Edit tour

Windows Analysis Report
https://www.facebook.com/help/1017717331640041?ref=cr

Overview

General Information

Sample URL:	https://www.facebook.com/help/1017717331640041?ref=cr
Analysis ID:	1431586

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 7060 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/help/1017717331640041?ref=cr MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6264 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1980,i,5769851342067004962,2876809165628800043,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.16:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.16:49770 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103

Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: scontent.xx.fbcdn.net
Source: global traffic	DNS traffic detected: DNS query: video.xx.fbcdn.net
Source: global traffic	DNS traffic detected: DNS query: static.xx.fbcdn.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.16:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.16:49770 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@13/35@16/47

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/help/1017717331640041?ref=cr
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1980,i,5769851342067004962,2876809165628800043,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1980,i,5769851342067004962,2876809165628800043,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://www.facebook.com/help/1017717331640041?ref=cr	0%	Avira URL Cloud	safe
https://www.facebook.com/help/1017717331640041?ref=cr	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
star-mini.c10r.facebook.com	31.13.65.36	true	false	high
scontent.xx.fbcdn.net	31.13.88.13	true	false	high
video.xx.fbcdn.net	31.13.65.14	true	false	high
www.google.com	142.250.9.103	true	false	high
www.facebook.com	unknown	unknown	false	high
static.xx.fbcdn.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.facebook.com/help/1017717331640041?ref=cr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.125.136.94	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
31.13.65.36	star-mini.c10r.facebook.com	Ireland	32934	FACEBOOKUS	false
142.250.9.101	unknown	United States	15169	GOOGLEUS	false
142.250.9.103	www.google.com	United States	15169	GOOGLEUS	false
31.13.88.13	scontent.xx.fbcdn.net	Ireland	32934	FACEBOOKUS	false
74.125.138.84	unknown	United States	15169	GOOGLEUS	false
31.13.65.7	unknown	Ireland	32934	FACEBOOKUS	false
172.253.124.95	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431586
Start date and time:	2024-04-25 13:34:56 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://www.facebook.com/help/1017717331640041?ref=cr
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@13/35@16/47

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.136.94, 142.250.9.101, 142.250.9.138, 142.250.9.102, 142.250.9.139, 142.250.9.100, 142.250.9.113, 74.125.138.84, 34.104.35.123, 172.253.124.95, 142.251.15.95, 142.250.105.95, 64.233.177.95, 172.217.215.95, 142.250.9.95, 74.125.138.95, 64.233.185.95, 64.233.176.95, 108.177.122.95, 74.125.136.95, 173.194.219.95
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 10:35:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.979802174016899
Encrypted:	false
SSDEEP:
MD5:	3445C886E3BA1ED9F94018CD4F6747B3
SHA1:	FF110C2717E7179FD40C151A3F05BB73853A8F43
SHA-256:	953CC82BCCD9A543ECF6C906C7A6C82DA5C994C8381119743958A0A355DA24FF
SHA-512:	78744771A004184D8D0F1D93E54C44B41E53A416F1F8E59958BE2FBDB9B93FD4882E05FFA4135B435B481A61DCC0411BC48D77F64E92B4D162E21DAE6D1F4818
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....(......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xd\....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xk\....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xk\....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xk\..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xm\...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 10:35:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9949549591796982
Encrypted:	false
SSDEEP:
MD5:	D4EAD1EEDF2C02DEAC0B0B184B28C613
SHA1:	251C5AE3A00BC3A3C83EBD3E79C383FDE9383805
SHA-256:	6EBB080D3BC3071026F09A78603720824DCFA7070A1E7C127AC1EC740A565D6D
SHA-512:	6939E80369779FCD2301F02E1B7EC0E5C8B7530301F2FBF9F6BDA10894F705CF29459707B680ED21A2599525245E0B437A841A008DA44219F79F10DDE46DF879
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....^.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xd\....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xk\....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xk\....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xk\..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xm\...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.003429481341651
Encrypted:	false
SSDEEP:
MD5:	8EA30FB9C6565B21B37F5FD1F4352D31
SHA1:	93861C6BA33D6FB7A7A3456073AF1C771AF0F1B5
SHA-256:	791B53F1EB06ADB58F24D308F3EFBC8544BE6F04FE43119338F23E6B7A9A718B
SHA-512:	02FC21C971253C4ED8D7C33E9796EE39022F55F0B62F761A5BBA8C1D7BEE5CDF0BE89EAFCBDF41A27495F4E53E93ABD062AC7B8DAF7D505E9A2BFF1041267304
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xd\....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xk\....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xk\....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xk\..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 10:35:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.992944631574687
Encrypted:	false
SSDEEP:
MD5:	8786E083F2250F8A20856DE137738253
SHA1:	37EF6FE45F1670153D29A2955F868C15A2201EAC
SHA-256:	98FA21F65771C9C277602CF2A6A2E0F54893397ACD86304006A10B652FD9CAC5
SHA-512:	A3D61900B9184E61B47E40BD9BFA38F16345F45E84465C47EF61C4E2C71037DF8EE6F1A000AB3E33D913642B8B0E1C28A7E7BF0D0A298CBA2136084694CDD096
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,..........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xd\....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xk\....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xk\....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xk\..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xm\...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 10:35:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9840133679311722
Encrypted:	false
SSDEEP:
MD5:	DCC22C7C5CC30BA871C26F862CDA59EE
SHA1:	5E26C170907A88DBF83BD7C1952C595C023C166C
SHA-256:	2F0DF50D6A8D0C482CBC49AAC201A641558782F759B7DCD084FE6D3B18B84E1D
SHA-512:	1B6119D64E5C7CA46C28321056B91FCF97B50865476F70CBBEB221C23268C2F2ABA3780B02CEA77D4501C820D1CCEBBDCE137206E38D99D7028CA1D43FA68B80
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....!......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xd\....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xk\....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xk\....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xk\..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xm\...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 10:35:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9933702962188558
Encrypted:	false
SSDEEP:
MD5:	EAC08C167F490B18C63C2F16D70B19BB
SHA1:	6BA82CB414345A5BE5A9F52461C9DE95CC71AEE5
SHA-256:	EA843A1FDD16080EB6D1D3876ADB7C3B5B5D65DDA712F505F0A3994631DA511E
SHA-512:	E141A950E3FC84087FF66BA61BF18E00D35C8D6A24616AA898645FA429D5E39051A0C488CBE27C40F5F9358E0F7F5461768B4F372C4B20C9872A6AE2B4CD8B6D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xd\....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xk\....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xk\....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xk\..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xm\...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7978)
Category:	downloaded
Size (bytes):	244704
Entropy (8bit):	5.333924083492712
Encrypted:	false
SSDEEP:
MD5:	6B74326AE5352C0B84BD9780847CA4E7
SHA1:	2617E5E7296E2905D071ED2A2168A366EFB14962
SHA-256:	0FB4C9C4DE1D3563DE27A02BD7B19276F7A1CAEBD04D1272E5FCF6F8F418365D
SHA-512:	E291DF8A5B316C31BFB2D68EDDC25A66B8548DADF1BFB87532102F880B180C6D2F68F092BC60C232C862451F1366D12066287CD468B5908FAC02818B0498E386
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3ipko4/y-/l/en_US/X2TsijNK9je.js?_nc_x=Ij3Wp8lg5Kz
Preview:	;/FB_PKG_DELIM/..__d("useFeedClickEventHandler",["react","useStoryClickEventLogger"],(function(a,b,c,d,e,f,g){"use strict";var h,i=(h\|\|d("react")).useCallback;function a(a,b){var d=c("useStoryClickEventLogger")();return i(function(c){a&&a(c);var e=c.type;if(e==="click"\|\|e==="contextmenu"\|\|e==="mousedown"&&typeof c.button==="number"&&(c.button===1\|\|c.button===2)\|\|e==="keydown"&&(c.key==="Enter"\|\|c.key===" ")){e=typeof c.button==="number"?c.button:0;d(c.timeStamp,e,b)}},[a,d,b])}g["default"]=a}),98);.__d("useSEOLoggedOutWebCrawler",["gkx"],(function(a,b,c,d,e,f,g){"use strict";function a(){return c("gkx")("23157")}g["default"]=a}),98);.__d("getFormattedTimestamp",["DateConsts"],(function(a,b,c,d,e,f,g){"use strict";function a(a){var b="";a=a;isNaN(a)?a=0:a<0&&(a=-1,b="-");var c=Math.floor(a/d("DateConsts").SEC_PER_HOUR),e=Math.floor((a-cd("DateConsts").SEC_PER_HOUR)/d("DateConsts").SEC_PER_MIN);a=Math.round(a-cd("DateConsts").SEC_PER_HOUR-ed("DateConsts").SEC_PER_MIN);a===d("DateCo

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (22583)
Category:	downloaded
Size (bytes):	205804
Entropy (8bit):	5.586233292539999
Encrypted:	false
SSDEEP:
MD5:	CDD85F00FF7B027688BC5A626040D993
SHA1:	47A648D373F2777153217F71C5CEF5BF67304653
SHA-256:	469F1C355D2453C7C92007DEF0D8BCF19459DC68B3475F4A5D97D940EB1C500C
SHA-512:	D12772F131DE27A552424C55767D2B73CB619714AFA4B945CC5E79CFD94016B36AB8AB5E32A181C2C5341BAC865C289A4ADF3C7A9F8DA3D4EB8D3CED28C7AC65
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3/y-/r/0BDtEvi0O_j.js?_nc_x=Ij3Wp8lg5Kz
Preview:	;/FB_PKG_DELIM/..__d("ReStoreDbClosedError",["ClientConsistencyEventEmitter","MAWCurrentUser"],(function(a,b,c,d,e,f,g){"use strict";var h="ReStore DB closed";a=function(a){babelHelpers.inheritsLoose(b,a);function b(b){var e;b=(b=b)!=null?b:h;e=a.call(this,b)\|\|this;e.message=b;switch(d("MAWCurrentUser").getAppID()){case 772021112871879:c("ClientConsistencyEventEmitter").emit("hardRefresh","ls_forced_refresh");break;default:c("ClientConsistencyEventEmitter").emit("softRefresh","ls_forced_refresh")}return e}return b}(babelHelpers.wrapNativeSuper(Error));g["default"]=a}),98);.__d("WABaseGlobals",["WAErr"],(function(a,b,c,d,e,f,g){"use strict";var h=null;function a(a){h=a}function i(){if(h==null)throw c("WAErr")("Trying to access WAGlobals before being set");return h}function b(a){var b=i();b.myJids=a}function d(){var a;a=(a=i().myJids)==null?void 0:a.deviceJid;if(a==null)throw c("WAErr")("Trying to access myDeviceJid, but it's not set");return a}function e(){var a;a=(a=i().myJids)==null

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 10 x 10, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	79
Entropy (8bit):	4.71696959175789
Encrypted:	false
SSDEEP:
MD5:	8DC258A49B60FAE051E9A7CE11AD05CF
SHA1:	DAFEF280663F4205FC7F0E47799E9945E6A68D6D
SHA-256:	C8CAED93847AFFC154CB3D424E34FC146E7340BB29ABEBD5EBA7063E3DCA0604
SHA-512:	5F11ED60D79A80EF7CCEFFA907CD55F31D8DB19BD2A7F4C2650C62A355C5071C5FB61DA1EB0A2071CE22ECDC35C0D12F51E4D13AAC3B0FDB95ED4629815B5AFB
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............PX.....IDAT.Wc...0a.!..)....A,....Zl....IEND.B`.

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 25 x 667, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	4979
Entropy (8bit):	7.614843001992971
Encrypted:	false
SSDEEP:
MD5:	6DEF324124D47C5E01A8BD2945C00F48
SHA1:	49C3D4710CDFD4102862CD1E75002926593F7285
SHA-256:	5593DA9AE25EEEEDA868D6513A7D2B8D2B6611D43BA2CBBFBAAF4D75443B64E6
SHA-512:	D18F8CA112DA23DA35F8604190B40973343D41FC84ACBED67DA15788595DD8E516A4432F0E80747E6D5EBC18E4F487E33F7718B09161177FD1AD4CAE5BCFE443
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............7......PLTEGpL.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................`e......tRNS.....................$.&..d...@v...N..Lj...<.J.T..B.,pP....8H..~......Z....2.D.:b.^(t.`..."0.\|F ..ln.4hV.rRfz\.x>.X6........Z.>b.....t...XRN.z..,B..@.<.8...L...6........pIDATx^...w.....(....j.v..37I.LM.......33^.....l.....}{..{..3.o...id[.df...i.a......&@....ZM"Q.6...b.m..I2.\.~.x..7..f]7.j..@$hmL..J.x8'..X.z$I....%...:0^.,p.x..A...D.. k.!r.. ......M.!.:.....F......."}..$1..i...6..,....w.i...b...e..,X

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	C source, ASCII text, with very long lines (5132)
Category:	downloaded
Size (bytes):	1647473
Entropy (8bit):	5.589816616037225
Encrypted:	false
SSDEEP:
MD5:	20AC05023C2B92E6C16E6706812EE0FA
SHA1:	3276AD0D00AC9C8F1C8543D6A80351FC8862A19B
SHA-256:	161F6EDE8D57A62E54EA97FFC94BE74E6DB7BD07DBB2CE3B7FD24B4278D98351
SHA-512:	EA851151FBC735FE0EED405AC65E8C7A4D2C9660876D37EF6048237A5217F0C2DAD0CCCC58DA653AF15770F6CC37693E21EB99E61CD2F339F3A4D6DF201AAF3C
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3iNDt4/y_/l/en_US/vT9VmYUW5o_2MMLUYRYX8H-5ImAI0NH6cmcEjhxJ4DUQQlX_aE0r1PS3HCpLSVOcCKzrnr6TsFSr0mX5b57s5euVn8ReVJO9XfpJbFQNTOO17nyjp6N_3_1r8QxICfB1br9s0hTZAi8AUSytV8VboDm5Asa1khGZLKE4JqFtgSZfLCUIvUbwLWNQ_ZOydP_U_ZHZsLFrlts-jVFSGkRKYSDSChwA5tkNw5200aUsCbGvpEBpeqAfTCmiJOH7Igqe6pzef64Z_255CLWM0GAkdKZQE_9obluRZ-oUUotbMy6GoSLIyzRLRpQuGFI3DBJFNz9kWOs2Bl.js?_nc_x=Ij3Wp8lg5Kz
Preview:	;/FB_PKG_DELIM/..__d("MessengerCreateVideoMeetupLinkMutation_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="4971536746285420"}),null);.__d("MessengerCreateVideoMeetupLinkMutation.graphql",["MessengerCreateVideoMeetupLinkMutation_facebookRelayOperation"],(function(a,b,c,d,e,f){"use strict";a=function(){var a=[{defaultValue:null,kind:"LocalArgument",name:"input"}],c=[{alias:null,args:[{kind:"Variable",name:"data",variableName:"input"}],concreteType:"CreateVideoMeetupLinkResponsePayload",kind:"LinkedField",name:"create_video_meetup_link",plural:!1,selections:[{alias:null,args:null,concreteType:"MessengerCallInviteLink",kind:"LinkedField",name:"meetup_link",plural:!1,selections:[{alias:null,args:null,kind:"ScalarField",name:"id",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"link_url",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"link_hash",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"is_audio_only",storageKey:null}],sto

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3581)
Category:	downloaded
Size (bytes):	619549
Entropy (8bit):	5.526432484834652
Encrypted:	false
SSDEEP:
MD5:	EF8388D636ED34C95821B1BB4EB18089
SHA1:	19D79C797B4A72853407562217BA041E984824FC
SHA-256:	C29B63F775F35DAD325CFA4064AD19DE23D384AF9A3BC22BC963A4856788BB10
SHA-512:	5746EEFEB58DE6C6DBFEF219FC6FBC0ECBAD6E1BEF427C5AF4B60145C93B475C96C447F6FAB7470702CD4591AD68A4F2BEBDC823D75B62F13A2C80F356C40470
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3iLUp4/yK/l/en_US/cKeW8roYXN6.js?_nc_x=Ij3Wp8lg5Kz
Preview:	;/FB_PKG_DELIM/..__d("MessengerPlatformClientTypedLogger",["Banzai","GeneratedLoggerUtils"],(function(a,b,c,d,e,f){"use strict";a=function(){function a(){this.$1={}}var c=a.prototype;c.log=function(a){b("GeneratedLoggerUtils").log("logger:MessengerPlatformClientLoggerConfig",this.$1,b("Banzai").BASIC,a)};c.logVital=function(a){b("GeneratedLoggerUtils").log("logger:MessengerPlatformClientLoggerConfig",this.$1,b("Banzai").VITAL,a)};c.logImmediately=function(a){b("GeneratedLoggerUtils").log("logger:MessengerPlatformClientLoggerConfig",this.$1,{signal:!0},a)};c.clear=function(){this.$1={};return this};c.getData=function(){return babelHelpers["extends"]({},this.$1)};c.updateData=function(a){this.$1=babelHelpers["extends"]({},this.$1,a);return this};c.setAppID=function(a){this.$1.appid=a;return this};c.setAppversion=function(a){this.$1.appversion=a;return this};c.setClientUserID=function(a){this.$1.client_userid=a;return this};c.setClienttime=function(a){this.$1.clienttime=a;return this};c

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	2.6465732373896285
Encrypted:	false
SSDEEP:
MD5:	3E764F0F737767B30A692FAB1DE3CE49
SHA1:	58FA0755A8EE455819769EE0E77C23829BF488DD
SHA-256:	88AE5454A7C32C630703440849D35C58F570D8EECC23C071DBE68D63CE6A40D7
SHA-512:	2831536A2CA9A2562B7BE1053DF21C2ED51807C9D332878CF349DC0B718D09EEB587423B488C415672C89E42D98D9A9218FACE1FCF8E773492535CB5BD67E278
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/yT/r/aGT3gskzWBf.ico
Preview:	............ .h...&... .... .........(....... ..... ..........................................h. .f...............f...g...d.@.........................`...e...f...f...............f...f...f...e...p...............`...f...f...f...f...............f...f...f...f...f...p...........e...f...f...f...f...............f...f...f...f...f...e.......d.@.f...f...f...f...f...............f...f...f...f...f...f...h. .e...f...f...f....U..........................y'..f...f...f...g...f...f...f...f...............................U..f...f...f...f...f...f...f...f..................................f...f...f...f...f...f...f...f...f...f...............f...f...f...f...f...f...f...f...f...f...f...f...f...............p...f...f...f...f...f...f...f...f...f...f...f...f...................d...U..f...f...f...e...h. .f...f...f...f...f....d......................f...f...f...h.@.....f...f...f...f...f...f....t.................f...f...f...........p...f...f...f...f...f...f...f...f...f...f...f...f...`...............p...f...f...f...f

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 33 x 7551, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	40105
Entropy (8bit):	7.975729301655481
Encrypted:	false
SSDEEP:
MD5:	2E0D67347A26A72A0E05CC2FD2B3A2FE
SHA1:	DF6D72C40FD5F61FAC52960B364D481264AA5C9C
SHA-256:	33E5F74069A5DF3F616DD448EB8E9C2462785E5B2AE86CA8BB7BE1325607B17B
SHA-512:	EAC20AE43D47EA1CB6B512583AA5BE7A61026C132F74BB2B0D3CE6850A5EA4D26607A8F3E43B0C2C67A2EC7707A74700553E417BF05E410273DBD4CC9367A012
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...!.........P.......PLTEGpL.................................@".............A!.&&&A!.............?#.A!.............A!.K7....A!.......egkA!.A!....A!.&&&...&&&...A!.A!....A!.A!....A!.%&&A!.&&&&&&WM..........%&&...A!.A!.&&&egk&&&%&&...A!.egkA!.aflegk...A!.A!.&&&A!.]fmA!.Seo...A!....A!..........A!.egkegkegk...>%.A!.egkegk&&&...A!....M9....%&&A!.A!.A!.egk&&&...............&&&A!.&&&A!....egkA!....%&&aglegkA!....egkegk&&&...&&&egk&&&&&&A!.A!....egkegk&&&A!.egkegkA!.&&&%&&%%%...egkA!.A!.&&&A!.%&&A!.A!.egk&&&egk...A!....%%%A!....egk...A!....A!.......A!.%&&&&&&&&Seo&&&&&&......egk...egkA!....A!..........%&&egk$&'egkegkSeo...Seo%&&&&&A!.[fm%&&SeoSeo&&&&&&&&&...egkegkegkegk$&&Seo......A!.SeoSeoSeoC&..d....Seo......C&..d..d.....d..c..c..d..&/....c.SeoA!.......&&&egk...Seo.d.C&.....'0L.......tRNS.. ...`..............`...@.....j........o...P.M=.r..........\|..2Z~.....0...$ ...(..#JZ......J@.P.o...v.C.f.....].=.dQ.DC.k...Y..V.xL.7.&.ox *.;.(...I.&..8..35.W.@Q..>..`/U...kc`.d..

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (17932)
Category:	downloaded
Size (bytes):	464393
Entropy (8bit):	5.575301848839165
Encrypted:	false
SSDEEP:
MD5:	BE4EF2EDBBD6D850751AC6F0FAD258B7
SHA1:	5B90EC2888C07D94F9BE3D65B4B39C4D0EC5676F
SHA-256:	B901583CB3A5FF16D87EAA0351E438D876A659B37F95D00704605AB03A9CB2A1
SHA-512:	CD50357530BDDC67CD2223C84D3737AA8E40FBC355528BF58FD270C8D6C141C4B235C0E8D6E92281ACA2AC31D6B1EB9F1F8C4F6ADC04EE3D1F7A038356937A0A
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3iqCa4/yk/l/en_US/wJp52nvz1ae5ZkXAripZr_ddzAjX3zw6-B0OdX43q2GFIrE8-piq6hnjNpTDZZlkCUgyavQe48WU_zE-JfhlTC1KYOb4ogPB374KArtWgidsHKcF59UmBT9FQm8o4MlXnp-UozIL0rgP_U_LkNf1d3KCGSDhghb7Y459weup9piKX4tdoB5TwLTgz_UVWNjWqZTe5mZYyH8WWwN2LFh1MVrlgpvjqNL7irFEZ38vTsgRsOMyBoLRLu3H72Gk3tdxggnPwQZ5fpKH0jGBA_gDAPwCDUPTJIn-tn6pzsPZArhA9Vjul_wIugD21mPGNBoJ0VfA-vK5TH.js?_nc_x=Ij3Wp8lg5Kz
Preview:	;/FB_PKG_DELIM/..__d("d3-axis",["d3-axis-1.0.8"],(function(a,b,c,d,e,f){e.exports=b("d3-axis-1.0.8")()}),null);.__d("d3-selection",["d3-selection-1.3.0"],(function(a,b,c,d,e,f){e.exports=b("d3-selection-1.3.0")()}),null);./*. License: https://www.facebook.com/legal/license/t3hOLs8wlXy/. */.__d("javascript-blowfish-1.0.5",[],(function(a,b,c,d,e,f){"use strict";b={};var g={exports:b};function h(){var a=function(b,c){this.key=b,(c==="ecb"\|\|c==="cbc")&&(this.mode=c),this.sBox0=a.sBox0.slice(),this.sBox1=a.sBox1.slice(),this.sBox2=a.sBox2.slice(),this.sBox3=a.sBox3.slice(),this.pArray=a.pArray.slice(),this.generateSubkeys(b)};a.prototype={sBox0:null,sBox1:null,sBox2:null,sBox3:null,pArray:null,key:null,mode:"ecb",iv:"abc12345",keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encrypt:function(a,b){if(this.mode==="ecb")return this.encryptECB(a);if(this.mode==="cbc")return this.encryptCBC(a,b);throw new Error("\u041d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (9068)
Category:	downloaded
Size (bytes):	13113
Entropy (8bit):	5.339226725289703
Encrypted:	false
SSDEEP:
MD5:	F35B3D18D517B17F73726A4CAF0AFE23
SHA1:	F17766BD7F1E11ACDF2097140EA02CFC4166EAF8
SHA-256:	98B09BA61E11A3DE415D169D459608536D40E6D7793BD9D8BA191215929F4610
SHA-512:	DCA27A84314B0859456A310B00BB9C6294E6983E3BFAFD0C15E893617E3B8EA89CE766872E92FF94EF9F12519963DFD6484D60DB74D6452EC62C0AA89055A320
Malicious:	false
Reputation:	unknown
URL:	"https://static.xx.fbcdn.net/rsrc.php/v3/yG/l/0,cross/pstnMZS49LB.css?_nc_x=Ij3Wp8lg5Kz"
Preview:	._4rv3{border-top:1px solid rgba(0, 0, 0, .10);flex-basis:54px;z-index:201}._7og6{border-top:none;position:relative}._5irm{display:flex;flex-direction:row;margin:0 8px 0 12px;overflow:hidden;position:relative}._5irm._7mkm{align-items:flex-end;background-color:rgba(255, 255, 255, 1);margin:0;padding:0 8px}._6q1a ._5irm._7mkm{background-color:#fafbfc}._5irm._1_73{flex-direction:column}._4rv4{align-items:flex-end;display:flex;justify-content:space-between;line-height:0;padding:8px 0}._3km1{float:left}._3km1 a,._3km1 ._7hi7,._4rv4 ._7hi7,._4rv4 a{display:inline-block;height:32px;outline:none;padding:0;vertical-align:top;width:32px}._4rv4 li{display:inline-block;vertical-align:top}._4rv4 li:last-child{display:inline-block;margin-right:0}._4rv3 ._4rv4 ._5vn8{background-image:url(/rsrc.php/v3/ye/r/g_SZjs7znxd.png);background-repeat:no-repeat;background-size:auto;background-position:0 -231px;display:block;height:100%;width:100%}._6q1a ._4rv3 ._4rv4 ._5vn8{background-image:url(/rsrc.php/v3/ye/r

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (11690)
Category:	downloaded
Size (bytes):	16698
Entropy (8bit):	4.885256578566654
Encrypted:	false
SSDEEP:
MD5:	2C3250A5AAACD8B0EFEC6FF89CBCC50E
SHA1:	8A3FB7B0C88D5F2D1B43BBE774CD4D7D10BFC1E3
SHA-256:	41ABFC499D003B235B44D18FAC88D75EA6155F79DCA433F12E73836F8C431776
SHA-512:	EC1ECC4ED96C2D0B2863C9F4B2761612FB5705917025610DA00ECF1050D9C732CE3B496B016340C6456F24D7F9D09463C2E3679C87F1C91068F1CB877211A92C
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3/ym/r/QsoMO6CExWr.js?_nc_x=Ij3Wp8lg5Kz
Preview:	;/FB_PKG_DELIM/..__d("HelpCenterHomePage_config.graphql",[],(function(a,b,c,d,e,f){"use strict";a={argumentDefinitions:[],kind:"Fragment",metadata:null,name:"HelpCenterHomePage_config",selections:[{alias:null,args:null,concreteType:null,kind:"LinkedField",name:"home_content_instance",plural:!1,selections:[{kind:"InlineFragment",selections:[{args:null,documentName:"HelpCenterHomePage_config",fragmentName:"FacebookHelpCenterHomeContent_content",fragmentPropName:"content",kind:"ModuleImport"}],type:"FacebookHelpCenterHomeContent",abstractKey:null},{kind:"InlineFragment",selections:[{args:null,documentName:"HelpCenterHomePage_config",fragmentName:"MessengerHelpCenterHomeContent_content",fragmentPropName:"content",kind:"ModuleImport"}],type:"MessengerHelpCenterHomeContent",abstractKey:null},{kind:"InlineFragment",selections:[{args:null,documentName:"HelpCenterHomePage_config",fragmentName:"WhitehatHelpCenterHomeContent_content",fragmentPropName:"content",kind:"ModuleImport"}],type:"Whiteh

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 320 x 62, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	5184
Entropy (8bit):	7.809022240894155
Encrypted:	false
SSDEEP:
MD5:	E886E7F0AFB91B0F758C449080368124
SHA1:	B8B77BCB8C252CEBB108164F29C233683B7CE154
SHA-256:	9644A6EA223B2A55DA3B8E6856AB8513ADCB735DDEBA8CEC202A2C5E16FA1415
SHA-512:	832897A8F6F1E6EC1978C0AD3F3170E6CEB8476DCD71BB379ADC4384304CCD90FDFDBDFCD74152F4D9863D0A6CAE29F225D8857F6C5AD1BA001CB8935248AFB5
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/h9b1AHfIb8K.png
Preview:	.PNG........IHDR...@...>.....m.2.....PLTEGpL.......T..x....\|......x.....x..x..w..x..x........f..w..f..x..x..x.....x.TT..x..x..w..x..x..x.TTT....y..x.gx..x..x.fw..T..x..v.fy.fff.x.fx..y..w..x..y.d{..x..y..x.gx..w..x..x.gx..x..x.gz..w..\|..x..x.T..gx..~..x..\|..x.'...x.gz.gy.gx.....z..x..x..x..z..x..x..x..v..x.gx.iz.ew..x..x..x..x..x..x..x..w..x..x.gy.gy.gy.gy..x..x..x..x..r..x..w..x..x..x..x..x..x..w..x..x..x.f~.gy.gy.gy.gx.fx.gy.gy.ex..x..x..x..x.'...x..w..w.fx..x..x..x.hx.gy.gy.gy.hy.gy.gy.gy.ew.fy..x..x..w..w..x..x..x..x..w..x..x.gy.hv.gy.gz.gy.gy.gy.g~.gy..x..x./...x..x..v..w..w..y..x.fz.gy.fx.gz.jv.gy.fx..x..x..x..y..w..w.gy.gy.gz.gz.gy.hy.gy.hy..x..w..w..m..x.hy.fx..y.gy.gx.gx.ez.....x........~..~..y..z..}..\|.o...x.l...{..{..\|.q..r..m...z.....{..}.h{..y.i\|.j}.n..hz.....~.s..n..gy.q..t........{...K:f....tRNS.....................^o...........(O.#.#......k. .I....]....x..{..>.7......+.<...Y.......~.Dh.......qm.c...4...............i..X%.0...o.+.s.&Hud8..[-X.Lw:..>...............e

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7664)
Category:	downloaded
Size (bytes):	132577
Entropy (8bit):	5.435230192624647
Encrypted:	false
SSDEEP:
MD5:	306BAB1685CB31D1DF7535584CEB5A16
SHA1:	E2666DD04A47B9CF000DDADB37D869CA91951DE1
SHA-256:	D703E372C6632EDC4234075868FBC3F4D839695D5B93D01F26709AA73964B96C
SHA-512:	530E3B988FA4ACB3218A20EE88F8D727C2C530ED5D1F1B12A907103181265C379194D430BDEF7E56D247BDB3B16634B4D693CC370B8CAE177EB53036234EBFD5
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3ipAs4/y3/l/en_US/qO4Drs-0t2TjGohjlAFMftIiHytkqlWf1nwXld_aRRkjmxXdbIqD3hpJMFM44EldgRQ-mzyeIbGsWDUcnqrSktjP7zPlBN1Ws7j.js?_nc_x=Ij3Wp8lg5Kz
Preview:	;/FB_PKG_DELIM/..__d("HelpCenterBaseFeedbackContainerV2_Mutation_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="6768811089846490"}),null);.__d("HelpCenterBaseFeedbackContainerV2_Mutation.facebook.graphql",["HelpCenterBaseFeedbackContainerV2_Mutation_facebookRelayOperation"],(function(a,b,c,d,e,f){"use strict";a=function(){var a=[{defaultValue:null,kind:"LocalArgument",name:"input"}],c=[{alias:null,args:[{kind:"Variable",name:"data",variableName:"input"}],concreteType:"HelpCenterGiveFeedbackResponsePayload",kind:"LinkedField",name:"help_center_give_feedback",plural:!1,selections:[{alias:null,args:null,kind:"ScalarField",name:"client_mutation_id",storageKey:null}],storageKey:null}];return{fragment:{argumentDefinitions:a,kind:"Fragment",metadata:null,name:"HelpCenterBaseFeedbackContainerV2_Mutation",selections:c,type:"Mutation",abstractKey:null},kind:"Request",operation:{argumentDefinitions:a,kind:"Operation",name:"HelpCenterBaseFeedbackContainerV2_Mutation",selections:c},

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (11847)
Category:	downloaded
Size (bytes):	232618
Entropy (8bit):	5.6001847769248085
Encrypted:	false
SSDEEP:
MD5:	74616337DBF83E253C0A38DEA2B4391A
SHA1:	010D051AA214140468A3C32275617A87EA0783D4
SHA-256:	69D098BB35ED9F6E1E97A3743D3DDAEAB4BFE919CEB133C2A6079DE70999872D
SHA-512:	2ECB230BE54F72A1ED89F83334EABC4BD4E5217490DD5939DE6878CB2BA8A2E8198F13D2CE641E0E663EEC731697BE252EF1F80BEC7B69233316742CD5835DCC
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3iapy4/y4/l/en_US/IOrpiQBOsq-.js?_nc_x=Ij3Wp8lg5Kz
Preview:	;/FB_PKG_DELIM/..__d("MWChatForwardDialogQuery_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="6112170612169266"}),null);.__d("MWChatForwardDialogQuery$Parameters",["MWChatForwardDialogQuery_facebookRelayOperation"],(function(a,b,c,d,e,f){"use strict";a={kind:"PreloadableConcreteRequest",params:{id:b("MWChatForwardDialogQuery_facebookRelayOperation"),metadata:{},name:"MWChatForwardDialogQuery",operationKind:"query",text:null}};e.exports=a}),null);.__d("useSharedNUX",["CometNUXManagerContext","react","recoverableViolation","useNUXLoggers","useStable"],(function(a,b,c,d,e,f,g){"use strict";var h;b=h\|\|d("react");var i=b.useContext,j=b.useEffect,k=b.useState;function a(a){var b=c("useStable")(function(){return a});if(b!==a){var d;c("recoverableViolation")("Error nux changed at runtime from "+((d=b)!=null?d:"null")+" to "+((d=a)!=null?d:"null")+", this is not supported and will lead to erratic behavior, we have continued to use your initially supplied nux","comet_ui")}d=k(!1)

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	24
Entropy (8bit):	4.053508854797679
Encrypted:	false
SSDEEP:
MD5:	A62223264CD530204B2933EF9B663F93
SHA1:	7CD63C5A89DB974468AA6765C5BE8DC719AB811D
SHA-256:	FD802AFC88F2A78C16207E7055F163D903BE3B32E3A11A95E84ACC6284798883
SHA-512:	02276DFEBBC9C4BBA0286232D571C16155F017914CEB37B3F32FC12D3B81B174478C20444902E31957FAEF59BAD0C80D4D1D5241E5DBABDB69CB3F1314E9AE6E
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAlyCXj1PD6lfBIFDb2Fgw8=?alt=proto
Preview:	Cg8KDQ29hYMPGgYIARABGAM=

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6105)
Category:	downloaded
Size (bytes):	41351
Entropy (8bit):	5.5167747139025956
Encrypted:	false
SSDEEP:
MD5:	795218C436B18C667195BDA6068723EC
SHA1:	CF5AB6EDFF0DF534F7CAF2C9E2219F8B51852908
SHA-256:	B2C67F9082942BFB0652DA35D5E2A07106B64B9875EEB611D59E147AA18D3910
SHA-512:	64842208198272AD9DE49961334639307FA285979D8573C168456DCDF2FD640D7E20C8542763B9BD5FC259213A3FB8F904D4AFE2976533E21E822F0723FFDFD4
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3idBq4/yg/l/en_US/VB7yY5XMurx.js?_nc_x=Ij3Wp8lg5Kz
Preview:	;/FB_PKG_DELIM/..__d("ChannelConstants",[],(function(a,b,c,d,e,f){var g="channel/";a={CHANNEL_MANUAL_RECONNECT_DEFER_MSEC:2e3,MUTE_WARNING_TIME_MSEC:25e3,WARNING_COUNTDOWN_THRESHOLD_MSEC:15e3,ON_SHUTDOWN:g+"shutdown",ON_INVALID_HISTORY:g+"invalid_history",ON_CONFIG:g+"config",ON_ENTER_STATE:g+"enter_state",ON_EXIT_STATE:g+"exit_state",ATTEMPT_RECONNECT:g+"attempt_reconnect",RTI_SESSION:g+"new_rti_address",CONSOLE_LOG:g+"message:console_log",GET_RTI_SESSION_REQUEST:g+"rti_session_request",SKYWALKER:g+"skywalker",CHANNEL_ESTABLISHED:g+"established",OK:"ok",ERROR:"error",ERROR_MAX:"error_max",ERROR_MISSING:"error_missing",ERROR_MSG_TYPE:"error_msg_type",ERROR_SHUTDOWN:"error_shutdown",ERROR_STALE:"error_stale",SYS_OWNER:"sys_owner",SYS_NONOWNER:"sys_nonowner",SYS_ONLINE:"sys_online",SYS_OFFLINE:"sys_offline",SYS_TIMETRAVEL:"sys_timetravel",HINT_AUTH:"shutdown auth",HINT_CONN:"shutdown conn",HINT_DISABLED:"shutdown disabled",HINT_INVALID_STATE:"shutdown invalid state",HINT_MAINT:"shutdow

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 25 x 1321, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	5532
Entropy (8bit):	7.698817850984474
Encrypted:	false
SSDEEP:
MD5:	5089BD3D1973653CA0DF68486601F074
SHA1:	8E64BA6244CC78F6EC2AA65A1D2A076CAADF8F31
SHA-256:	A17140624748BC1F39C418F2A26E33CE2780CB89F80AD8532358B8DB0DD6E897
SHA-512:	6B46A015801A0C187E68795EA238166C2C069562803F81EAB272B04F55097521E644CDE9DDE5A89BA697CB4D68A40EA012B0DCD2B0336633E3C2959ADBD83ECB
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......)......u][....PLTEGpL..................................................................................................................................................................................................................................................................egk.................................egkegk.w........................................egkegkegk...egk...egkegkegkegk....w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w..w............................egk...egk...egk.w....egk.w.egk.......w.........tRNS...Z...>.............~..H.f$.........."..P..N...v....\.,.:T.&.d.(x..jFX..pB.t.J.4.l.<`.L2.6V........^.z0.r.\|.D..>Z@.n\f$..<....jP...pT...... ...8.h..R.zb.B.wM......IDATx^..W........&.I .`. ..HH@v.d.M.Y.+.R.......<.Z.......\|..L....Zj....G=.3w~wI...^.<.R...:s....Y.:...4%C$$.....F..Dg.i..TV..;C...I(E...A.Y.}.....qx.s2eW.......*.1H.e.-b...6n.5.i.@Aa.K..R.......@lD.;..h..OnA).S....R/$6.;'...m!..&..d...l.=.Il(W..IC.....\|`^.C

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (40266)
Category:	downloaded
Size (bytes):	134229
Entropy (8bit):	5.1293859142596965
Encrypted:	false
SSDEEP:
MD5:	E0E2E46806810F3527E08258112AAB1E
SHA1:	66F20EF41B84CAD82F6D074642C1E4B51F43EEC1
SHA-256:	24819E87D811EBCE0EB8B9BF4D2B5E3617B6671893E9750F6182D5940F390E17
SHA-512:	010B5D7BC90BB4F84BDC65F83EE95B5F651985B35041C00078BA5F5BD9EC338C5B3F236359435C59E3D1430740B71FC74BD3EA5B42C41FBC785D2A4AB86F624F
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3iQbs4/y_/l/en_US/TkkXgKI09JB.js?_nc_x=Ij3Wp8lg5Kz
Preview:	;/FB_PKG_DELIM/..__d("CometImageFromIXValueRelayWrapper_sprite.graphql",[],(function(a,b,c,d,e,f){"use strict";a={argumentDefinitions:[],kind:"Fragment",metadata:null,name:"CometImageFromIXValueRelayWrapper_sprite",selections:[{alias:null,args:null,kind:"ScalarField",name:"sprited",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"sprite_map_css_class",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"sprite_css_class",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"preloading_spi",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"w",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"h",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"p",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"sz",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"spi",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"uri",storageKey:null},{alias:null,args:null,kind:"ScalarField",na

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 21 x 744, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	4634
Entropy (8bit):	7.653079310600132
Encrypted:	false
SSDEEP:
MD5:	3DFF42E063860380BEA1DD671198995A
SHA1:	F152983E7A16548272B9B5B2C53B10446E4237F1
SHA-256:	6CA18371D802B9762696270DDDF5AE08C3B02219947C9051DB1D3F13983DA952
SHA-512:	AE7FF92170FBA504EB7A5836674F4D6AE5FAE2886CDDDA196CE1EFB2B32BC0A5DCF5D41577E9BEC0272DDA72469517A7CCCC965F81752B382277002DC7EEED8E
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............ZNJ....PLTEGpL.............................................................................................................................................................................................................................................................................................................................................................................................m.5....tRNS...f.......$ ......>.JT.Z....P....0......~.8.b\.......B.......L..6"..D.p..d`2.hN@...l(..<&.t..rx^j.nV.H4.F,.Rvz.X..:\|..U....IDATx^...W.I....hh.E.A....l.;........5..$f...}...Ptu.=&...{.y.....z.PM....rs...4..6.).D3f...!."....!...L.u../N....:.....o.Z.1.*...]`H..i...ktnr).p...,.....T.X..j........D.N4F....8.MD\|.c.;.....P..:o...2Dq?.x.k.:..)br...":.p_...>.8.....Z........` k.0.P...y.>.;L.udq..3u.g.._A)..H.$V..U....}.....;....=..x.....#-...[....%.... K.$..h..t~lD.mEK..+...l.k?..#.l.o.&....U7.j-v..v...Z{......5..........l..lk..gb.h.'..._...$

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (20303)
Category:	downloaded
Size (bytes):	277691
Entropy (8bit):	5.40889745799048
Encrypted:	false
SSDEEP:
MD5:	82F319B9053DF149E7ABFA018DCC51F8
SHA1:	6FBB42B6CFD87F3A5CB43F0E16F43E668E080717
SHA-256:	CE6A219C504E1071EDC2A3C8FC091808E285EDB4C1DFA798A4FD72F1EF790A25
SHA-512:	FB016DE9E919534C402A0EEB433A9C4C7CEAD85870F6443D64B8A5803CF3699E2E4EA236D044761D0B9A0DCC7EFBEBB16842C6779C3EE48ABC52D5D7ED4A9E3D
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3/yy/r/p7Ec1IlI-Q5.js?_nc_x=Ij3Wp8lg5Kz
Preview:	;/FB_PKG_DELIM/.."use strict";(function(){var a=typeof globalThis!=="undefined"&&globalThis\|\|typeof self!=="undefined"&&self\|\|typeof global!=="undefined"&&global;if(typeof a.AbortController!=="undefined")return;var b=function(){function a(){this.__listeners=new Map()}a.prototype=Object.create(Object.prototype);a.prototype.addEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();d.has(e)\|\|d.set(e,new Map());var f=d.get(e);f.has(b)\|\|f.set(b,c)};a.prototype.removeEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();if(d.has(e)){var f=d.get(e);f.has(b)&&f["delete"](b)}};a.prototype.dispatchEvent=function(a){if

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (12553)
Category:	downloaded
Size (bytes):	1632717
Entropy (8bit):	5.618602234049075
Encrypted:	false
SSDEEP:
MD5:	1625D299823E6F2EB82ECF14341000D6
SHA1:	9E19EDD55742C757A1EB46ADAF367FD2BFCF2CA1
SHA-256:	611EF263D9302CDB675D4723B82D25FB70D6988C292DC2D94E1028DABFFC3E04
SHA-512:	051DB7CD2FBD8C6ECD733403500ED564F9BE579E8CC089C6E869D497C06B7E6117FC7F601FCBC3C8AE9ABE1789C41FC4B648650222696FB0E3E2F185A8AE00B9
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3iMJF4/yu/l/en_US/17mDm3hv3T9RyU8-XbzYiymXpJ0tHZuNlHi0r2BAhlR00O-gbmDYkeEwgYB0YRfKmXfIMqV0PXbFF3Ky9Xee-dczmYyEESLX3HXs4qFyocaHM7HfgyXs3mWuc.js?_nc_x=Ij3Wp8lg5Kz
Preview:	;/FB_PKG_DELIM/..__d("LSPlatformClientDeferredForDisplay",["requireDeferredForDisplay"],(function(a,b,c,d,e,f,g){"use strict";a=c("requireDeferredForDisplay")("LSPlatformClient").__setRef("LSPlatformClientDeferredForDisplay");b=a;g["default"]=b}),98);.__d("LSCookie",["$InternalEnum","Cookie","CookieCore","CurrentEnvironment","CurrentMessengerUser","FBLogger","I64","LSE2EEMetadataSyncGroupUtils","LSIntEnum","MessengerLogHistory","MqttWebDeviceID","ReQL","SortedAsyncIterable","isPromise","isStringNullOrEmpty","pageID","promiseDone"],(function(a,b,c,d,e,f,g){"use strict";var h,i,j,k=b("$InternalEnum")({SYNCING:"1",NOT_SYNCING:"0"}),l=d("MessengerLogHistory").getInstance("client_init"),m=c("CurrentEnvironment").instagramdotcom?"igd_ls":"m_ls",n={c:{},d:c("MqttWebDeviceID").clientID,s:k.NOT_SYNCING,u:c("pageID")};function o(a){function b(a){d("CookieCore").setWithDomain_FOR_MESSENGER_LS_ONLY(m,JSON.stringify(a),window.location.hostname)}var e=c("Cookie").get(m);if(e==null){var f;b((f={},f

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5839)
Category:	downloaded
Size (bytes):	260853
Entropy (8bit):	5.408894095996652
Encrypted:	false
SSDEEP:
MD5:	A5007055296B041A3FAB3AAEA15FBC8E
SHA1:	83BED7F860022EF4F2B7E0CDE5C34588AF5DF9C7
SHA-256:	8F021B192BA52F07C7C07D3D920836E1CB09EE5156E290E95231864B619B3A0D
SHA-512:	E8BF8645B05F2862D6DE4B6BBA70FEFCE460ABEE97B2F1835D380F8D217C037FFC2D86A962F2E19A440C9CE08A9F7A90D0983420CEC26D54C12F636352166559
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/XnTNEMOSCIK.js?_nc_x=Ij3Wp8lg5Kz
Preview:	;/FB_PKG_DELIM/..__d("SilenceableErrorMessageUtils",["killswitch"],(function(a,b,c,d,e,f,g){"use strict";function h(a){return c("killswitch")("COMET_HIDE_SILENT_ERROR_MESSAGE")?!1:a.is_silent===!0}function i(a){if(typeof a==="object"&&a instanceof Error){var b=a.description,c=a.message,d=a.source;return{code:d==null?void 0:d.code,is_silent:d==null?void 0:d.is_silent,message:(d=b)!=null?d:c,timestamp:Date.now()}}return{is_silent:(b=a.source)==null?void 0:b.is_silent,message:a.description}}function a(a,b){var c,d=a.description,e=a.message,f=a.source;c=(f=(c=(c=f==null?void 0:(c=f.exception)==null?void 0:c.message)!=null?c:f==null?void 0:f.description)!=null?c:d)!=null?f:e;h(i(a))&&b(c)}g.shouldHideErrorMessage=h;g.getMetadataFromError=i;g.handleSilentError=a}),98);.__d("relay-runtime/handlers/connection/ConnectionInterface",[],(function(a,b,c,d,e,f){"use strict";var g={after:!0,before:!0,find:!0,first:!0,last:!0,surrounds:!0},h={CURSOR:"cursor",EDGES:"edges",END_CURSOR:"endCursor",HAS_

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33134)
Category:	downloaded
Size (bytes):	610221
Entropy (8bit):	5.282451597266461
Encrypted:	false
SSDEEP:
MD5:	0F4D486E25A111D7BD7CE572C96992F1
SHA1:	815C7C6D4E5E121742C3EFE73D86CBBE0665BAA9
SHA-256:	BDD448F988D3A06AC1E1E5BC5D4D50FEB7ED066A7C20A65DF06E7AE66DFE832B
SHA-512:	BF1E34F82BC4F4D4033A1FC99FD428C8711F464E6700D4AE2823CAC47C456BEE573209D7BCE028B72517FB38CF5653FC18F72B4824775FABF2BEE787977C106B
Malicious:	false
Reputation:	unknown
URL:	"https://static.xx.fbcdn.net/rsrc.php/v3/yV/l/0,cross/EfsqxYHGNQvjJwt297LKNt.css?_nc_x=Ij3Wp8lg5Kz"
Preview:	#facebook .system-fonts--body.mac{font-family:Helvetica Neue, Helvetica, Arial, sans-serif;-webkit-font-smoothing:subpixel-antialiased}#facebook .system-fonts--body.sf{font-family:system-ui, -apple-system, BlinkMacSystemFont, '.SFNSText-Regular', sans-serif}@font-face{font-family:'Segoe UI Historic';src:local('Arial');unicode-range:U+530-5f4, U+10a0-10ff}@font-face{font-family:'Segoe UI Historic';font-weight:700;src:local('Arial Bold'), local('Arial');unicode-range:U+530-5f4, U+10a0-10ff}#facebook .system-fonts--body.segoe{font-family:Segoe UI Historic, Segoe UI, Helvetica, Arial, sans-serif}#facebook .system-fonts--body.roboto{font-family:Roboto, Helvetica, Arial, sans-serif}#facebook .system-fonts--body div{font-family:inherit}#facebook .system-fonts--body span{font-family:inherit}#facebook .system-fonts--body a{font-family:inherit}#facebook .system-fonts--body h1,#facebook .system-fonts--body h2,#facebook .system-fonts--body h3,#facebook .system-fonts--body h4,#facebook .system-font

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (696)
Category:	downloaded
Size (bytes):	2478
Entropy (8bit):	5.112056668914179
Encrypted:	false
SSDEEP:
MD5:	CCBA4B42E61B2B72538CC5DDBAAC8E56
SHA1:	6915B6F86AC81578D2376CF1E002588C296351B7
SHA-256:	F8C141673D9D6C677B12AF82EFF6CCDEC5E0FE71BF00C8405B79C1336581D91C
SHA-512:	12AE239EDD5063727EF40648A13781E670DE43CFD5837AD164168AB8E648B8D832DC271C0D08937A7377D7B5ABAD12EBB5172B794EA62DDD4B90C53F8C6FFF66
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3/yR/r/y2RKAvsdG6i.js?_nc_x=Ij3Wp8lg5Kz
Preview:	;/FB_PKG_DELIM/..__d("HelpCenterNavigationPageRootQuery_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="9715549691851249"}),null);.__d("HelpCenterNavigationPageRootQuery$Parameters.facebook",["HelpCenterNavigationPageRootQuery_facebookRelayOperation"],(function(a,b,c,d,e,f){"use strict";a={kind:"PreloadableConcreteRequest",params:{id:b("HelpCenterNavigationPageRootQuery_facebookRelayOperation"),metadata:{},name:"HelpCenterNavigationPageRootQuery",operationKind:"query",text:null}};e.exports=a}),null);.__d("HelpCenterNavigationPageRootQuery$Parameters",["cr:4046"],(function(a,b,c,d,e,f){"use strict";e.exports=b("cr:4046")}),null);.__d("HelpCenterSearchPageRootQuery_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="6645204062241141"}),null);.__d("HelpCenterSearchPageRootQuery$Parameters.facebook",["HelpCenterSearchPageRootQuery_facebookRelayOperation"],(function(a,b,c,d,e,f){"use strict";a={kind:"PreloadableConcreteRequest",params:{id:b("HelpCenterSearchPageRootQ

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7121)
Category:	downloaded
Size (bytes):	56277
Entropy (8bit):	5.437164648211403
Encrypted:	false
SSDEEP:
MD5:	78522552C12BDCAFBAF60E4BF2BCED24
SHA1:	949E9971B3B92CF37B03DF9B2B7C7F20043F1865
SHA-256:	A4982C490BD3DFF1FD2CEAA00E82EB8CDB75C81561520C57AF9F8627B47C984E
SHA-512:	2A31F62D92B8276D3ED87E7E00F9062F6523239520BCF9BCBBB48D49DFADFC5BF2F67C043FCBB138F58744538B17B605BAAE5CA99F0B2E166CAB383E53CA32D6
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3irbh4/yc/l/en_US/JhCktzFhqaU.js?_nc_x=Ij3Wp8lg5Kz
Preview:	;/FB_PKG_DELIM/..__d("VideoPlayerScrubberPreview_video.graphql",[],(function(a,b,c,d,e,f){"use strict";a={argumentDefinitions:[],kind:"Fragment",metadata:null,name:"VideoPlayerScrubberPreview_video",selections:[{alias:null,args:null,concreteType:null,kind:"LinkedField",name:"video_player_scrubber_preview_renderer",plural:!1,selections:[{kind:"InlineFragment",selections:[{args:null,documentName:"VideoPlayerScrubberPreview_video",fragmentName:"VideoPlayerScrubberChapterPreview_video",fragmentPropName:"video",kind:"ModuleImport"}],type:"XFBVideoPlayerScrubberChapterPreviewRenderer",abstractKey:null},{kind:"InlineFragment",selections:[{args:null,documentName:"VideoPlayerScrubberPreview_video",fragmentName:"VideoPlayerScrubberDefaultPreview_video",fragmentPropName:"video",kind:"ModuleImport"}],type:"XFBVideoPlayerScrubberDefaultPreviewRenderer",abstractKey:null}],storageKey:null}],type:"Video",abstractKey:null};e.exports=a}),null);.__d("registerSourceForView",["DTSG","DTSGUtils","Sprinkle

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (10325)
Category:	downloaded
Size (bytes):	42250
Entropy (8bit):	5.351175913741605
Encrypted:	false
SSDEEP:
MD5:	34E79F983124FB0793E05AA9C05E06B1
SHA1:	ED76C0786A6384E4EF150435F1BB387AB30D6BC9
SHA-256:	9C6A9F3C4A5BD796D402C50E6D6EEA89B2FE648A9C304179168D6DE17C3E9DD8
SHA-512:	E6A2D74E01089CF4760248EEA368F32B8107881F775071E85E7E52C181A06313722DEB7A5B818C706B599833A602766A20826512D33FEA422125F10D84B733F5
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3iQvT4/yh/l/en_US/QT2QufHpPat.js?_nc_x=Ij3Wp8lg5Kz
Preview:	;/FB_PKG_DELIM/..__d("Dots3HorizontalFilled24.svg.react",["react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h\|\|d("react");function a(a){return i.jsxs("svg",babelHelpers["extends"]({viewBox:"0 0 24 24",width:"1em",height:"1em",fill:"currentColor"},a,{children:[a.title!=null&&i.jsx("title",{children:a.title}),a.children!=null&&i.jsx("defs",{children:a.children}),i.jsx("circle",{cx:12,cy:12,r:2.5}),i.jsx("circle",{cx:19.5,cy:12,r:2.5}),i.jsx("circle",{cx:4.5,cy:12,r:2.5})]}))}a.displayName=a.name+" [from "+f.id+"]";a._isSVG=!0;b=a;g["default"]=b}),98);.__d("CometObjectFitContainer.react",["cr:964538","isStringNullOrEmpty","react","stylex","unrecoverableViolation"],(function(a,b,c,d,e,f,g){"use strict";var h,i,j=i\|\|d("react"),k={inner:{height:"x5yr21d",position:"x1n2onr6",width:"xh8yej3",$$css:!0},innerWithAspectRatio:{bottom:"x1ey2m1c",boxSizing:"x9f619",end:"xds687c",left:null,right:null,position:"x10l6tqk",start:"x17qophe",top:"x13vifvy",$$css:!0},outer:{height:"x5yr21d",position

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65517)
Category:	downloaded
Size (bytes):	1920236
Entropy (8bit):	5.505748109052643
Encrypted:	false
SSDEEP:
MD5:	DE78970A1AE044A419C36288E2A7BD9E
SHA1:	13F10518E45D6403B48D5CC4C0EFD665BE544835
SHA-256:	7FB8652CD63F04ADC192A9B2CE37CE83181431B9FBB3893F168581C443C79442
SHA-512:	AB5E30180F4FC74A5B69174F3BF55F1CCD5DAF9EE22A4B37CB524E2B1D8749A2C97DA70BA46159774829819C5DB78C1FE303A1DD3666C697C63052C8ECC1402F
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3im0z4/yd/l/en_US/ASqzJtGwMc5QXn8sz6TxiCyrBo2cNQiiZkBUizsVomC7ILFjX7_pS6FND4isnSoQFOhJNIkqBEmvtOBCiIOYpHQnnT0ge70H1TBpYfK61mG9QwpyFkE2S_mcO7CCMwLhUYydVoEDMA5usEBPoA2n50luXM5fAvNEazfOGoONSYykp1oitkp_hdEYHXO0fUwB-6ZX0ZlNInKxOqejp9JS9u4oCL73KCwtv4xoPYN8f52C3KGW1H.js?_nc_x=Ij3Wp8lg5Kz
Preview:	;/FB_PKG_DELIM/..__d("ReactDOM-prod.classic",["EventListener","Promise","ReactFeatureFlags","ReactFiberErrorDialog","react","scheduler"],(function(d,e,f,g,h,i){"use strict";var j,k,l=j\|\|e("react"),m=Object.assign;function n(d){var e="https://react.dev/errors/"+d;if(1<arguments.length){e+="?args[]="+encodeURIComponent(arguments[1]);for(var f=2;f<arguments.length;f++)e+="&args[]="+encodeURIComponent(arguments[f])}return"Minified React error #"+d+"; visit "+e+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings."}var o=l.__CLIENT_INTERNALS_DO_NOT_USE_OR_WARN_USERS_THEY_CANNOT_UPGRADE,p=e("ReactFeatureFlags").enableTrustedTypesIntegration,q=e("ReactFeatureFlags").enableDebugTracing,r=e("ReactFeatureFlags").enableLazyContextPropagation,s=e("ReactFeatureFlags").enableUnifiedSyncLane,t=e("ReactFeatureFlags").enableRetryLaneExpiration,u=e("ReactFeatureFlags").enableTransitionTracing,v=e("ReactFeatureFlags").enableDeferRootSchedulingTo

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6181)
Category:	downloaded
Size (bytes):	271634
Entropy (8bit):	5.470644432852772
Encrypted:	false
SSDEEP:
MD5:	7125A3068E4D1131687112D39F2F37CF
SHA1:	CF0AA9DB79CD7B8707F2D823C19F2F4F5C8E760F
SHA-256:	8049DD1C4E08A202199535A60E9164714B3EEAC65A73F56C3A39F80E6DBAD8C5
SHA-512:	4F231E5D36F534AA128EE0F095713ED596C76D87F05FA703870594DD136F6DA09E52F4699736F5CAC19057922D964E2E9C4DBA321F1AF471E793E3C8790E100B
Malicious:	false
Reputation:	unknown
URL:	https://static.xx.fbcdn.net/rsrc.php/v3isa44/y3/l/en_US/xWwGVJJpV7l.js?_nc_x=Ij3Wp8lg5Kz
Preview:	;/FB_PKG_DELIM/..__d("isAttributionReportingAPIEnabled",["gkx","justknobx"],(function(a,b,c,d,e,f,g){"use strict";function a(){return c("justknobx")._("1203")&&c("gkx")("22785")}g["default"]=a}),98);.__d("XCometPrivacySandboxRegisterSourceControllerRouteBuilder",["jsRouteBuilder"],(function(a,b,c,d,e,f,g){a=c("jsRouteBuilder")("/privacy_sandbox/comet/register/source/",Object.freeze({}),void 0);b=a;g["default"]=b}),98);.__d("useAttributionSourceForClick",["XCometPrivacySandboxRegisterSourceControllerRouteBuilder","isAttributionReportingAPIEnabled"],(function(a,b,c,d,e,f,g){"use strict";function a(a,b){if(!c("isAttributionReportingAPIEnabled")())return null;var d={};if(a!=null&&a.length>0)d.eid=a;else if(b!=null&&b.length>0)d.xt=b;else return null;a=c("XCometPrivacySandboxRegisterSourceControllerRouteBuilder").buildUri(d);return a.toString()}g["default"]=a}),98);.__d("CometSSRHydrationMarkerUtils",["cr:1106516"],(function(a,b,c,d,e,f,g){"use strict";a=b("cr:1106516")==null?void 0:b("cr

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 33 x 734, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	4643
Entropy (8bit):	7.620913232966268
Encrypted:	false
SSDEEP:
MD5:	1DC181B6783097250109726B077A4D31
SHA1:	1C8713BDBF51B9C6599316EB3DBC23172C816F59
SHA-256:	29326E5C985658BB57A8625D4AFD86E0F322EE79FE263B50AEF5F2D76B97B904
SHA-512:	CFCF063EDE625BA84494E84F16E7F352EE499B2E6886A393BF1045DBAEFA3A213E2230B703F89B34DB393FB54F41EA8C1F9D9235120266A71C15F86B587766C8
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...!..........a......PLTEGpL............................................................................................................................................................................................................................................................egk................................................................................................egk...............egk......egkegkegkegk.........egk...egkegkegk............egk............egkegk.........egkegk........................egk......egk...x....tRNS...............8.$.....T...`j.PB..........N@....J...D..R...(.<..x..2vp&.....d":.. F.,.6.0.X..n..l.L..t^b~4.>.h\|.zZ.rVz.\....f....J..~.d\|..H.......x......L.<.I...9IDATx^...W......QC...b0 !..nj1.....!.`;.q/q...$...{O...7..7..ifv..n\|8.s.,........'...b..$.4?Y..TO./EE {..J...............Y....;\......c...6..\|O.......)..-....Z.}h#A.......I.n...U@.Xt.Pj...90.;m.j,Yb..,.X.%.1o.IL1.........u?H./.u....-.}..'..O.....3..N.g:...*

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.facebook.com/help/1017717331640041?ref=cr

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 87

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 96

Chrome Cache Entry: 97

Chrome Cache Entry: 98

Chrome Cache Entry: 99

Static File Info

Windows Analysis Report
https://www.facebook.com/help/1017717331640041?ref=cr