbe5
                                                  • Instruction ID: f3060e09426e9bead01dffac67d81dddfd7fb6fd87353b872d9bb724e0d0d45c
                                                  • Opcode Fuzzy Hash: 289e41ea7810d8244b30a2fb922c53ae4f9ce666d2e54aeb656c217e5d33fbe5
                                                  • Instruction Fuzzy Hash: 98515A75A00219DFDB15DF65C884A69BBF1FF49314F088098E849AB362CB39ED51CFA1
                                                  Function 007B8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryW.KERNEL32(?,00000000,?), ref: 007B8F40
                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 007B8FD0
                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 007B8FEC
                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 007B9032
                                                  • FreeLibrary.KERNEL32(00000000), ref: 007B9052
                                                    • Part of subcall function 0074F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,007A1043,?,7529E610), ref: 0074F6E6
                                                    • Part of subcall function 0074F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0078FA64,00000000,00000000,?,?,007A1043,?,7529E610,?,0078FA64), ref: 0074F70D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                  • String ID:
                                                  • API String ID: 666041331-0
                                                  • Opcode ID: e72a21bf831a08c48694be1ff4b7422e122d0a81857f083c60f993594c4b968b
                                                  • Instruction ID: 39ff28920228a0ec7497f55fc9b1050d4a4fcb6426e0cf47d9e4bc76bd2d17ef
                                                  • Opcode Fuzzy Hash: e72a21bf831a08c48694be1ff4b7422e122d0a81857f083c60f993594c4b968b
                                                  • Instruction Fuzzy Hash: 4B514A35604205DFDB15EF54C4889EDBBB1FF49314F088098E91AAB362DB39ED86CB91
                                                  Function 007C6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetWindowLongW.USER32(00000002,000000F0,?), ref: 007C6C33
                                                  • SetWindowLongW.USER32(?,000000EC,?), ref: 007C6C4A
                                                  • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 007C6C73
                                                  • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,007AAB79,00000000,00000000), ref: 007C6C98
                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 007C6CC7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$Long$MessageSendShow
                                                  • String ID:
                                                  • API String ID: 3688381893-0
                                                  • Opcode ID: 12b0adfa480b19a5751a3984b7e8fd8165ef3e290fd639a012d71d43790ef3f8
                                                  • Instruction ID: 475b8241e0491f28aee2afc637be548377af7f474ba066ff43910550e569278a
                                                  • Opcode Fuzzy Hash: 12b0adfa480b19a5751a3984b7e8fd8165ef3e290fd639a012d71d43790ef3f8
                                                  • Instruction Fuzzy Hash: AF41D335A00104AFDB35CF28CD98FA97BA5EB09360F14026CF899A72E1C379FD41CA60
                                                  Function 00762051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _free
                                                  • String ID:
                                                  • API String ID: 269201875-0
                                                  • Opcode ID: d141d725cc2939b1a8051b5d592e29427b99abf3e2d1808bab9de7420e4d5629
                                                  • Instruction ID: e9cff4cae651c548e5b3f278ca4896d48979809531f51e5ec5426c8e5e9b041a
                                                  • Opcode Fuzzy Hash: d141d725cc2939b1a8051b5d592e29427b99abf3e2d1808bab9de7420e4d5629
                                                  • Instruction Fuzzy Hash: 8141F332A00604DFCB24DF78C984A6DB3F5EF89314F1545A8E916EB352EB35AD02CB81
                                                  Function 0074912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCursorPos.USER32(?), ref: 00749141
                                                  • ScreenToClient.USER32(00000000,?), ref: 0074915E
                                                  • GetAsyncKeyState.USER32(00000001), ref: 00749183
                                                  • GetAsyncKeyState.USER32(00000002), ref: 0074919D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: AsyncState$ClientCursorScreen
                                                  • String ID:
                                                  • API String ID: 4210589936-0
                                                  • Opcode ID: f1f649e0517c9dd84b30a98cea483752510a1b990a81d4114d34091cb816cf2e
                                                  • Instruction ID: 1a929c0afc069786e26bf930260915da4827dfa85cdca16ed1cb3bcaa10c69ac
                                                  • Opcode Fuzzy Hash: f1f649e0517c9dd84b30a98cea483752510a1b990a81d4114d34091cb816cf2e
                                                  • Instruction Fuzzy Hash: 5441513190851AFBDF19AF64C848BEEB775FF45320F208219E529A72D0D738AD50CB51
                                                  Function 007A3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetInputState.USER32 ref: 007A38CB
                                                  • TranslateAcceleratorW.USER32(?,00000000,?), ref: 007A3922
                                                  • TranslateMessage.USER32(?), ref: 007A394B
                                                  • DispatchMessageW.USER32(?), ref: 007A3955
                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007A3966
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                  • String ID:
                                                  • API String ID: 2256411358-0
                                                  • Opcode ID: 608c1d2159bc48cf47af438049d569c48c9a38ef47e9cb6f991d9cedf8f3d83e
                                                  • Instruction ID: f3422fed5a7e5fd2c4a3cdb3070b666efb917e2585a1de536791bf541ca17eea
                                                  • Opcode Fuzzy Hash: 608c1d2159bc48cf47af438049d569c48c9a38ef47e9cb6f991d9cedf8f3d83e
                                                  • Instruction Fuzzy Hash: 183183709043419EEF65CF74984CFB777A8EB87318F14466DF466821A0E7BCAA85CB21
                                                  Function 007ACF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 007ACF38
                                                  • InternetReadFile.WININET(?,00000000,?,?), ref: 007ACF6F
                                                  • GetLastError.KERNEL32(?,00000000,?,?,?,007AC21E,00000000), ref: 007ACFB4
                                                  • SetEvent.KERNEL32(?,?,00000000,?,?,?,007AC21E,00000000), ref: 007ACFC8
                                                  • SetEvent.KERNEL32(?,?,00000000,?,?,?,007AC21E,00000000), ref: 007ACFF2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                  • String ID:
                                                  • API String ID: 3191363074-0
                                                  • Opcode ID: 250baab3b2c484f82fda66f514407bc996c024dfed45a79a58eedba2f058e399
                                                  • Instruction ID: e4c53ab69d641f2d87f225b31844ce19588015f6c4922b8a6b295e5e145a41df
                                                  • Opcode Fuzzy Hash: 250baab3b2c484f82fda66f514407bc996c024dfed45a79a58eedba2f058e399
                                                  • Instruction Fuzzy Hash: 23315072604205FFDB21DFA5C884DABBBF9EB55351B10852EF516D2140DB38AE41DBA0
                                                  Function 00791901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetWindowRect.USER32(?,?), ref: 00791915
                                                  • PostMessageW.USER32(00000001,00000201,00000001), ref: 007919C1
                                                  • Sleep.KERNEL32(00000000,?,?,?), ref: 007919C9
                                                  • PostMessageW.USER32(00000001,00000202,00000000), ref: 007919DA
                                                  • Sleep.KERNEL32(00000000,?,?,?,?), ref: 007919E2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessagePostSleep$RectWindow
                                                  • String ID:
                                                  • API String ID: 3382505437-0
                                                  • Opcode ID: 6d320fa8287393ec9d9fd48fba50f78854dbfe9abda5842c6fd1a6721ecb2395
                                                  • Instruction ID: 9e3a28411f4efbc2428c69d05f5ed61298c453ae160ab0697a4eb2114d86a457
                                                  • Opcode Fuzzy Hash: 6d320fa8287393ec9d9fd48fba50f78854dbfe9abda5842c6fd1a6721ecb2395
                                                  • Instruction Fuzzy Hash: BC31F171A0025AEFCF00CFA8DD99ADE3BB5EB04324F008229F925A72D0C374AD54CB90
                                                  Function 007C5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001053,000000FF,?), ref: 007C5745
                                                  • SendMessageW.USER32(?,00001074,?,00000001), ref: 007C579D
                                                  • _wcslen.LIBCMT ref: 007C57AF
                                                  • _wcslen.LIBCMT ref: 007C57BA
                                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 007C5816
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$_wcslen
                                                  • String ID:
                                                  • API String ID: 763830540-0
                                                  • Opcode ID: 3a82e9501fdae9c2016e9ecfaa099f87fbe79f7d43b60d545611e51f48499dce
                                                  • Instruction ID: c285546be7c921d70e20f7df58e134997a28711044693960ff800da2e66423de
                                                  • Opcode Fuzzy Hash: 3a82e9501fdae9c2016e9ecfaa099f87fbe79f7d43b60d545611e51f48499dce
                                                  • Instruction Fuzzy Hash: 5F216171904658DADB209F60CC89FEE77B8FF04724F10825EE929EA180D779AAC5CF50
                                                  Function 007B0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsWindow.USER32(00000000), ref: 007B0951
                                                  • GetForegroundWindow.USER32 ref: 007B0968
                                                  • GetDC.USER32(00000000), ref: 007B09A4
                                                  • GetPixel.GDI32(00000000,?,00000003), ref: 007B09B0
                                                  • ReleaseDC.USER32(00000000,00000003), ref: 007B09E8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$ForegroundPixelRelease
                                                  • String ID:
                                                  • API String ID: 4156661090-0
                                                  • Opcode ID: 683fad61dfa995ec0f5321f39146dedcae9766f15b2d9771b7b2b71314a6a495
                                                  • Instruction ID: d67d0c298cc71ce202726a9ab38134c8e1293ad0e74106e6a6a6829503d9299b
                                                  • Opcode Fuzzy Hash: 683fad61dfa995ec0f5321f39146dedcae9766f15b2d9771b7b2b71314a6a495
                                                  • Instruction Fuzzy Hash: 09216235600204EFD704EF65C948E9EB7E5EF49740F04816CE84AE7752DB38AC04CB90
                                                  Function 0076CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetEnvironmentStringsW.KERNEL32 ref: 0076CDC6
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0076CDE9
                                                    • Part of subcall function 00763820: RtlAllocateHeap.NTDLL(00000000,?,00801444,?,0074FDF5,?,?,0073A976,00000010,00801440,007313FC,?,007313C6,?,00731129), ref: 00763852
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0076CE0F
                                                  • _free.LIBCMT ref: 0076CE22
                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0076CE31
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                  • String ID:
                                                  • API String ID: 336800556-0
                                                  • Opcode ID: fdbfa8a5eccf7cd9a96c742ae14060be8aa3eea53e539f89d1d0ad4cd644ff80
                                                  • Instruction ID: d3f5f9dfbeb78f826de8a63f6ea320d6996fed31edda463aadd8bd162409ea59
                                                  • Opcode Fuzzy Hash: fdbfa8a5eccf7cd9a96c742ae14060be8aa3eea53e539f89d1d0ad4cd644ff80
                                                  • Instruction Fuzzy Hash: 6C01D472A022157F232316B66C8CC7B7A7DDEC6FA1319412DFD0AC7201EA6E8D0281B4
                                                  Function 00749639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00749693
                                                  • SelectObject.GDI32(?,00000000), ref: 007496A2
                                                  • BeginPath.GDI32(?), ref: 007496B9
                                                  • SelectObject.GDI32(?,00000000), ref: 007496E2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ObjectSelect$BeginCreatePath
                                                  • String ID:
                                                  • API String ID: 3225163088-0
                                                  • Opcode ID: 9f1d2592dd5b7991a750c8dd1c0b38889589ef9653c1d5a82dc1ae3ddd290840
                                                  • Instruction ID: 52a926c92276e57b70d2fc43f7fee9d375ca40e6b025668b3e583dd1c4c55b0c
                                                  • Opcode Fuzzy Hash: 9f1d2592dd5b7991a750c8dd1c0b38889589ef9653c1d5a82dc1ae3ddd290840
                                                  • Instruction Fuzzy Hash: F3218B70902305EFDF119F25EC0CBAA3FA8BB50325F51421AF914A61B0D3789892CB96
                                                  Function 00795711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _memcmp
                                                  • String ID:
                                                  • API String ID: 2931989736-0
                                                  • Opcode ID: 8c6980b353cbc64b109e553d9ec9629a1eb38f535d513c184859fc3b4cffa339
                                                  • Instruction ID: e6ff57c3ae8de1e4a10a1634ff276cf2bad162aed972786891e11c4d66ef8ffd
                                                  • Opcode Fuzzy Hash: 8c6980b353cbc64b109e553d9ec9629a1eb38f535d513c184859fc3b4cffa339
                                                  • Instruction Fuzzy Hash: 7901F5A1341A29FBDA195A60BD92FFB735D9B20396F404028FD049A241F77CEF1483B0
                                                  Function 00762DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,?,0075F2DE,00763863,00801444,?,0074FDF5,?,?,0073A976,00000010,00801440,007313FC,?,007313C6), ref: 00762DFD
                                                  • _free.LIBCMT ref: 00762E32
                                                  • _free.LIBCMT ref: 00762E59
                                                  • SetLastError.KERNEL32(00000000,00731129), ref: 00762E66
                                                  • SetLastError.KERNEL32(00000000,00731129), ref: 00762E6F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$_free
                                                  • String ID:
                                                  • API String ID: 3170660625-0
                                                  • Opcode ID: d1378fa59b852bea677ad482d85edcbfc54f4f4bfdbd846b9d131c50f9df7711
                                                  • Instruction ID: f2790d893169bc6367036b76b0465a59ff535ef14ab7e313bfce8409e5adc431
                                                  • Opcode Fuzzy Hash: d1378fa59b852bea677ad482d85edcbfc54f4f4bfdbd846b9d131c50f9df7711
                                                  • Instruction Fuzzy Hash: EC01F476645E00ABC65327346C4ED2B265DEBD27B1B258038FC27B22D3EB2E8C038525
                                                  Function 0079000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0078FF41,80070057,?,?,?,0079035E), ref: 0079002B
                                                  • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0078FF41,80070057,?,?), ref: 00790046
                                                  • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0078FF41,80070057,?,?), ref: 00790054
                                                  • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0078FF41,80070057,?), ref: 00790064
                                                  • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0078FF41,80070057,?,?), ref: 00790070
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: From$Prog$FreeStringTasklstrcmpi
                                                  • String ID:
                                                  • API String ID: 3897988419-0
                                                  • Opcode ID: 25eda8ef5c6b234038dbc75b71947077758454e0814855c238ee34a4120a1f19
                                                  • Instruction ID: 70fa27886d7429d6d6f25fcffc60cf034a2994b7d7c18c5626eb367b7287827c
                                                  • Opcode Fuzzy Hash: 25eda8ef5c6b234038dbc75b71947077758454e0814855c238ee34a4120a1f19
                                                  • Instruction Fuzzy Hash: 91018F76610204BFDF118F68EC08FAA7BEDEB44751F148128F909D6210D779DD409BA0
                                                  Function 0079E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 0079E997
                                                  • QueryPerformanceFrequency.KERNEL32(?), ref: 0079E9A5
                                                  • Sleep.KERNEL32(00000000), ref: 0079E9AD
                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 0079E9B7
                                                  • Sleep.KERNEL32 ref: 0079E9F3
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: PerformanceQuery$CounterSleep$Frequency
                                                  • String ID:
                                                  • API String ID: 2833360925-0
                                                  • Opcode ID: c575728e130e016deb0f92d77198173f2f947f6c301cfffa8dbd9b9504aabcba
                                                  • Instruction ID: 957b2d5eaa231554c2291745979f7b360c2dd86afd5699eb5ab1aeca0aee46ab
                                                  • Opcode Fuzzy Hash: c575728e130e016deb0f92d77198173f2f947f6c301cfffa8dbd9b9504aabcba
                                                  • Instruction Fuzzy Hash: 09015B71C0152DDBCF00DBE5EC5AADDBB78FB09320F05454AE902B2141DB38A951C7A6
                                                  Function 007910F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00791114
                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,00790B9B,?,?,?), ref: 00791120
                                                  • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00790B9B,?,?,?), ref: 0079112F
                                                  • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00790B9B,?,?,?), ref: 00791136
                                                  • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0079114D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                  • String ID:
                                                  • API String ID: 842720411-0
                                                  • Opcode ID: 359ba81c66cf431f06dfbb73e637866985e2a546c39c76c916e3c35f1cc22684
                                                  • Instruction ID: 87d61f566399ef5ed9d4dcbd8e19963b283d730beb5b6765e926086be306a0b2
                                                  • Opcode Fuzzy Hash: 359ba81c66cf431f06dfbb73e637866985e2a546c39c76c916e3c35f1cc22684
                                                  • Instruction Fuzzy Hash: 52018175100209BFDB124F69EC4DE6A3F6EEF85360B144418FA45C3350DB35DC118B60
                                                  Function 00790FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00790FCA
                                                  • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00790FD6
                                                  • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00790FE5
                                                  • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00790FEC
                                                  • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00791002
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: HeapInformationToken$AllocErrorLastProcess
                                                  • String ID:
                                                  • API String ID: 44706859-0
                                                  • Opcode ID: ff684464b0144a3b3b5112fa799b7a49cc7dbe59b7f224df9726b81af43009cd
                                                  • Instruction ID: 6dc4a43f232eb39168e6d033786e1ebfd83490b71be52e887b8d9743270a7784
                                                  • Opcode Fuzzy Hash: ff684464b0144a3b3b5112fa799b7a49cc7dbe59b7f224df9726b81af43009cd
                                                  • Instruction Fuzzy Hash: 43F06275200305EBDB224FA9EC4DF563B6DFF89761F548418F949C7251CA79DC50CA60
                                                  Function 00791014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0079102A
                                                  • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00791036
                                                  • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00791045
                                                  • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0079104C
                                                  • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00791062
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: HeapInformationToken$AllocErrorLastProcess
                                                  • String ID:
                                                  • API String ID: 44706859-0
                                                  • Opcode ID: f69c995a12d795c1f94130b6c7c1188507ad1bde03f70893cefdb997fbaed8fb
                                                  • Instruction ID: 5cf2f0f885c1266ce7661e9d9d5d5cf2e82095a9e66b4b178e49fbee5623bd3f
                                                  • Opcode Fuzzy Hash: f69c995a12d795c1f94130b6c7c1188507ad1bde03f70893cefdb997fbaed8fb
                                                  • Instruction Fuzzy Hash: 9CF0CD75200706EBDB221FA9EC49F563BADFF897A1F104418FA09C7250CA39DC908A60
                                                  Function 007A030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CloseHandle.KERNEL32(?,?,?,?,007A017D,?,007A32FC,?,00000001,00772592,?), ref: 007A0324
                                                  • CloseHandle.KERNEL32(?,?,?,?,007A017D,?,007A32FC,?,00000001,00772592,?), ref: 007A0331
                                                  • CloseHandle.KERNEL32(?,?,?,?,007A017D,?,007A32FC,?,00000001,00772592,?), ref: 007A033E
                                                  • CloseHandle.KERNEL32(?,?,?,?,007A017D,?,007A32FC,?,00000001,00772592,?), ref: 007A034B
                                                  • CloseHandle.KERNEL32(?,?,?,?,007A017D,?,007A32FC,?,00000001,00772592,?), ref: 007A0358
                                                  • CloseHandle.KERNEL32(?,?,?,?,007A017D,?,007A32FC,?,00000001,00772592,?), ref: 007A0365
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CloseHandle
                                                  • String ID:
                                                  • API String ID: 2962429428-0
                                                  • Opcode ID: 03daed25a7e61b083574e8201b0228d102de2ab8b4b8438b5878eaaf72b39f34
                                                  • Instruction ID: cf0c828362a18734cf0996f4f6c709b18c6ceaabfbb34a1e9955200c71951efb
                                                  • Opcode Fuzzy Hash: 03daed25a7e61b083574e8201b0228d102de2ab8b4b8438b5878eaaf72b39f34
                                                  • Instruction Fuzzy Hash: 9E01AA72800B159FCB30AF66D880812FBF9BFA13153158E3FD19652931C3B5A998DF80
                                                  Function 0076D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 0076D752
                                                    • Part of subcall function 007629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0076D7D1,00000000,00000000,00000000,00000000,?,0076D7F8,00000000,00000007,00000000,?,0076DBF5,00000000), ref: 007629DE
                                                    • Part of subcall function 007629C8: GetLastError.KERNEL32(00000000,?,0076D7D1,00000000,00000000,00000000,00000000,?,0076D7F8,00000000,00000007,00000000,?,0076DBF5,00000000,00000000), ref: 007629F0
                                                  • _free.LIBCMT ref: 0076D764
                                                  • _free.LIBCMT ref: 0076D776
                                                  • _free.LIBCMT ref: 0076D788
                                                  • _free.LIBCMT ref: 0076D79A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: 0bf2423868d7fe10edb092e9fda4c796baa59219b50daeaa1964dbaa80cb97f1
                                                  • Instruction ID: 2cb79e8bbceb16a60a660cbe7f261f2f4ec778e39f75508c403b9b23b5907337
                                                  • Opcode Fuzzy Hash: 0bf2423868d7fe10edb092e9fda4c796baa59219b50daeaa1964dbaa80cb97f1
                                                  • Instruction Fuzzy Hash: 7CF06232B10708AB8676EB64FAC5C2677DDBB44350B954805F85AE7512CB3CFC80CE65
                                                  Function 00795C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDlgItem.USER32(?,000003E9), ref: 00795C58
                                                  • GetWindowTextW.USER32(00000000,?,00000100), ref: 00795C6F
                                                  • MessageBeep.USER32(00000000), ref: 00795C87
                                                  • KillTimer.USER32(?,0000040A), ref: 00795CA3
                                                  • EndDialog.USER32(?,00000001), ref: 00795CBD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                  • String ID:
                                                  • API String ID: 3741023627-0
                                                  • Opcode ID: e8a928a7d4dfea385312c6d9cf0e0d1d651ddc3bbe27002c3e6524cf3b58ea52
                                                  • Instruction ID: e7184768085977bcbda9a893cbfaef64fa98ca983e5681521bf7674f6918cac0
                                                  • Opcode Fuzzy Hash: e8a928a7d4dfea385312c6d9cf0e0d1d651ddc3bbe27002c3e6524cf3b58ea52
                                                  • Instruction Fuzzy Hash: A901D170500B14ABEF225B10EE4EFA677B8BB01B05F00555DE287B10E1DBF8A9848BA4
                                                  Function 007622A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 007622BE
                                                    • Part of subcall function 007629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0076D7D1,00000000,00000000,00000000,00000000,?,0076D7F8,00000000,00000007,00000000,?,0076DBF5,00000000), ref: 007629DE
                                                    • Part of subcall function 007629C8: GetLastError.KERNEL32(00000000,?,0076D7D1,00000000,00000000,00000000,00000000,?,0076D7F8,00000000,00000007,00000000,?,0076DBF5,00000000,00000000), ref: 007629F0
                                                  • _free.LIBCMT ref: 007622D0
                                                  • _free.LIBCMT ref: 007622E3
                                                  • _free.LIBCMT ref: 007622F4
                                                  • _free.LIBCMT ref: 00762305
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: f278aef723607cf07cb05335fb14856d2b9ddb04e6b12bba23b3fb933d083270
                                                  • Instruction ID: a0025ba17ed8a16f9ae1c68bed22bd6a89783f6ebf4bf1b58761ce614289ac74
                                                  • Opcode Fuzzy Hash: f278aef723607cf07cb05335fb14856d2b9ddb04e6b12bba23b3fb933d083270
                                                  • Instruction Fuzzy Hash: FDF05470500A15CBCBD7EF54BC059183BA4F7197A1B01051AF815E22B7CB3C1412EFE5
                                                  Function 007495C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • EndPath.GDI32(?), ref: 007495D4
                                                  • StrokeAndFillPath.GDI32(?,?,007871F7,00000000,?,?,?), ref: 007495F0
                                                  • SelectObject.GDI32(?,00000000), ref: 00749603
                                                  • DeleteObject.GDI32 ref: 00749616
                                                  • StrokePath.GDI32(?), ref: 00749631
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Path$ObjectStroke$DeleteFillSelect
                                                  • String ID:
                                                  • API String ID: 2625713937-0
                                                  • Opcode ID: 24eac3ee59b6e801def990faf5265696fe5b652bbcca88d01dc86041caa1498a
                                                  • Instruction ID: acc49a588e87f7afd5e5a363b63824d56490c701ea944f60e7a037e5b82ed3c0
                                                  • Opcode Fuzzy Hash: 24eac3ee59b6e801def990faf5265696fe5b652bbcca88d01dc86041caa1498a
                                                  • Instruction Fuzzy Hash: CFF03731006208EBDB629F69ED1CBA53F61BB00332F548218F569550F0D73889A1DF26
                                                  Function 00760F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: __freea$_free
                                                  • String ID: a/p$am/pm
                                                  • API String ID: 3432400110-3206640213
                                                  • Opcode ID: cd701470f48a6e46379f6797026013b047e5ed7f0cf73a24e6eb880f99eb2b45
                                                  • Instruction ID: 20ee4f0b6a2a2eec5b91135369e4a240547f88d049dc325c2f14b0dcc659b674
                                                  • Opcode Fuzzy Hash: cd701470f48a6e46379f6797026013b047e5ed7f0cf73a24e6eb880f99eb2b45
                                                  • Instruction Fuzzy Hash: CAD1DF71A00206DADB289F69C85DAFAB7B1FF06300FAC4159ED07AB650D77D9D80CB91
                                                  Function 00765AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: JOs
                                                  • API String ID: 0-1017225800
                                                  • Opcode ID: d1034dcae1522a972d1d35afadfada2cb4eb61829d5f8ee6038909007c54a47d
                                                  • Instruction ID: d3e783e73cc2c80afac73731c33912207742f2febd2aaf30d66ba24ac9370f85
                                                  • Opcode Fuzzy Hash: d1034dcae1522a972d1d35afadfada2cb4eb61829d5f8ee6038909007c54a47d
                                                  • Instruction Fuzzy Hash: BA5191B1D0060AEFDB119FA8C949FEE7FB8EF45310F14015AFC06A7291DA799901EB61
                                                  Function 00768A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00768B6E
                                                  • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00768B7A
                                                  • __dosmaperr.LIBCMT ref: 00768B81
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                  • String ID: .u
                                                  • API String ID: 2434981716-2311707517
                                                  • Opcode ID: fa8e7ff3dfc160b3e1cfba0183e2a402b091a632552a93809301e5661a8d4761
                                                  • Instruction ID: 9630963dd94f374b960221e4ec446824463ec263537e786669a0dc095aebf9f0
                                                  • Opcode Fuzzy Hash: fa8e7ff3dfc160b3e1cfba0183e2a402b091a632552a93809301e5661a8d4761
                                                  • Instruction Fuzzy Hash: CA417FF0604045AFD7659F64DC84A7D7FA5EB46304F2C83A9FC9A87642DE39CC029B52
                                                  Function 00792716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0079B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,007921D0,?,?,00000034,00000800,?,00000034), ref: 0079B42D
                                                  • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00792760
                                                    • Part of subcall function 0079B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,007921FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0079B3F8
                                                    • Part of subcall function 0079B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0079B355
                                                    • Part of subcall function 0079B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00792194,00000034,?,?,00001004,00000000,00000000), ref: 0079B365
                                                    • Part of subcall function 0079B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00792194,00000034,?,?,00001004,00000000,00000000), ref: 0079B37B
                                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 007927CD
                                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0079281A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                  • String ID: @
                                                  • API String ID: 4150878124-2766056989
                                                  • Opcode ID: a16951fa4cfdec108639a0da5f24ce843f17a8f94910acc60f054534675fd6a1
                                                  • Instruction ID: 1b83e5003d425dc2373d348f6c11bdacc69b118f5cbe1be743ffaa4a0e5e7a31
                                                  • Opcode Fuzzy Hash: a16951fa4cfdec108639a0da5f24ce843f17a8f94910acc60f054534675fd6a1
                                                  • Instruction Fuzzy Hash: 97412A72900218BEDF10DBA4D945EEEBBB8EF09300F004099EA55B7191DA746E45CBA0
                                                  Function 0076172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\osr730ky3m.exe,00000104), ref: 00761769
                                                  • _free.LIBCMT ref: 00761834
                                                  • _free.LIBCMT ref: 0076183E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _free$FileModuleName
                                                  • String ID: C:\Users\user\Desktop\osr730ky3m.exe
                                                  • API String ID: 2506810119-3341777424
                                                  • Opcode ID: 6f2ea7983114361b2eaf90d18d1ea1e082e6e7541f1811178984b2910458d950
                                                  • Instruction ID: 40f105e6c1bd64f7f26a20fb45988addc6df8d323c1d15d4691bcee9e6ecefe1
                                                  • Opcode Fuzzy Hash: 6f2ea7983114361b2eaf90d18d1ea1e082e6e7541f1811178984b2910458d950
                                                  • Instruction Fuzzy Hash: 70318C71A00219EFDB21DB99D889D9EBBFCEB85320B5841AAFC06D7211D6749E40CB90
                                                  Function 0079C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0079C306
                                                  • DeleteMenu.USER32(?,00000007,00000000), ref: 0079C34C
                                                  • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00801990,01955978), ref: 0079C395
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Menu$Delete$InfoItem
                                                  • String ID: 0
                                                  • API String ID: 135850232-4108050209
                                                  • Opcode ID: 4f4fcf037882982fdfa0651c4f99283399d809c3e80a208d337159e3f005805b
                                                  • Instruction ID: b9d69bc702ca27337b91edb08caf742e64f606c074a0cf17d88076c2b00207cc
                                                  • Opcode Fuzzy Hash: 4f4fcf037882982fdfa0651c4f99283399d809c3e80a208d337159e3f005805b
                                                  • Instruction Fuzzy Hash: 1841AE71204301DFDF21DF28E885B5ABBE4AF85320F108A1DF9A597291D778A904CB62
                                                  Function 007C4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,007CCC08,00000000,?,?,?,?), ref: 007C44AA
                                                  • GetWindowLongW.USER32 ref: 007C44C7
                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007C44D7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$Long
                                                  • String ID: SysTreeView32
                                                  • API String ID: 847901565-1698111956
                                                  • Opcode ID: eccb26675a95669a75fccb82cd995160259c245e8d5079ec3cb9a5f439292b57
                                                  • Instruction ID: ff6255ec040ed2f8181c1300ebdc77d91699b43b8112a714e514c590fd4e3297
                                                  • Opcode Fuzzy Hash: eccb26675a95669a75fccb82cd995160259c245e8d5079ec3cb9a5f439292b57
                                                  • Instruction Fuzzy Hash: 2D319C71210645ABDB258E38DC45FEA7BA9EB08334F20831DF979A21E0D778ED609750
                                                  Function 00796E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SysReAllocString.OLEAUT32(?,?), ref: 00796EED
                                                  • VariantCopyInd.OLEAUT32(?,?), ref: 00796F08
                                                  • VariantClear.OLEAUT32(?), ref: 00796F12
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Variant$AllocClearCopyString
                                                  • String ID: *jy
                                                  • API String ID: 2173805711-2085638289
                                                  • Opcode ID: 7db508c449a3b1f20ba39d43cb9f06bd8d400eca58633071b58b9af3891d25c7
                                                  • Instruction ID: e9b429281e647d013be19ebaacf15aa551b5902a70db26176c2eaa4ee92854ff
                                                  • Opcode Fuzzy Hash: 7db508c449a3b1f20ba39d43cb9f06bd8d400eca58633071b58b9af3891d25c7
                                                  • Instruction Fuzzy Hash: 1831B172604245DFDF09AFA4E8559BD3776FF84700F104698F9035B2A2C73C9916DB94
                                                  Function 007B304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 007B335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,007B3077,?,?), ref: 007B3378
                                                  • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 007B307A
                                                  • _wcslen.LIBCMT ref: 007B309B
                                                  • htons.WSOCK32(00000000,?,?,00000000), ref: 007B3106
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                  • String ID: 255.255.255.255
                                                  • API String ID: 946324512-2422070025
                                                  • Opcode ID: 196564af63fec1e5c8c47caf3900a5f287199318cbc6d3b9f6139cf81f44a0c7
                                                  • Instruction ID: e0729dcd3ac62277e056e42fab87e3384efe195219e73730946fc84077423731
                                                  • Opcode Fuzzy Hash: 196564af63fec1e5c8c47caf3900a5f287199318cbc6d3b9f6139cf81f44a0c7
                                                  • Instruction Fuzzy Hash: E531F339600209DFDB10DF28C885FEA77E5EF14318F248059E9158B392DB7AEE85CB60
                                                  Function 007C3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 007C3F40
                                                  • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 007C3F54
                                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 007C3F78
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Window
                                                  • String ID: SysMonthCal32
                                                  • API String ID: 2326795674-1439706946
                                                  • Opcode ID: 10a0271b789355cc995c4992cb8db3092937aa66e9ddf68c3a5a30d33798bd02
                                                  • Instruction ID: 6d40345146830a123bb8b7075ae997d9276dd80c943fe6cd690acf8984459b63
                                                  • Opcode Fuzzy Hash: 10a0271b789355cc995c4992cb8db3092937aa66e9ddf68c3a5a30d33798bd02
                                                  • Instruction Fuzzy Hash: 3A219C32610219BBEF269F50DC46FEA3B79EB48724F11421CFA197B1D0D6B9A950CB90
                                                  Function 007C4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 007C4705
                                                  • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 007C4713
                                                  • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 007C471A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$DestroyWindow
                                                  • String ID: msctls_updown32
                                                  • API String ID: 4014797782-2298589950
                                                  • Opcode ID: 12e784277bc0cd2615393120ffa2e34801a90539474c212a904a9959ed9fe242
                                                  • Instruction ID: be8a4e3c57ecc2e40253d6506ddeb0565ef250401208d7a29026e5986082f987
                                                  • Opcode Fuzzy Hash: 12e784277bc0cd2615393120ffa2e34801a90539474c212a904a9959ed9fe242
                                                  • Instruction Fuzzy Hash: 51215CB5600208AFEB11DF64DC95EB737ADEB4A3A4B04005DFA049B391CB74EC51CA60
                                                  Function 007995AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _wcslen
                                                  • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                  • API String ID: 176396367-2734436370
                                                  • Opcode ID: 1b9f1ca3806d6e9829527ce1a670577dc7ce4c362fa54dac99f976b4e9261d29
                                                  • Instruction ID: a1aa85386f5ec0d1aede070d96d7bbdd5f1fdf4f5586f1ab1ec627b23b03587c
                                                  • Opcode Fuzzy Hash: 1b9f1ca3806d6e9829527ce1a670577dc7ce4c362fa54dac99f976b4e9261d29
                                                  • Instruction Fuzzy Hash: 112138B2104510E6FB31AB2CAC07FBB73A89F51310F10402EFA5997081EB9DAD55C3D6
                                                  Function 007C37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 007C3840
                                                  • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 007C3850
                                                  • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 007C3876
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$MoveWindow
                                                  • String ID: Listbox
                                                  • API String ID: 3315199576-2633736733
                                                  • Opcode ID: c07b5643e183e03c7d6b561ea433bf36b5f22703c18d63fa1ddaddc33b351d72
                                                  • Instruction ID: d9e6a95ab8c555f0c9f672def32388c430eed8a4555dfadb4d7f191ff20ad1be
                                                  • Opcode Fuzzy Hash: c07b5643e183e03c7d6b561ea433bf36b5f22703c18d63fa1ddaddc33b351d72
                                                  • Instruction Fuzzy Hash: 4E217C72610218BBEB219E54DC85FAB37AAEF89760F11C12CF9049B190C679DC528BA0
                                                  Function 007A49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetErrorMode.KERNEL32(00000001), ref: 007A4A08
                                                  • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 007A4A5C
                                                  • SetErrorMode.KERNEL32(00000000,?,?,007CCC08), ref: 007A4AD0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ErrorMode$InformationVolume
                                                  • String ID: %lu
                                                  • API String ID: 2507767853-685833217
                                                  • Opcode ID: fc43f92df28919ee7cce96c1ab78e939d90c176247b9e9730e411c021f9b35ea
                                                  • Instruction ID: 6a1311407efbecd9e1f9999f3e3b6492cdb9b6c8491a9739a432321e423e0159
                                                  • Opcode Fuzzy Hash: fc43f92df28919ee7cce96c1ab78e939d90c176247b9e9730e411c021f9b35ea
                                                  • Instruction Fuzzy Hash: 9D315071A00108EFDB10DF64C885EAA77F8EF45304F1480A9E509DB352D779ED45CB61
                                                  Function 007C41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 007C424F
                                                  • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 007C4264
                                                  • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 007C4271
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: msctls_trackbar32
                                                  • API String ID: 3850602802-1010561917
                                                  • Opcode ID: 18b4d1347a18de5da062cc896c04826cc3d3cb23ec6e44548d3105046c821503
                                                  • Instruction ID: af767c195ec63af4445561f6d528163ebf25e98c7c22f463c3c5be0b3504a8ac
                                                  • Opcode Fuzzy Hash: 18b4d1347a18de5da062cc896c04826cc3d3cb23ec6e44548d3105046c821503
                                                  • Instruction Fuzzy Hash: 6711E032240208BEEF205E28CC06FAB3BACFF85B64F01412CFA55E20A0D275D8619B20
                                                  Function 00792F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00736B57: _wcslen.LIBCMT ref: 00736B6A
                                                    • Part of subcall function 00792DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00792DC5
                                                    • Part of subcall function 00792DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00792DD6
                                                    • Part of subcall function 00792DA7: GetCurrentThreadId.KERNEL32 ref: 00792DDD
                                                    • Part of subcall function 00792DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00792DE4
                                                  • GetFocus.USER32 ref: 00792F78
                                                    • Part of subcall function 00792DEE: GetParent.USER32(00000000), ref: 00792DF9
                                                  • GetClassNameW.USER32(?,?,00000100), ref: 00792FC3
                                                  • EnumChildWindows.USER32(?,0079303B), ref: 00792FEB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                  • String ID: %s%d
                                                  • API String ID: 1272988791-1110647743
                                                  • Opcode ID: b37446adfc4d369a03d0de51c51e8398d745558fc5bc6d27d1100d0c95b1688e
                                                  • Instruction ID: bddc2a7765db24101d725ae54bda17f0a7a4885e93c8d7c75191bd3c57ea1a38
                                                  • Opcode Fuzzy Hash: b37446adfc4d369a03d0de51c51e8398d745558fc5bc6d27d1100d0c95b1688e
                                                  • Instruction Fuzzy Hash: 7311B4B1700205ABDF557F74AD89EED776AAF84304F048079FA09AB253DE389946CB70
                                                  Function 007C5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 007C58C1
                                                  • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 007C58EE
                                                  • DrawMenuBar.USER32(?), ref: 007C58FD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Menu$InfoItem$Draw
                                                  • String ID: 0
                                                  • API String ID: 3227129158-4108050209
                                                  • Opcode ID: b124db7c61ffb204d39227c6344feed7c23ecce2eaa4347aef48875cd29f4ba0
                                                  • Instruction ID: a750644c6cdf383af705c6044078eaae71e50a9e91ed0e42d8bf67a40787c49f
                                                  • Opcode Fuzzy Hash: b124db7c61ffb204d39227c6344feed7c23ecce2eaa4347aef48875cd29f4ba0
                                                  • Instruction Fuzzy Hash: 1F011B31500218EEDB219F11EC48FAEBBB8FB45361F10809DE849D6151DB39AA94DF21
                                                  Function 0079007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c6aac6ba43a12aba353b172d36057be526107c4d5f1779574e2f91b70890be79
                                                  • Instruction ID: 28767b8f8dad7c4d2b2c86f28affa2af7a88b48f5f1e1c63bb0b7616f744cee3
                                                  • Opcode Fuzzy Hash: c6aac6ba43a12aba353b172d36057be526107c4d5f1779574e2f91b70890be79
                                                  • Instruction Fuzzy Hash: B4C18D75A1021AEFCB04CFA4D898EAEB7B5FF48314F208598E905EB251D735EE41DB90
                                                  Function 007B342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Variant$ClearInitInitializeUninitialize
                                                  • String ID:
                                                  • API String ID: 1998397398-0
                                                  • Opcode ID: 98fdf14bd6ec33b918c081ee3a498d5af845d2f6a0b2636266cde135e2b89049
                                                  • Instruction ID: cb7cbb6fde8c6f420d9a05af000bd6ea385c4ccb4a2d2a2ec77113dddfc807c3
                                                  • Opcode Fuzzy Hash: 98fdf14bd6ec33b918c081ee3a498d5af845d2f6a0b2636266cde135e2b89049
                                                  • Instruction Fuzzy Hash: D0A14875604204DFDB14DF28C489A6AB7E5FF88714F048859F98A9B362DB38EE41CB91
                                                  Function 00790436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,007CFC08,?), ref: 007905F0
                                                  • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,007CFC08,?), ref: 00790608
                                                  • CLSIDFromProgID.OLE32(?,?,00000000,007CCC40,000000FF,?,00000000,00000800,00000000,?,007CFC08,?), ref: 0079062D
                                                  • _memcmp.LIBVCRUNTIME ref: 0079064E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: FromProg$FreeTask_memcmp
                                                  • String ID:
                                                  • API String ID: 314563124-0
                                                  • Opcode ID: 1bf3aa340de0bc78eae46fdda7b65a0add88803e192d371386cbf9bc5d825dd1
                                                  • Instruction ID: 858397f251f6f654491ce920ce9c97005e1dbbaabcbf522a21e257a2c7b24980
                                                  • Opcode Fuzzy Hash: 1bf3aa340de0bc78eae46fdda7b65a0add88803e192d371386cbf9bc5d825dd1
                                                  • Instruction Fuzzy Hash: E1810771A10109EFCF04DF94C988EEEB7B9FF89315F204558E506AB250DB75AE06CBA0
                                                  Function 00771391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _free
                                                  • String ID:
                                                  • API String ID: 269201875-0
                                                  • Opcode ID: e7a87813fcea775cb08f45b20696e095b0ebb23c220dad4f4e40f337658ee2d1
                                                  • Instruction ID: 8075eabbd4fd902a002d6ef9c9a2dd2efd2de8b098ca407ec06ae71ada635fe1
                                                  • Opcode Fuzzy Hash: e7a87813fcea775cb08f45b20696e095b0ebb23c220dad4f4e40f337658ee2d1
                                                  • Instruction Fuzzy Hash: 8F413872A00140EBDF256BBD8C4AAEE3AA5EF413F0F548625FC1ED3292E67C48415761
                                                  Function 007C6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetWindowRect.USER32(?,?), ref: 007C62E2
                                                  • ScreenToClient.USER32(?,?), ref: 007C6315
                                                  • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 007C6382
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$ClientMoveRectScreen
                                                  • String ID:
                                                  • API String ID: 3880355969-0
                                                  • Opcode ID: 3476cc5ee608d7a5455b67d13a8e092e2b1c95cb86fd8692802a1340f4c9ce99
                                                  • Instruction ID: c20e428f968e95a3eb6fc85bff05656492073be54bebd3f4de6126a39a574b2e
                                                  • Opcode Fuzzy Hash: 3476cc5ee608d7a5455b67d13a8e092e2b1c95cb86fd8692802a1340f4c9ce99
                                                  • Instruction Fuzzy Hash: 64512675A00249AFDF10DF68D984EAE7BB6FB45360F10816DF9159B2A0D734ED81CB50
                                                  Function 007B1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • socket.WSOCK32(00000002,00000002,00000011), ref: 007B1AFD
                                                  • WSAGetLastError.WSOCK32 ref: 007B1B0B
                                                  • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 007B1B8A
                                                  • WSAGetLastError.WSOCK32 ref: 007B1B94
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$socket
                                                  • String ID:
                                                  • API String ID: 1881357543-0
                                                  • Opcode ID: 295f1674c771b43b139ee28475c6e18d8d3b41f1c92548691cb1c51f1edd1e8f
                                                  • Instruction ID: b2e4d5a42c8cf5ca09d599fc02691e911cb1e9650ada11306ba6d463008cc0d3
                                                  • Opcode Fuzzy Hash: 295f1674c771b43b139ee28475c6e18d8d3b41f1c92548691cb1c51f1edd1e8f
                                                  • Instruction Fuzzy Hash: BA41BF75600200AFE720AF24C89AF6A77E5AB44718F94C44CFA1A9F6D3D77ADD41CB90
                                                  Function 0076B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 26f1a1cadcd2d2545067f8b6c75d54efe0cb5f4d6e0b162f1ea9e5d923f1b5b7
                                                  • Instruction ID: 1a64d37a487e2d2615e9f97036d74cfc13c08e814f8b61b4827547c366b9e431
                                                  • Opcode Fuzzy Hash: 26f1a1cadcd2d2545067f8b6c75d54efe0cb5f4d6e0b162f1ea9e5d923f1b5b7
                                                  • Instruction Fuzzy Hash: 56414B71A00354FFD724AF38CC45BAA7FE9EB89710F10852AF947DB282D779A9418780
                                                  Function 007A56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 007A5783
                                                  • GetLastError.KERNEL32(?,00000000), ref: 007A57A9
                                                  • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 007A57CE
                                                  • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 007A57FA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CreateHardLink$DeleteErrorFileLast
                                                  • String ID:
                                                  • API String ID: 3321077145-0
                                                  • Opcode ID: b5dafab69a8e07d3c91458033af272fa51d5bbe56b55a288aadf2a83e8af3264
                                                  • Instruction ID: 1a638718ac151ca6b910039f58a6d5a4d8427efc8fc70edb147ece96ff07c0b6
                                                  • Opcode Fuzzy Hash: b5dafab69a8e07d3c91458033af272fa51d5bbe56b55a288aadf2a83e8af3264
                                                  • Instruction Fuzzy Hash: 3F411D3A600614DFDB25DF15C548A5DBBE2EF89320F19C488E84A6B362CB38FD41CB91
                                                  Function 0076D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • MultiByteToWideChar.KERNEL32(?,00000000,?,00756D71,00000000,00000000,007582D9,?,007582D9,?,00000001,00756D71,?,00000001,007582D9,007582D9), ref: 0076D910
                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0076D999
                                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0076D9AB
                                                  • __freea.LIBCMT ref: 0076D9B4
                                                    • Part of subcall function 00763820: RtlAllocateHeap.NTDLL(00000000,?,00801444,?,0074FDF5,?,?,0073A976,00000010,00801440,007313FC,?,007313C6,?,00731129), ref: 00763852
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                  • String ID:
                                                  • API String ID: 2652629310-0
                                                  • Opcode ID: 6acc5c245b60a010e3250c7c2c33325319f4a964e1a6cf1c72828847a68959a9
                                                  • Instruction ID: bb7f88e0468b999491b70dd9081051a001ccf33979e8cd8463498ff49af38e2e
                                                  • Opcode Fuzzy Hash: 6acc5c245b60a010e3250c7c2c33325319f4a964e1a6cf1c72828847a68959a9
                                                  • Instruction Fuzzy Hash: D931DC72E1020AABDF258F65DC45EEF7BA5EB40310B094168FC0AD7251EB39ED54CBA0
                                                  Function 007C52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 007C5352
                                                  • GetWindowLongW.USER32(?,000000F0), ref: 007C5375
                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007C5382
                                                  • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 007C53A8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: LongWindow$InvalidateMessageRectSend
                                                  • String ID:
                                                  • API String ID: 3340791633-0
                                                  • Opcode ID: 2b5519b6ea01cb1439bc76949beb3e4a1abf63995a72b454aa8c377650c39d4a
                                                  • Instruction ID: ad89877daec4e8685e03249741119c19306f216687ae543feb0344c0c5857f1f
                                                  • Opcode Fuzzy Hash: 2b5519b6ea01cb1439bc76949beb3e4a1abf63995a72b454aa8c377650c39d4a
                                                  • Instruction Fuzzy Hash: B731B234A55A88EFEB349A14CC09FE87765AB04394F58410EFA11962E1C7BEB9C09B41
                                                  Function 0079AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 0079ABF1
                                                  • SetKeyboardState.USER32(00000080,?,00008000), ref: 0079AC0D
                                                  • PostMessageW.USER32(00000000,00000101,00000000), ref: 0079AC74
                                                  • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 0079ACC6
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: KeyboardState$InputMessagePostSend
                                                  • String ID:
                                                  • API String ID: 432972143-0
                                                  • Opcode ID: 262d47b0b8a3413dbb00971aebf780d69620561dbbf6c0c39ffe01c4de166c28
                                                  • Instruction ID: 0fdee3011af3ad6fc1678561f4685a7ba637b3b6fdee8b9e0c6ed8abd05460e4
                                                  • Opcode Fuzzy Hash: 262d47b0b8a3413dbb00971aebf780d69620561dbbf6c0c39ffe01c4de166c28
                                                  • Instruction Fuzzy Hash: 05312830A01618BFFF35CB65AC08BFA7BA5AB86311F04461EE4855A2D0C37C898187F6
                                                  Function 007C7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ClientToScreen.USER32(?,?), ref: 007C769A
                                                  • GetWindowRect.USER32(?,?), ref: 007C7710
                                                  • PtInRect.USER32(?,?,007C8B89), ref: 007C7720
                                                  • MessageBeep.USER32(00000000), ref: 007C778C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Rect$BeepClientMessageScreenWindow
                                                  • String ID:
                                                  • API String ID: 1352109105-0
                                                  • Opcode ID: 76cd35a0e930c721b3d33f3fed3d261828b1c333ee44720c46176e338167e998
                                                  • Instruction ID: 58f985cf083948a0295c1e3abc69e07d33335135bdf586c429993a15238f9afe
                                                  • Opcode Fuzzy Hash: 76cd35a0e930c721b3d33f3fed3d261828b1c333ee44720c46176e338167e998
                                                  • Instruction Fuzzy Hash: 05418D34605618DFCB45CF68C898FA9BBF5FB49314F5980ACE9149B261CB38E941CF90
                                                  Function 007C16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetForegroundWindow.USER32 ref: 007C16EB
                                                    • Part of subcall function 00793A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00793A57
                                                    • Part of subcall function 00793A3D: GetCurrentThreadId.KERNEL32 ref: 00793A5E
                                                    • Part of subcall function 00793A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,007925B3), ref: 00793A65
                                                  • GetCaretPos.USER32(?), ref: 007C16FF
                                                  • ClientToScreen.USER32(00000000,?), ref: 007C174C
                                                  • GetForegroundWindow.USER32 ref: 007C1752
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                  • String ID:
                                                  • API String ID: 2759813231-0
                                                  • Opcode ID: 57825c1b5a6b1d004b4c97207bc780b376ac3d185c1980cfcc3ef6ca9ee64dc8
                                                  • Instruction ID: f1cb5169455bc1b034385e46ba016c866d9efb86ac40fa2fc8883a6e03b16f5f
                                                  • Opcode Fuzzy Hash: 57825c1b5a6b1d004b4c97207bc780b376ac3d185c1980cfcc3ef6ca9ee64dc8
                                                  • Instruction Fuzzy Hash: C4316D75D00149EFDB04EFA9C885DAEBBF9EF49304B5480ADE415E7212DA389E41CFA0
                                                  Function 0079DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00737620: _wcslen.LIBCMT ref: 00737625
                                                  • _wcslen.LIBCMT ref: 0079DFCB
                                                  • _wcslen.LIBCMT ref: 0079DFE2
                                                  • _wcslen.LIBCMT ref: 0079E00D
                                                  • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0079E018
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _wcslen$ExtentPoint32Text
                                                  • String ID:
                                                  • API String ID: 3763101759-0
                                                  • Opcode ID: fd9ae9242b12e3b0b4996b13ca634d1006c437757d7089839b14965553a758be
                                                  • Instruction ID: 33423627a2405fceb42150140e9f4d95c3c58e6897c4c6162f409e0d0d89186b
                                                  • Opcode Fuzzy Hash: fd9ae9242b12e3b0b4996b13ca634d1006c437757d7089839b14965553a758be
                                                  • Instruction Fuzzy Hash: CB21A171900214EFCB20DFA8D986BAEB7F8EF45750F254065E805BB246D7B89E41CBA1
                                                  Function 0079D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateToolhelp32Snapshot.KERNEL32 ref: 0079D501
                                                  • Process32FirstW.KERNEL32(00000000,?), ref: 0079D50F
                                                  • Process32NextW.KERNEL32(00000000,?), ref: 0079D52F
                                                  • CloseHandle.KERNEL32(00000000), ref: 0079D5DC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                  • String ID:
                                                  • API String ID: 420147892-0
                                                  • Opcode ID: 3da60336917899f2b32586d8f9bd51e82c681537c11e47280081bf42e00803fd
                                                  • Instruction ID: d94e763f0e3194d50d4ec6c0238c9fdeab661a35a65a081b8baa96768e378eca
                                                  • Opcode Fuzzy Hash: 3da60336917899f2b32586d8f9bd51e82c681537c11e47280081bf42e00803fd
                                                  • Instruction Fuzzy Hash: 2031B171108300DFD311EF64D885AAFBBE8EF99354F14092DF685861A2EB759944CBA2
                                                  Function 007C8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00749BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00749BB2
                                                  • GetCursorPos.USER32(?), ref: 007C9001
                                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00787711,?,?,?,?,?), ref: 007C9016
                                                  • GetCursorPos.USER32(?), ref: 007C905E
                                                  • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00787711,?,?,?), ref: 007C9094
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                  • String ID:
                                                  • API String ID: 2864067406-0
                                                  • Opcode ID: b2358db8c26dffd52fb310e14746320354e0ebf5f941407b27338e3af2557193
                                                  • Instruction ID: 91f9e74029496df424cc64af806fd81a6543213dcab46b4acf06c6a6de034c87
                                                  • Opcode Fuzzy Hash: b2358db8c26dffd52fb310e14746320354e0ebf5f941407b27338e3af2557193
                                                  • Instruction Fuzzy Hash: 58219F35600018EFCB668F94DC5CFEABBB9FB89360F14406DFA0587261C3399990DB60
                                                  Function 0079D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileAttributesW.KERNEL32(?,007CCB68), ref: 0079D2FB
                                                  • GetLastError.KERNEL32 ref: 0079D30A
                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 0079D319
                                                  • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,007CCB68), ref: 0079D376
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CreateDirectory$AttributesErrorFileLast
                                                  • String ID:
                                                  • API String ID: 2267087916-0
                                                  • Opcode ID: 99e859f05135cad199b62198b40f72a747864f83654690569b0a970c6a800594
                                                  • Instruction ID: 342f6f5867fadff208f6125b40834df378c771cd8bbf94c6b12cd45798de8c18
                                                  • Opcode Fuzzy Hash: 99e859f05135cad199b62198b40f72a747864f83654690569b0a970c6a800594
                                                  • Instruction Fuzzy Hash: 8121A170508201DF8B20DF28D8858AAB7E4FF56365F104A1DF499C32A2E738DD46CB93
                                                  Function 00791571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00791014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0079102A
                                                    • Part of subcall function 00791014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00791036
                                                    • Part of subcall function 00791014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00791045
                                                    • Part of subcall function 00791014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0079104C
                                                    • Part of subcall function 00791014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00791062
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 007915BE
                                                  • _memcmp.LIBVCRUNTIME ref: 007915E1
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00791617
                                                  • HeapFree.KERNEL32(00000000), ref: 0079161E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                  • String ID:
                                                  • API String ID: 1592001646-0
                                                  • Opcode ID: 367644925ad829c39a09bfdf360d4222a1b3c40569572f885a7d4e52ef751252
                                                  • Instruction ID: 43324e96350b7087a088640fa1c9401652a99b1166c1e1d958b9c7267db8c1d8
                                                  • Opcode Fuzzy Hash: 367644925ad829c39a09bfdf360d4222a1b3c40569572f885a7d4e52ef751252
                                                  • Instruction Fuzzy Hash: A821B371E4010AEFDF00DFA4D945BEEB7B8EF44345F4A8459E445A7241EB38AE15CB50
                                                  Function 007C2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetWindowLongW.USER32(?,000000EC), ref: 007C280A
                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 007C2824
                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 007C2832
                                                  • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 007C2840
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$Long$AttributesLayered
                                                  • String ID:
                                                  • API String ID: 2169480361-0
                                                  • Opcode ID: d2685db07beb025f4bccf0675ccf214455384488d1d470af9ea529e2b2c9c33b
                                                  • Instruction ID: bb55c0b13d242fca14db218e9cf528956b766050895afae60046c38be3a805bb
                                                  • Opcode Fuzzy Hash: d2685db07beb025f4bccf0675ccf214455384488d1d470af9ea529e2b2c9c33b
                                                  • Instruction Fuzzy Hash: F321D331204511AFE715DB24C884FAA7BA5AF45324F24815CF52ACB6E3CB79FC42CB90
                                                  Function 007978F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00798D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0079790A,?,000000FF,?,00798754,00000000,?,0000001C,?,?), ref: 00798D8C
                                                    • Part of subcall function 00798D7D: lstrcpyW.KERNEL32(00000000,?), ref: 00798DB2
                                                    • Part of subcall function 00798D7D: lstrcmpiW.KERNEL32(00000000,?,0079790A,?,000000FF,?,00798754,00000000,?,0000001C,?,?), ref: 00798DE3
                                                  • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00798754,00000000,?,0000001C,?,?,00000000), ref: 00797923
                                                  • lstrcpyW.KERNEL32(00000000,?), ref: 00797949
                                                  • lstrcmpiW.KERNEL32(00000002,cdecl,?,00798754,00000000,?,0000001C,?,?,00000000), ref: 00797984
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: lstrcmpilstrcpylstrlen
                                                  • String ID: cdecl
                                                  • API String ID: 4031866154-3896280584
                                                  • Opcode ID: 0ce4e2334dee958075d9570659ac64ba56698e083bd95f6a2e9ad2f42733c96d
                                                  • Instruction ID: b8d2faf2c87b84eaeb7720fe84b7c822b7dfb4580a194b1c6ee51987ffccbdf6
                                                  • Opcode Fuzzy Hash: 0ce4e2334dee958075d9570659ac64ba56698e083bd95f6a2e9ad2f42733c96d
                                                  • Instruction Fuzzy Hash: 2411067A200201EFCF195F35E848E7A77A9FF85360B10802AF946CB364EB399801C751
                                                  Function 007C7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetWindowLongW.USER32(?,000000F0), ref: 007C7D0B
                                                  • SetWindowLongW.USER32(00000000,000000F0,?), ref: 007C7D2A
                                                  • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 007C7D42
                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,007AB7AD,00000000), ref: 007C7D6B
                                                    • Part of subcall function 00749BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00749BB2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$Long
                                                  • String ID:
                                                  • API String ID: 847901565-0
                                                  • Opcode ID: 4e7ef347bc08f68ab2c88fac699f578c3910c9c62a2c89d29f4133567f04ee60
                                                  • Instruction ID: cd0884c5b7fc54b9e204edff1fa7f5500b63db7028b87651f0e13007d5da6aa1
                                                  • Opcode Fuzzy Hash: 4e7ef347bc08f68ab2c88fac699f578c3910c9c62a2c89d29f4133567f04ee60
                                                  • Instruction Fuzzy Hash: 27118E31604615AFCB159F28DC08E663BA5BF45360F15872CF83ADB2E0EB349950DB50
                                                  Function 007C5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,00001060,?,00000004), ref: 007C56BB
                                                  • _wcslen.LIBCMT ref: 007C56CD
                                                  • _wcslen.LIBCMT ref: 007C56D8
                                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 007C5816
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend_wcslen
                                                  • String ID:
                                                  • API String ID: 455545452-0
                                                  • Opcode ID: 0de84c673d4eb5ced28f7ec2d0ec52e403a862af963b635b66fa93171ea24dff
                                                  • Instruction ID: 9ba4a87dbad3fd4e3f21bb239c78997dc99416ca5e1f87ce1d7ec5857f2944bc
                                                  • Opcode Fuzzy Hash: 0de84c673d4eb5ced28f7ec2d0ec52e403a862af963b635b66fa93171ea24dff
                                                  • Instruction Fuzzy Hash: 0E11D671600608A6DF209F65CC85FEE77ACEF11764B10806EF915E6081E779FAC4CB60
                                                  Function 00761D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f9c755fd632400bb72cfc24bf0527228927da81429215f425f5ff94b0bf52431
                                                  • Instruction ID: d292d676167c1f2690c7ee8d179d10372b9f2ac17970f471ab1815cdc24ab2e2
                                                  • Opcode Fuzzy Hash: f9c755fd632400bb72cfc24bf0527228927da81429215f425f5ff94b0bf52431
                                                  • Instruction Fuzzy Hash: 4901D6B2705A1A7EF66116786CC9F27671CEF817B8F790329FD23611D2DB689C005670
                                                  Function 00791A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 00791A47
                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00791A59
                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00791A6F
                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00791A8A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: 0d62fc3be8de0c20497632a3f1befe6afbf1e8a68597675510fef2dd5772662b
                                                  • Instruction ID: fd6410bcdd8d5c05866e54d1e3e0123bde81b1fc87984f4891355229afb33775
                                                  • Opcode Fuzzy Hash: 0d62fc3be8de0c20497632a3f1befe6afbf1e8a68597675510fef2dd5772662b
                                                  • Instruction Fuzzy Hash: F111393AD01219FFEF11DBA5CD85FADBB78EB08750F204091EA04B7290D6716E50DB94
                                                  Function 0079E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentThreadId.KERNEL32 ref: 0079E1FD
                                                  • MessageBoxW.USER32(?,?,?,?), ref: 0079E230
                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0079E246
                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0079E24D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                  • String ID:
                                                  • API String ID: 2880819207-0
                                                  • Opcode ID: 90fd21ae0b0533daa972ca7e1f3ac1482d59d4bb89718c040cb2f408b0a857b8
                                                  • Instruction ID: 1031462b0a63a9bb30ed4379fd731fae01b98e26be9e8cf80868192b4434b708
                                                  • Opcode Fuzzy Hash: 90fd21ae0b0533daa972ca7e1f3ac1482d59d4bb89718c040cb2f408b0a857b8
                                                  • Instruction Fuzzy Hash: 9E110872904258BBCB01DBA8AC09E9E7FACFB45320F158219F814D3391D7B88D0487A1
                                                  Function 0075D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateThread.KERNEL32(00000000,?,0075CFF9,00000000,00000004,00000000), ref: 0075D218
                                                  • GetLastError.KERNEL32 ref: 0075D224
                                                  • __dosmaperr.LIBCMT ref: 0075D22B
                                                  • ResumeThread.KERNEL32(00000000), ref: 0075D249
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                  • String ID:
                                                  • API String ID: 173952441-0
                                                  • Opcode ID: 5b53d4bf4c6ab90ba0b14b4dfaa837503f841adf9f5dcfed337e89065a0600a3
                                                  • Instruction ID: e4d696281ea49c551201fc3eb79be506fd1d23439dc376085aa6e516df6dabce
                                                  • Opcode Fuzzy Hash: 5b53d4bf4c6ab90ba0b14b4dfaa837503f841adf9f5dcfed337e89065a0600a3
                                                  • Instruction Fuzzy Hash: 7C01D676805208BBD7315BA5DC09BEE7B69EF81332F104219FD25921D0DBF98D0AC6A1
                                                  Function 007C9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00749BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00749BB2
                                                  • GetClientRect.USER32(?,?), ref: 007C9F31
                                                  • GetCursorPos.USER32(?), ref: 007C9F3B
                                                  • ScreenToClient.USER32(?,?), ref: 007C9F46
                                                  • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 007C9F7A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Client$CursorLongProcRectScreenWindow
                                                  • String ID:
                                                  • API String ID: 4127811313-0
                                                  • Opcode ID: bb1e1674af74eece0ce687b3b689d76d3b08f9776bc5c8a7451d7986ac8a6e0b
                                                  • Instruction ID: 92403d4205dcbed43849599b5134914322a82d243167cee6393dc3bb8cba85a3
                                                  • Opcode Fuzzy Hash: bb1e1674af74eece0ce687b3b689d76d3b08f9776bc5c8a7451d7986ac8a6e0b
                                                  • Instruction Fuzzy Hash: A611453290011AEBDB41DFA8D889EEEB7B8FB05311F10445DFA01E3140D738BA91CBA5
                                                  Function 0073600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0073604C
                                                  • GetStockObject.GDI32(00000011), ref: 00736060
                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 0073606A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CreateMessageObjectSendStockWindow
                                                  • String ID:
                                                  • API String ID: 3970641297-0
                                                  • Opcode ID: a840278b796aea172e3a25146cc26c63a869208f6224e35dbe083d7cde4a0c6f
                                                  • Instruction ID: 9b544ffa04f4d4df6733cecfaa8d46ecf7aef244b8f1032d5c267fc4501639f2
                                                  • Opcode Fuzzy Hash: a840278b796aea172e3a25146cc26c63a869208f6224e35dbe083d7cde4a0c6f
                                                  • Instruction Fuzzy Hash: 04116D72501508BFEF164FA49C45EEABB69FF097A4F048215FA1852111D73ADC60DBA0
                                                  Function 00753B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • ___BuildCatchObject.LIBVCRUNTIME ref: 00753B56
                                                    • Part of subcall function 00753AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00753AD2
                                                    • Part of subcall function 00753AA3: ___AdjustPointer.LIBCMT ref: 00753AED
                                                  • _UnwindNestedFrames.LIBCMT ref: 00753B6B
                                                  • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00753B7C
                                                  • CallCatchBlock.LIBVCRUNTIME ref: 00753BA4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                  • String ID:
                                                  • API String ID: 737400349-0
                                                  • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                  • Instruction ID: 45ccabbd83f7e12143afa76a70b89573a5c8cd9d370941e82f9d87e90ad2b638
                                                  • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                  • Instruction Fuzzy Hash: A7012972100148BBDF125F95CC46EEB3B6AEF48799F044014FE4896121C77AE965DBA0
                                                  Function 00763073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,007313C6,00000000,00000000,?,0076301A,007313C6,00000000,00000000,00000000,?,0076328B,00000006,FlsSetValue), ref: 007630A5
                                                  • GetLastError.KERNEL32(?,0076301A,007313C6,00000000,00000000,00000000,?,0076328B,00000006,FlsSetValue,007D2290,FlsSetValue,00000000,00000364,?,00762E46), ref: 007630B1
                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0076301A,007313C6,00000000,00000000,00000000,?,0076328B,00000006,FlsSetValue,007D2290,FlsSetValue,00000000), ref: 007630BF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad$ErrorLast
                                                  • String ID:
                                                  • API String ID: 3177248105-0
                                                  • Opcode ID: 0f9406c9139bf898332814de1625f62f3095301e084bcb69db10c9337dcf1102
                                                  • Instruction ID: b8ae35e0642388f5ae90db8227f3e79c32932d7b1ee767c7875dd56d4532128f
                                                  • Opcode Fuzzy Hash: 0f9406c9139bf898332814de1625f62f3095301e084bcb69db10c9337dcf1102
                                                  • Instruction Fuzzy Hash: 7D01FC32301226ABC7314B799C44D577799EF05761B104724FD0BD3140C729D905C6E0
                                                  Function 00797464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0079747F
                                                  • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00797497
                                                  • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 007974AC
                                                  • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 007974CA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Type$Register$FileLoadModuleNameUser
                                                  • String ID:
                                                  • API String ID: 1352324309-0
                                                  • Opcode ID: 86892eb3f22c140856fad71633e3e0fe9107a393180628485eda3b5280b0969c
                                                  • Instruction ID: 600b17616224a59d22e968bc78311554138e76fbaed6b86ff7a666d683606202
                                                  • Opcode Fuzzy Hash: 86892eb3f22c140856fad71633e3e0fe9107a393180628485eda3b5280b0969c
                                                  • Instruction Fuzzy Hash: 18118BB1215354ABEB248F14EC09F927FFCEB00B10F10856DE61AD61A2D7B8E904DBA0
                                                  Function 0079B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0079ACD3,?,00008000), ref: 0079B0C4
                                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0079ACD3,?,00008000), ref: 0079B0E9
                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0079ACD3,?,00008000), ref: 0079B0F3
                                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0079ACD3,?,00008000), ref: 0079B126
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CounterPerformanceQuerySleep
                                                  • String ID:
                                                  • API String ID: 2875609808-0
                                                  • Opcode ID: ac0de854570049f86a009227486cd04144532880c4256ad7aae9e3c1f2b843ba
                                                  • Instruction ID: 63f58843e98329f7cee8903e7630504a8fd6b251c9791372d2ece271cb9f41a6
                                                  • Opcode Fuzzy Hash: ac0de854570049f86a009227486cd04144532880c4256ad7aae9e3c1f2b843ba
                                                  • Instruction Fuzzy Hash: DF115E71C0152CD7CF009FE5FA69AEEBB78FF49711F118099D941B2141CB3855508B55
                                                  Function 007C7E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetWindowRect.USER32(?,?), ref: 007C7E33
                                                  • ScreenToClient.USER32(?,?), ref: 007C7E4B
                                                  • ScreenToClient.USER32(?,?), ref: 007C7E6F
                                                  • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 007C7E8A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ClientRectScreen$InvalidateWindow
                                                  • String ID:
                                                  • API String ID: 357397906-0
                                                  • Opcode ID: ee0a98604b76a5ebac4a1fc24a7bfea8fbfacbb98c6220f4c117d6a79c9c3ab3
                                                  • Instruction ID: b2609a672b517ef7b2679939ee8545954dd61010d57febf59c7810902f9484d5
                                                  • Opcode Fuzzy Hash: ee0a98604b76a5ebac4a1fc24a7bfea8fbfacbb98c6220f4c117d6a79c9c3ab3
                                                  • Instruction Fuzzy Hash: 621126B9D0024AAFDB41DF98C984AEEBBF5FF08310F50905AE915E3210D735AA55CF54
                                                  Function 00792DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00792DC5
                                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 00792DD6
                                                  • GetCurrentThreadId.KERNEL32 ref: 00792DDD
                                                  • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00792DE4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                  • String ID:
                                                  • API String ID: 2710830443-0
                                                  • Opcode ID: d20bf85ba7542f9c2d2cdb87c2af57012d78bb8c21d684db1eecd710fb650dcd
                                                  • Instruction ID: 2632d0debbe556281f7adc96df136fa42cfd5b62e6697e7e924e3f6e558f9a2e
                                                  • Opcode Fuzzy Hash: d20bf85ba7542f9c2d2cdb87c2af57012d78bb8c21d684db1eecd710fb650dcd
                                                  • Instruction Fuzzy Hash: 10E092716012247BDB212B73AD0EFEB3F6CEF42BA1F004019F10AE10819AA8C842C7B0
                                                  Function 007C8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00749639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00749693
                                                    • Part of subcall function 00749639: SelectObject.GDI32(?,00000000), ref: 007496A2
                                                    • Part of subcall function 00749639: BeginPath.GDI32(?), ref: 007496B9
                                                    • Part of subcall function 00749639: SelectObject.GDI32(?,00000000), ref: 007496E2
                                                  • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 007C8887
                                                  • LineTo.GDI32(?,?,?), ref: 007C8894
                                                  • EndPath.GDI32(?), ref: 007C88A4
                                                  • StrokePath.GDI32(?), ref: 007C88B2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                  • String ID:
                                                  • API String ID: 1539411459-0
                                                  • Opcode ID: 9edfc8e4b219da9056707fe146e02b56cae647d718c53efa6bf044bf49475964
                                                  • Instruction ID: a5846003ef7b8f82050ff2b42c817aab093c1172c0978df9cdb1193ef67453f5
                                                  • Opcode Fuzzy Hash: 9edfc8e4b219da9056707fe146e02b56cae647d718c53efa6bf044bf49475964
                                                  • Instruction Fuzzy Hash: 6EF03436041258FBEB136F94AC0EFDA3F69AF06320F448008FA55651E2C7B95561CBAA
                                                  Function 007498B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetSysColor.USER32(00000008), ref: 007498CC
                                                  • SetTextColor.GDI32(?,?), ref: 007498D6
                                                  • SetBkMode.GDI32(?,00000001), ref: 007498E9
                                                  • GetStockObject.GDI32(00000005), ref: 007498F1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Color$ModeObjectStockText
                                                  • String ID:
                                                  • API String ID: 4037423528-0
                                                  • Opcode ID: 40bfe173e7b1d12e9e7c3d182f883229e4eb18a1ad81d40991e19e9341c7c450
                                                  • Instruction ID: e85c9b9c28adb8469e426966cf93f6bd114a53feeafbce98ed0b6afd0d37696c
                                                  • Opcode Fuzzy Hash: 40bfe173e7b1d12e9e7c3d182f883229e4eb18a1ad81d40991e19e9341c7c450
                                                  • Instruction Fuzzy Hash: 95E03931684284ABDB225B75BC09BE93B20AB52336F18C219F6BE980E1C37986509B10
                                                  Function 0079162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentThread.KERNEL32 ref: 00791634
                                                  • OpenThreadToken.ADVAPI32(00000000,?,?,?,007911D9), ref: 0079163B
                                                  • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,007911D9), ref: 00791648
                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,007911D9), ref: 0079164F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CurrentOpenProcessThreadToken
                                                  • String ID:
                                                  • API String ID: 3974789173-0
                                                  • Opcode ID: b42367de4e03ac5664994df1da84dd34fa3fce81d34574bc3d13f8f2836fffe5
                                                  • Instruction ID: 510c283242ccc13a888389a3ba52d8f2f667214d856e3e4b1ef2082394546bf7
                                                  • Opcode Fuzzy Hash: b42367de4e03ac5664994df1da84dd34fa3fce81d34574bc3d13f8f2836fffe5
                                                  • Instruction Fuzzy Hash: F7E08671A01211DBDB201FA0AE0DF463B7CBF44791F18C80CF249C9080DA3C8481C758
                                                  Function 0078D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDesktopWindow.USER32 ref: 0078D858
                                                  • GetDC.USER32(00000000), ref: 0078D862
                                                  • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0078D882
                                                  • ReleaseDC.USER32(?), ref: 0078D8A3
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CapsDesktopDeviceReleaseWindow
                                                  • String ID:
                                                  • API String ID: 2889604237-0
                                                  • Opcode ID: 75794807a5c7271453244201edf6c960300e71b37be75218b7c2a5c7810b165a
                                                  • Instruction ID: 38ce57bae0f4a2518b8027895e64683f2d8d1680cfe453d261fc9a4299546888
                                                  • Opcode Fuzzy Hash: 75794807a5c7271453244201edf6c960300e71b37be75218b7c2a5c7810b165a
                                                  • Instruction Fuzzy Hash: 51E01AB5800205DFCB52AFA0D90CA6DBBB1FB08310F14C009E84AF7250C73C8942AF44
                                                  Function 0078D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetDesktopWindow.USER32 ref: 0078D86C
                                                  • GetDC.USER32(00000000), ref: 0078D876
                                                  • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0078D882
                                                  • ReleaseDC.USER32(?), ref: 0078D8A3
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CapsDesktopDeviceReleaseWindow
                                                  • String ID:
                                                  • API String ID: 2889604237-0
                                                  • Opcode ID: eac52e2488a85a4bcb54e4247b3ac6a7d3ba77883549dab86ca9bfb74367b28d
                                                  • Instruction ID: d7aab1a4b3d3444071f7cd9bed90430cd72d9243542dede9ed72c24e05a9a494
                                                  • Opcode Fuzzy Hash: eac52e2488a85a4bcb54e4247b3ac6a7d3ba77883549dab86ca9bfb74367b28d
                                                  • Instruction Fuzzy Hash: A3E09A75800605DFCB529FA0D90CA6DBBB5BB08311F149449E94AF7250D73D99429F54
                                                  Function 007A4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00737620: _wcslen.LIBCMT ref: 00737625
                                                  • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 007A4ED4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Connection_wcslen
                                                  • String ID: *$LPT
                                                  • API String ID: 1725874428-3443410124
                                                  • Opcode ID: 47af97d6e344a2c0a30e8e4039ebb6731483f3e8a38e93125ee87d3c6e356031
                                                  • Instruction ID: 0758c01bcf3258dc4686ca4fee55409c625906206bcbc50542a6c44a1c0e21a3
                                                  • Opcode Fuzzy Hash: 47af97d6e344a2c0a30e8e4039ebb6731483f3e8a38e93125ee87d3c6e356031
                                                  • Instruction Fuzzy Hash: 1C918275A04204DFDB14DF58C484EAABBF1BF85304F188199E80A9F362D77AED85CB91
                                                  Function 0075E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __startOneArgErrorHandling.LIBCMT ref: 0075E30D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ErrorHandling__start
                                                  • String ID: pow
                                                  • API String ID: 3213639722-2276729525
                                                  • Opcode ID: bad11ea46cacbe7a4b7c9fff5d9a5ae91cc3969ebb3a123e67aa4f9d09a52fcf
                                                  • Instruction ID: cc9e95647b23e099d454be46d7fc811ddf423442e6f8fad88e512822b0fe4578
                                                  • Opcode Fuzzy Hash: bad11ea46cacbe7a4b7c9fff5d9a5ae91cc3969ebb3a123e67aa4f9d09a52fcf
                                                  • Instruction Fuzzy Hash: B3517B71A0C20196CB1D7714C9453F93BA4AB10786F308D99FCD7422A9EB7D8DCADA86
                                                  Function 0074E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: #
                                                  • API String ID: 0-1885708031
                                                  • Opcode ID: 363169c8d495af9ceebba8b7e310d4f407fc419d6de0e66935f4d52262a6290f
                                                  • Instruction ID: 9ae48afa9b7ba15ed6fe01cb24f42728418f094146a56df903c6cc1ea132d702
                                                  • Opcode Fuzzy Hash: 363169c8d495af9ceebba8b7e310d4f407fc419d6de0e66935f4d52262a6290f
                                                  • Instruction Fuzzy Hash: 0B513435644246DFEB15EF28C485AFA7BA4FF16320F248059EC919B2D0D77C9D42CBA0
                                                  Function 0074F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • Sleep.KERNEL32(00000000), ref: 0074F2A2
                                                  • GlobalMemoryStatusEx.KERNEL32(?), ref: 0074F2BB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: GlobalMemorySleepStatus
                                                  • String ID: @
                                                  • API String ID: 2783356886-2766056989
                                                  • Opcode ID: e8b242b84d1617d89ee4c9d3b13da9f3b6e36abef44fa49481b28b4b388cbe37
                                                  • Instruction ID: 0bd6ca4df8637cee711bf4f878b756cb80ec40fa8f7b916822b0d440d75cf113
                                                  • Opcode Fuzzy Hash: e8b242b84d1617d89ee4c9d3b13da9f3b6e36abef44fa49481b28b4b388cbe37
                                                  • Instruction Fuzzy Hash: 185119724087499BE320AF10D88ABAFB7F8FB84300F81885DF1D951196EB759529CB66
                                                  Function 007B5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 007B57E0
                                                  • _wcslen.LIBCMT ref: 007B57EC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: BuffCharUpper_wcslen
                                                  • String ID: CALLARGARRAY
                                                  • API String ID: 157775604-1150593374
                                                  • Opcode ID: ebdf6f0624728f9abb7ce35edf83b041e2e3dc608dc2f6aebb3547e074229665
                                                  • Instruction ID: 39a8b64ddf9ccc906f87604df8073c9b76a44501882c8ea1f6ce038ef61c7f4e
                                                  • Opcode Fuzzy Hash: ebdf6f0624728f9abb7ce35edf83b041e2e3dc608dc2f6aebb3547e074229665
                                                  • Instruction Fuzzy Hash: 61419F71E00209DFCB14DFA9C886AFEBBB5FF59324F144069E505A7252E7789D81CBA0
                                                  Function 007AD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _wcslen.LIBCMT ref: 007AD130
                                                  • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 007AD13A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CrackInternet_wcslen
                                                  • String ID: |
                                                  • API String ID: 596671847-2343686810
                                                  • Opcode ID: e5d52f4c708d8b5f518c485f395d74db7a9fb155076e4d1add58db9c4a5c9929
                                                  • Instruction ID: 78ad6af5657430a9cc5468158530648929b4cee25840136f8a4214b739d55136
                                                  • Opcode Fuzzy Hash: e5d52f4c708d8b5f518c485f395d74db7a9fb155076e4d1add58db9c4a5c9929
                                                  • Instruction Fuzzy Hash: 01313D71D00209EBDF15EFA4CC89AEEBFB9FF49300F004119F915A6162E739AA46CB50
                                                  Function 007C356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DestroyWindow.USER32(?,?,?,?), ref: 007C3621
                                                  • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 007C365C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$DestroyMove
                                                  • String ID: static
                                                  • API String ID: 2139405536-2160076837
                                                  • Opcode ID: 8c0ff1abe5e9a1de26717b67d8f025525e4b31e583f8af118e077f00dcd55ada
                                                  • Instruction ID: 040f8c7692f70bc9412767fa9c6613bfc00201a204b19b1c1e92b24a24579897
                                                  • Opcode Fuzzy Hash: 8c0ff1abe5e9a1de26717b67d8f025525e4b31e583f8af118e077f00dcd55ada
                                                  • Instruction Fuzzy Hash: 58318C71110204AAEB109F78DC81FFB73A9FF88720F00D61DF9A597290DA39AD91CB60
                                                  Function 007C4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 007C461F
                                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 007C4634
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: '
                                                  • API String ID: 3850602802-1997036262
                                                  • Opcode ID: 49e5676388d0e9152b9e03ef27823c964f44a8c9da44f456fc3ec941f643f360
                                                  • Instruction ID: ce16e390c195a3827922cdc1dbce41bd5086f2a968e5ca2b0bf717497ab83852
                                                  • Opcode Fuzzy Hash: 49e5676388d0e9152b9e03ef27823c964f44a8c9da44f456fc3ec941f643f360
                                                  • Instruction Fuzzy Hash: AE311675A002099FDF14CFA9D9A0FEABBB5FB09310F10406EE904AB341D774A951CF90
                                                  Function 007C31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 007C327C
                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 007C3287
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID: Combobox
                                                  • API String ID: 3850602802-2096851135
                                                  • Opcode ID: 7c82859aab585533199c5fdb1580873107796fbc548ad6613f7f20f4893fa9cb
                                                  • Instruction ID: 0538568f2babf292ff945a0001c112b06c8d9d11d55575d3460b3bf32e65c3f3
                                                  • Opcode Fuzzy Hash: 7c82859aab585533199c5fdb1580873107796fbc548ad6613f7f20f4893fa9cb
                                                  • Instruction Fuzzy Hash: 7B11B271300208BFFF259E54DC85FBB376AFB94364F10812DF91897290D6799D518760
                                                  Function 007C3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0073600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0073604C
                                                    • Part of subcall function 0073600E: GetStockObject.GDI32(00000011), ref: 00736060
                                                    • Part of subcall function 0073600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0073606A
                                                  • GetWindowRect.USER32(00000000,?), ref: 007C377A
                                                  • GetSysColor.USER32(00000012), ref: 007C3794
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                  • String ID: static
                                                  • API String ID: 1983116058-2160076837
                                                  • Opcode ID: f05a7cba0aa5fdb72306d84f54b955d9ff86b5b1eae545b1896f11f41a5271c1
                                                  • Instruction ID: 49e52dc53173c4eb11839edd5daf4c34c5536243135949de7860b9f4c781e7ac
                                                  • Opcode Fuzzy Hash: f05a7cba0aa5fdb72306d84f54b955d9ff86b5b1eae545b1896f11f41a5271c1
                                                  • Instruction Fuzzy Hash: C411F9B2610209AFDF01DFA8CC8AEEA7BB8FB09354F008519FD55E2250D779E9519B50
                                                  Function 007ACD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 007ACD7D
                                                  • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 007ACDA6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Internet$OpenOption
                                                  • String ID: <local>
                                                  • API String ID: 942729171-4266983199
                                                  • Opcode ID: eb598f163ca8b615a73e546e1750470d3b317dda0d53004fd84e1055b2872e81
                                                  • Instruction ID: 04e0c763c9966095a6b2dbb511ce99e554e41602e5ed49302f0b4a4cf249905a
                                                  • Opcode Fuzzy Hash: eb598f163ca8b615a73e546e1750470d3b317dda0d53004fd84e1055b2872e81
                                                  • Instruction Fuzzy Hash: 1A11C271305635BAD73A4B668C49EF7BEACEF937A4F00432AB11983180D7789840DAF0
                                                  Function 007C3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetWindowTextLengthW.USER32(00000000), ref: 007C34AB
                                                  • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 007C34BA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: LengthMessageSendTextWindow
                                                  • String ID: edit
                                                  • API String ID: 2978978980-2167791130
                                                  • Opcode ID: b783d956d95814e6aa58b4b18eb236109a1d6f0f55593dc69e137bf5c3c3d8d5
                                                  • Instruction ID: 7304a441c3cd60af27f5bb1aaee01719ae59ad8f04eef6e71438ad0ad127fe30
                                                  • Opcode Fuzzy Hash: b783d956d95814e6aa58b4b18eb236109a1d6f0f55593dc69e137bf5c3c3d8d5
                                                  • Instruction Fuzzy Hash: 39116A71100248ABEB169E64DC84FBA37AAEB05374F50832CF965931E0C779EE519B60
                                                  Function 00796C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                  • CharUpperBuffW.USER32(?,?,?), ref: 00796CB6
                                                  • _wcslen.LIBCMT ref: 00796CC2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _wcslen$BuffCharUpper
                                                  • String ID: STOP
                                                  • API String ID: 1256254125-2411985666
                                                  • Opcode ID: 206802c45499d2f9e742643c75555dab5e3296d0ca028b230c7dd7f5240fa0d2
                                                  • Instruction ID: 25d2342d75c2a7243f4cf5a7e060cd5b2e3690461094d54207a3b34ee0edf0d8
                                                  • Opcode Fuzzy Hash: 206802c45499d2f9e742643c75555dab5e3296d0ca028b230c7dd7f5240fa0d2
                                                  • Instruction Fuzzy Hash: 720104326105268ACF21AFBDEC958BF77B4EB61710B000628F96292191EB39E800C760
                                                  Function 00791CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                    • Part of subcall function 00793CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00793CCA
                                                  • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00791D4C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ClassMessageNameSend_wcslen
                                                  • String ID: ComboBox$ListBox
                                                  • API String ID: 624084870-1403004172
                                                  • Opcode ID: 6c3991fbe4eb2e3bc8a5f1596104d75f83e074f9379749a283d9ac21cfe7f9d0
                                                  • Instruction ID: d0518c37985aa8ece5a353e870fe07288fc01d9130edded137ddf63dc4fd5413
                                                  • Opcode Fuzzy Hash: 6c3991fbe4eb2e3bc8a5f1596104d75f83e074f9379749a283d9ac21cfe7f9d0
                                                  • Instruction Fuzzy Hash: 1101F171700619AB9F08EBA0DC19CFE73A8EB42390B400A19E932673C2EA7859188660
                                                  Function 00791BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                    • Part of subcall function 00793CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00793CCA
                                                  • SendMessageW.USER32(?,00000180,00000000,?), ref: 00791C46
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ClassMessageNameSend_wcslen
                                                  • String ID: ComboBox$ListBox
                                                  • API String ID: 624084870-1403004172
                                                  • Opcode ID: 1c24fa8fc51f5e980238b5c80236a79aa15bd2ac3646c5628d0df80833b815ac
                                                  • Instruction ID: e19373791cd353d1e3e43bbe3d55ea1061e28a1f6bc7b6685bbab14db7634652
                                                  • Opcode Fuzzy Hash: 1c24fa8fc51f5e980238b5c80236a79aa15bd2ac3646c5628d0df80833b815ac
                                                  • Instruction Fuzzy Hash: 5101F7B1684109A6DF05EBA0DA55DFF77A89F12340F500019B616732C2EA6C9E18C6B1
                                                  Function 00791C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                    • Part of subcall function 00793CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00793CCA
                                                  • SendMessageW.USER32(?,00000182,?,00000000), ref: 00791CC8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ClassMessageNameSend_wcslen
                                                  • String ID: ComboBox$ListBox
                                                  • API String ID: 624084870-1403004172
                                                  • Opcode ID: 3c18e88767a9fc5b0da473eb48e53d8eba39f8640e379cc98fd54b1b89d60218
                                                  • Instruction ID: f17c0c938684ac3c75ffa23c3620342e1d7b9a6ffb4321813720c79c14b50898
                                                  • Opcode Fuzzy Hash: 3c18e88767a9fc5b0da473eb48e53d8eba39f8640e379cc98fd54b1b89d60218
                                                  • Instruction Fuzzy Hash: 7401D6B5680119A7DF05EBA0DA05EFE77A89B12340F940415B902B3282EAAC9F18C771
                                                  Function 00791D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00739CB3: _wcslen.LIBCMT ref: 00739CBD
                                                    • Part of subcall function 00793CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00793CCA
                                                  • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00791DD3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ClassMessageNameSend_wcslen
                                                  • String ID: ComboBox$ListBox
                                                  • API String ID: 624084870-1403004172
                                                  • Opcode ID: b73b38d0db01cf7ff357eb434824bc781860a781ad967a5c19a960dbaefeb7f2
                                                  • Instruction ID: b3994132643e7ed6fb5a4ef81a8a973904e49c06571754e39622f4461fbca63e
                                                  • Opcode Fuzzy Hash: b73b38d0db01cf7ff357eb434824bc781860a781ad967a5c19a960dbaefeb7f2
                                                  • Instruction Fuzzy Hash: E1F0A975B41219A6DF04E7A4DD55EFE7768AB02350F440915B522672C2DAA859188270
                                                  Function 007B747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: _wcslen
                                                  • String ID: 3, 3, 16, 1
                                                  • API String ID: 176396367-3042988571
                                                  • Opcode ID: 77de11c6c15edf357ec733fbc49bfee5fe27dde68058c2fcb430e770737c4a75
                                                  • Instruction ID: 48206b5f15f990647cbb431ef82cc845802a869d3f1f6c27f8adc5fb8ce036f8
                                                  • Opcode Fuzzy Hash: 77de11c6c15edf357ec733fbc49bfee5fe27dde68058c2fcb430e770737c4a75
                                                  • Instruction Fuzzy Hash: 18E02B426042A060923913B99CC6BFF5689CFC5762710182BFD81C2366EBDC9DD1D3A0
                                                  Function 00790B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00790B23
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Message
                                                  • String ID: AutoIt$Error allocating memory.
                                                  • API String ID: 2030045667-4017498283
                                                  • Opcode ID: 3a21421b4d0cb948de134590a8cbecf40901c2bd9e4b3b7fd6886baeb4661bbf
                                                  • Instruction ID: c2d2c7f9f773730139fa91a76fc43cb24d973714e03a03deec5005d58a53f949
                                                  • Opcode Fuzzy Hash: 3a21421b4d0cb948de134590a8cbecf40901c2bd9e4b3b7fd6886baeb4661bbf
                                                  • Instruction Fuzzy Hash: 5CE048712443187AD21537547C0BFC97B848F05B55F10446EFB9C555C38BED649056E9
                                                  Function 00750D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0074F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00750D71,?,?,?,0073100A), ref: 0074F7CE
                                                  • IsDebuggerPresent.KERNEL32(?,?,?,0073100A), ref: 00750D75
                                                  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0073100A), ref: 00750D84
                                                  Strings
                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00750D7F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                  • API String ID: 55579361-631824599
                                                  • Opcode ID: feca0395e9a1b6c2c8a898db6afd4b6dfa75f1c0c54de2423078802f0199a12b
                                                  • Instruction ID: 5bc31643123bddbf2649cfb9bbe2c4a541a49ec748c0223c89e62c320ba0469c
                                                  • Opcode Fuzzy Hash: feca0395e9a1b6c2c8a898db6afd4b6dfa75f1c0c54de2423078802f0199a12b
                                                  • Instruction Fuzzy Hash: 26E06D702007418BE3619FB8D808B827BF0BF00751F00892DE886C6652DBFCE4488BD1
                                                  Function 007A3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 007A302F
                                                  • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 007A3044
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: Temp$FileNamePath
                                                  • String ID: aut
                                                  • API String ID: 3285503233-3010740371
                                                  • Opcode ID: 5bbf463409465d83afbf807c6b58b326376ec8bed25533bb37e37a084ad3aa6f
                                                  • Instruction ID: d6c0734248dc4bd5ee6cd828cd1ad2873930b7c3b7f4c91cc90099250820fef9
                                                  • Opcode Fuzzy Hash: 5bbf463409465d83afbf807c6b58b326376ec8bed25533bb37e37a084ad3aa6f
                                                  • Instruction Fuzzy Hash: 83D05EB250032867DA20E7A4AC0EFDB3B6CEB04750F0042A1B659E6091DAB89984CAD4
                                                  Function 0078D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: LocalTime
                                                  • String ID: %.3d$X64
                                                  • API String ID: 481472006-1077770165
                                                  • Opcode ID: fcb2dd7bae54bfa668b256f92e5186f6ecc24c7e98df9b646c04d8a7ed51436b
                                                  • Instruction ID: eee0e3ca225de2836e103d6d8e7f72bca9200c2bc1342b9e9d808c2b502e1358
                                                  • Opcode Fuzzy Hash: fcb2dd7bae54bfa668b256f92e5186f6ecc24c7e98df9b646c04d8a7ed51436b
                                                  • Instruction Fuzzy Hash: FDD012A1888108FACB60A6E0DC49CB9B37CFB08301F508452F90692080D73CCD08A761
                                                  Function 007C2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 007C236C
                                                  • PostMessageW.USER32(00000000), ref: 007C2373
                                                    • Part of subcall function 0079E97B: Sleep.KERNEL32 ref: 0079E9F3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: FindMessagePostSleepWindow
                                                  • String ID: Shell_TrayWnd
                                                  • API String ID: 529655941-2988720461
                                                  • Opcode ID: 9ca0e21d5ae2b250cf1d746851d155bfd2339df46a68bfc6a5bd13884edb2feb
                                                  • Instruction ID: 620a15a9c3e62ad112cc08ab1e368208927f7332f7b420d367a6da7457bcd4b7
                                                  • Opcode Fuzzy Hash: 9ca0e21d5ae2b250cf1d746851d155bfd2339df46a68bfc6a5bd13884edb2feb
                                                  • Instruction Fuzzy Hash: F4D0C972781310BAE665B771AC0FFC666149B04B14F10895AB74AEA2D0C9A8B8018A58
                                                  Function 007C2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 007C232C
                                                  • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 007C233F
                                                    • Part of subcall function 0079E97B: Sleep.KERNEL32 ref: 0079E9F3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: FindMessagePostSleepWindow
                                                  • String ID: Shell_TrayWnd
                                                  • API String ID: 529655941-2988720461
                                                  • Opcode ID: 4236cdbaf3c316616cf2d1dba172c8ef5d7f540fb1eccfbc01e5f4124926cd4a
                                                  • Instruction ID: f89c4e322b6df472e745b01d756acbc147721a67c8a1e2dba7b097cbf162da7b
                                                  • Opcode Fuzzy Hash: 4236cdbaf3c316616cf2d1dba172c8ef5d7f540fb1eccfbc01e5f4124926cd4a
                                                  • Instruction Fuzzy Hash: 36D0C976794310B6E664B771AC0FFD66A149B00B14F10895AB74AAA2D0C9A8A8018A58
                                                  Function 0076BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0076BE93
                                                  • GetLastError.KERNEL32 ref: 0076BEA1
                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0076BEFC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2021619550.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000000.00000002.2021599822.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021681107.00000000007F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021750605.00000000007FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2021785952.0000000000804000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_730000_osr730ky3m.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide$ErrorLast
                                                  • String ID:
                                                  • API String ID: 1717984340-0
                                                  • Opcode ID: 678f6eee0c9c704d353780b2852667f87f503e08227405d683e5df090a3d13d9
                                                  • Instruction ID: 32b35bfd214de9450ac4317e4122929c6a1c5b1b518a1c52dca43be7b61e5511
                                                  • Opcode Fuzzy Hash: 678f6eee0c9c704d353780b2852667f87f503e08227405d683e5df090a3d13d9
                                                  • Instruction Fuzzy Hash: C641D435600206EFCF218FA5CC98AEA7BA5AF43310F144169FD5AD71B1EB398D81CB61