Windows Analysis Report
https://r20.rs6.net/tn.jsp?f=001CCL86fJDpsRHuQQ0MIIthqGUZAi2JUmHy4ncAcHjuvjM9iX8_HMVbioNepGkgiWJEOLK3XwyAzolplhu7jFP1SY-CXFM79kRh97w3oOttmLpYJWcRXPAy--Bg77Ali40YMwS57tnIwudzcFXYlT3qfpsvr33mz9lvlI43f74n2DUlbzGilODsQ==&c=IGiZdO4-K681vYDJ-JQn4a9__m62OX-wSBz1F1fIKT1VrZkocTlB9Q==&ch=Y28P-IEvypj9CHsGeYCy2

Overview

General Information

Sample URL:	https://r20.rs6.net/tn.jsp?f=001CCL86fJDpsRHuQQ0MIIthqGUZAi2JUmHy4ncAcHjuvjM9iX8_HMVbioNepGkgiWJEOLK3XwyAzolplhu7jFP1SY-CXFM79kRh97w3oOttmLpYJWcRXPAy--Bg77Ali40YMwS57tnIwudzcFXYlT3qfpsvr33mz9lvlI43f74
Analysis ID:	882698
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML page contains high amount of base64 encoded strings

Creates a window with clipboard capturing capabilities

Stores large binary data to the registry

HTML page contains hidden URLs or javascript code

Classification

Signatures

HTML page contains high amount of base64 encoded strings

Source: https://www.facebook.com/BottomLineConceptsLLC/	HTTP Parser: Base64: Oy8qRkJfUEtHX0RFTElN...PUlqM1dwOGxnNUt6Cg== decoded: ;/FB_PKG_DELIM/.._...s?_nc_x=Ij3Wp8lg5Kz.
Source: https://www.facebook.com/BottomLineConceptsLLC/	HTTP Parser: Base64: Oy8qRkJfUEtHX0RFTElN...X3g9SWozV3A4bGc1S3oK decoded: ;/FB_PKG_DELIM/.._...s?_nc_x=Ij3Wp8lg5Kz.

HTML page contains hidden URLs or javascript code

Source: https://www.facebook.com/BottomLineConceptsLLC/

HTTP Parser: Base64 decoded: .plaintext_title||e.title})}),i.jsx(d("CometRelay").MatchContainer,{match:a,props:{}})]})}a.displayName=a.name+" [from "+f.id+"]";g["default"]=a}),98);//# sourceURL=https://static.xx.fbcdn.net/rsrc.php/v3/yx/r/WIZZyK9Tucu.js?_nc_x=Ij3Wp8lg5Kz

Source: https://www.facebook.com/BottomLineConceptsLLC/

HTTP Parser: <input type="password" .../> found

Source: https://www.facebook.com/BottomLineConceptsLLC/	HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/BottomLineConceptsLLC/	HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/BottomLineConceptsLLC/	HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/BottomLineConceptsLLC/	HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/BottomLineConceptsLLC/	HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/BottomLineConceptsLLC/	HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/BottomLineConceptsLLC/	HTTP Parser: No <meta name="author".. found
Source: https://www.facebook.com/BottomLineConceptsLLC/	HTTP Parser: No <meta name="author".. found

Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon

Source: https://www.facebook.com/BottomLineConceptsLLC/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/BottomLineConceptsLLC/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/BottomLineConceptsLLC/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/BottomLineConceptsLLC/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/BottomLineConceptsLLC/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/BottomLineConceptsLLC/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/BottomLineConceptsLLC/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.facebook.com/BottomLineConceptsLLC/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreport-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}content-security-policy: default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;x-fb-rlafr: 0document-policy: force-load-at-toppermissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()cross-origin-resource-policy: same-origincross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"cross-origin-opener-policy: same-origin-allow-popupsPragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreport-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}content-security-policy: default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;x-fb-rlafr: 0document-policy: force-load-at-toppermissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()cross-origin-resource-policy: same-origincross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"cross-origin-opener-policy: same-origin-allow-popupsPragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreport-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}content-security-policy: default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;x-fb-rlafr: 0document-policy: force-load-at-toppermissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), screen-wake-lock=(), serial=(), usb=()cross-origin-resource-policy: same-origincross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"cross-origin-opener-policy: same-origin-allow-popupsPragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreport-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}content-security-policy: default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;x-fb-rlafr: 0document-policy: force-load-at-toppermissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), screen-wake-lock=(), serial=(), usb=()cross-origin-resource-policy: same-origincross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"cross-origin-opener-policy: same-origin-allow-popupsPragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreport-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}content-security-policy: default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;x-fb-rlafr: 0document-policy: force-load-at-top
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreport-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}content-security-policy: default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;x-fb-rlafr: 0document-policy: force-load-at-top
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreport-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}content-security-policy: default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;x-fb-rlafr: 0document-policy: force-load-at-top
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-Encodingreport-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}content-security-policy: default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;x-fb-rlafr: 0document-policy: force-load-at-top

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://r20.rs6.net/tn.jsp?f=001CCL86fJDpsRHuQQ0MIIthqGUZAi2JUmHy4ncAcHjuvjM9iX8_HMVbioNepGkgiWJEOLK3XwyAzolplhu7jFP1SY-CXFM79kRh97w3oOttmLpYJWcRXPAy--Bg77Ali40YMwS57tnIwudzcFXYlT3qfpsvr33mz9lvlI43f74n2DUlbzGilODsQ==&c=IGiZdO4-K681vYDJ-JQn4a9__m62OX-wSBz1F1fIKT1VrZkocTlB9Q==&ch=Y28P-IEvypj9CHsGeYCy2XEfDQKhf9AncPYlUSh8eBNU-Rr4xocjcA==
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1780,i,4066145642306247439,13222194798557842129,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1780,i,4066145642306247439,13222194798557842129,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.109	accounts.google.com	United States	15169	GOOGLEUS	false
157.240.17.15	scontent-zrh1-1.xx.fbcdn.net	United States	32934	FACEBOOKUS	false
208.75.122.11	rs6.net	United States	40444	ASN-CCUS	false
157.240.252.13	scontent.xx.fbcdn.net	United States	32934	FACEBOOKUS	false
157.240.252.35	unknown	United States	32934	FACEBOOKUS	false
172.217.16.206	google.com	United States	15169	GOOGLEUS	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
157.240.251.9	unknown	United States	32934	FACEBOOKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.23.100	unknown	United States	15169	GOOGLEUS	false
142.250.186.142	plus.l.google.com	United States	15169	GOOGLEUS	false
157.240.251.35	star-mini.c10r.facebook.com	United States	32934	FACEBOOKUS	false

Name	IP	Active
star-mini.c10r.facebook.com	157.240.251.35	true
scontent.xx.fbcdn.net	157.240.252.13	true
scontent-zrh1-1.xx.fbcdn.net	157.240.17.15	true
google.com	172.217.16.206	true
consent.google.com	142.250.184.206	true
accounts.google.com	142.250.185.109	true
plus.l.google.com	142.250.186.142	true
video.xx.fbcdn.net	157.240.253.2	true
rs6.net	208.75.122.11	true
www.google.com	172.217.18.4	true
clients.l.google.com	172.217.16.206	true
www.facebook.com	unknown	unknown
clients2.google.com	unknown	unknown
r20.rs6.net	unknown	unknown
apis.google.com	unknown	unknown
static.xx.fbcdn.net	unknown	unknown

Name	Malicious	Reputation
https://static.xx.fbcdn.net/rsrc.php/v3/y3/r/BQdeC67wT9z.png	false	high
https://scontent-zrh1-1.xx.fbcdn.net/v/t39.30808-6/291972133_471938678265445_7038740350748896115_n.jpg?stp=c80.0.160.160a_dst-jpg_p160x160&_nc_cat=100&ccb=1-7&_nc_sid=574b62&_nc_ohc=mFc4Wz3gKO4AX-f3-OC&_nc_ht=scontent-zrh1-1.xx&oh=00_AfDcsvueAZB2Jp939IBKHewAutshGdDmkPN_U_n13aCv9w&oe=64845B86	false	high
https://scontent-zrh1-1.xx.fbcdn.net/m1/v/t6/An_iJw3Cc3y5RtzEpR0M4CCznWN_ywjtFHZENvSbcomn6tH9EuRIjlfe7xaIpEOIEZAGHfQMVNlOPpkGNsG7fM8CslunKANTZ6ED.kf?ccb=10-5&oh=00_AfAEukb8mOGx5EiaVEm5z8tk8W8yrOlGJM7nSHtOYNON-A&oe=64A6BE98&_nc_sid=5ab7d2	false	high
https://www.google.com/gen_204?atyp=i&ct=bxjs&cad=&b=1&ei=bU1_ZLmJEIGbhbIPj4yDyAw&zx=1686064497726&opi=89978449	false	high
https://static.xx.fbcdn.net/rsrc.php/v3idBq4/yR/l/en_US/YX_pyITj8P9.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://static.xx.fbcdn.net/rsrc.php/v3/yN/r/lA2YZzdf5Zb.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://www.facebook.com/cookie/consent/	false	high
https://scontent-zrh1-1.xx.fbcdn.net/m1/v/t6/An-ltDiBj6BlExJAIyJiOGWs0CtdQwF9K9SyRSRhTIMgJd0MMzaw7ju3gnTsliPfba99uYjQem5sn3JzgpEnBVKOKfyfbcp-sMBJ.kf?ccb=10-5&oh=00_AfDJIZ37H3VSx2suf6XWut1waP7fzPx8fkWszoFhi_3mJg&oe=64A6CB17&_nc_sid=5ab7d2	false	high
https://www.facebook.com/ajax/bz?__a=1&__ccg=EXCELLENT&__comet_req=15&__hs=19514.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7241591534329730376&__req=o&__rev=1007625843&__s=pcvzzy%3A4rbixk%3Aof2uc8&__spin_b=trunk&__spin_r=1007625843&__spin_t=1686064418&__user=0&dpr=1&jazoest=2829&lsd=AVp79D1dYSA&ph=C3	false	high
https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/vUmfhJXfJ5R.png	false	high
https://static.xx.fbcdn.net/rsrc.php/v3izHu4/y3/l/en_US/GEBr6B1CD8P.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=google.co&oit=3&cp=9&gs_rn=42&psi=tdQYbZRHz8qXygXu&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=goog&oit=1&cp=4&gs_rn=42&psi=tdQYbZRHz8qXygXu&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.facebook.com/ajax/bz?__a=1&__ccg=EXCELLENT&__comet_req=15&__hs=19514.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7241591534329730376&__req=f&__rev=1007625843&__s=pcvzzy%3A4rbixk%3Aof2uc8&__spin_b=trunk&__spin_r=1007625843&__spin_t=1686064418&__user=0&dpr=1&jazoest=2829&lsd=AVp79D1dYSA&ph=C3	false	high
https://www.google.com/gen_204?atyp=i&ei=bU1_ZLmJEIGbhbIPj4yDyAw&dt19=2&zx=1686064498779&opi=89978449	false	high
https://scontent-zrh1-1.xx.fbcdn.net/v/t39.30808-6/346951665_6172899002803806_7287199530495698062_n.jpg?stp=c0.41.160.160a_dst-jpg_p160x160&_nc_cat=101&ccb=1-7&_nc_sid=574b62&_nc_ohc=b5MdVNnud5cAX-YHxFF&_nc_ht=scontent-zrh1-1.xx&oh=00_AfA9CEe_InV4DZQOSCELk-8Ypw6s5D50Y8FYEtJ1hh1KWg&oe=6483542C	false	high
https://www.facebook.com/BottomLineConceptsLLC/	false	high
https://www.facebook.com/images/cookies/cookie_info_card_image_3.png	false	high
https://www.google.com/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en-GB&authuser=0&psi=bU1_ZLmJEIGbhbIPj4yDyAw.1686064498338&dpr=1&nolsbt=1	false	high
https://www.google.com/favicon.ico	false	high
https://www.facebook.com/data/manifest/	false	high
https://www.facebook.com/ajax/bootloader-endpoint/?nb_modules=CometPhotoRoot.react&__user=0&__a=1&__req=e&__hs=19514.HYP%3Acomet_loggedout_pkg.2.1..0.0&dpr=1&__ccg=EXCELLENT&__rev=1007625843&__s=pcvzzy%3A4rbixk%3Aof2uc8&__hsi=7241591534329730376&__dyn=7xeUmxa13xu1syaxG4VuC2-m1FwAxu13wIwh8ngS3q5UObwNwnof8boG0x8bo6u3y4o0B-q1ew65xO2OU7m0yE465o-cwfG12wOx62G3i0Bo7O2l0Fwqo31wnEfovwRwlE-U2exi4UaEW2a1VwwwJK2W5olwUwlu5pUfE2FBx_y83ZwAwJwSyES0QEcU2ZwhEkxe3u362-2B0oo5C1hxG1FwhE&__csr=glNsBONn7iTNdRnlTiRJXQiQRcKt8zEHG9hbYyAyA-C8GyHAVbHKFXV6uh7VqzGBQqEDGnxi6qWJ4zGnUKq2amay8ny4qmWBh8Omif-8yG8qi9xnBUy4WAACGFEyUOicAxhaUlGey-qFUiWK4Xxd0yhUB1S8GU7i2206c604nE0s5w0w9xrw3l81ME2Uw2ME2Zg1LC6Oxq1ow5qg1n86QU069i68056u0y9K0vh0iUgwaK3O1ewuUeGzUcU5d1u0xoowsE1Sk2ibw39VQ1UgeUeeEjF0mgIYu5hsg1Dg420OC3u2W0wS1gPU4CawiWwh4exZxW0GEiwaWu4A1kweNw-wp8d83ew7Ywt648a8bO6ogU1AU6xwVwEwZwsk4E5q3lwPw8S3G1xwHwg9io2xS4Egxi1K5j4K1PxOaPwho179u2mm16wb-haEqgmwAyDz40TE32wtU4x68ihoaUx2Q0ON8O2x0HyN02AU1bEue2G1qxq0ejo0Mcw4u04Do1Oe0z8cF812E3eycE1Zpik1Ewf90jU4YE9Q1Fw9d1a2x0Hx1wDw5lg168fC0g60gi0iq0aiwedw7Cw7vwjpV8qxq0tlzrwEg1fU72ve0UA09Ogy1Ty8O&__comet_req=15&__spin_r=1007625843&__spin_b=trunk&__spin_t=1686064418	false	high
https://www.facebook.com/ajax/bz?__a=1&__ccg=EXCELLENT&__comet_req=15&__hs=19514.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7241591534329730376&__req=q&__rev=1007625843&__s=%3A4rbixk%3Aof2uc8&__spin_b=trunk&__spin_r=1007625843&__spin_t=1686064418&__user=0&dpr=1&jazoest=2829&lsd=AVp79D1dYSA&ph=C3	false	high
https://www.google.com/gen_204?atyp=i&ei=bU1_ZLmJEIGbhbIPj4yDyAw&ct=usp:t&zx=1686064498342&opi=89978449	false	high
https://static.xx.fbcdn.net/rsrc.php/v3iwkB4/yI/l/en_US/-IR8LBC_MsT.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://www.facebook.com/ajax/bz?__a=1&__ccg=EXCELLENT&__comet_req=15&__hs=19514.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7241591534329730376&__req=6&__rev=1007625843&__s=%3A%3Aof2uc8&__spin_b=trunk&__spin_r=1007625843&__spin_t=1686064418&__user=0&dpr=1&jazoest=2829&lsd=AVp79D1dYSA&ph=C3	false	high
https://scontent-zrh1-1.xx.fbcdn.net/v/t39.30808-6/351924043_130916166672723_7378247399580416388_n.jpg?stp=c18.0.160.160a_dst-jpg_p160x160&_nc_cat=101&ccb=1-7&_nc_sid=574b62&_nc_ohc=1aa38x4MHfkAX_gILf_&_nc_ht=scontent-zrh1-1.xx&oh=00_AfBc1JwcLJbw7l0nr7s5IkwghmXSL4SLUW5XwXT26OH24g&oe=64844C61	false	high
https://static.xx.fbcdn.net/rsrc.php/v3icFd4/yP/l/en_US/YlTxHtl_2HX7hiR07EzxooT31SvzVtrGKdTjRO0q-nxILosSkpxwdy0.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://www.google.com/gen_204?ei=bU1_ZLmJEIGbhbIPj4yDyAw&vet=10ahUKEwj588HZ967_AhWBTUEAHQ_GAMkQhJAHCBo..h&cdot=4866	false	high
https://static.xx.fbcdn.net/rsrc.php/v3ivhx4/l/en_US/aMJ57JR2MiQCp4bqVNSS9vcjKSd4WPQ6o-SeRgNEzaKbn2CsL7V9k01937KW4Daa1R.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=go&oit=1&cp=2&gs_rn=42&psi=tdQYbZRHz8qXygXu&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://static.xx.fbcdn.net/rsrc.php/v3iHfL4/yF/l/en_US/7QBVCOvyPu0.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://static.xx.fbcdn.net/rsrc.php/v3/yg/r/raC55xbSWZM.png	false	high
https://www.google.com/xjs/_/js/k=xjs.s.en_GB.frONCa3rDZY.O/ck=xjs.s.aBlrcDSZHgY.L.W.O/am=CAAAIAAgGoRTABtAAAIABAAAECAAAAAAAABEAAYAgkfZAQAAACkBgyAGGABIKAEAAAAAEPohAgAAAAAxAAAAACgEAAOGgAIgAAAAAPIHwIAXAGAwYQEAAAAAAAAAgACWIBjcIAEKAkAAAAAAAAAAAFAlkxcHhA/d=1/exm=DhPYme,EkevXb,GU4Gab,MpJwZc,NzU6V,SNUn3,UUJqVe,aa,abd,async,cEt90b,cdos,csi,d,dtl0hd,eHDfl,epYOx,hsm,ifl,jsa,mb4ZUb,pHXghd,q0xTif,qddgKe,s39S4,sOXFj,sTsDMc,sb_wiz,sf,sonic,spch/ed=1/dg=2/br=1/rs=ACT90oGypoOwr4VTg74E94L6DpSKYzQupw/ee=AfeaP:TkrAjf;BMxAGc:E5bFse,UV6hub;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:HYsvw,O1Tzwc,SJMv1c,wdLAme;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;IoGlCf:b5lhvb;JXS8fb:Qj0suc;JsbNhc:Xd8iUd;KQzWid:mB4wNe;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:PVlQOd,SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;Oj465e:KG2eXe;Pjplud:EEDORb,PoEs9b;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf,qBeYgc;R9Ulx:CR7Ufe;SJsSc:H1GVub;SLtqO:Kh1xYe;SMDL4c:fTfGO,vjQg0b;SNUn3:ZwDk9d,x8cHvb;TijjCd:SSmhPd;TxfV6d:YORN0b;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;YV5bee:IvPZ6d;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eHDfl:ofjVkb;g8nkx:U4MzKc;gaub4:TN6bMe;hK67qb:QWEO5b,bvBCk;hjRo6e:F62sG;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kY7VAf:d91TEb;kbAm9d:MkHyGd;l8Azde:j4Ca9b;lkq0A:Z0MWEf;lzgfYb:PI40bd;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,vjQg0b;oUlnpc:RagDlc;okUaUd:wItadb;pNsl2d:j9Yuyc;pXdRYb:JKoKVe,MdUzUe;pj82le:mg5CW;qaS3gd:yiLg6e;qavrXe:mYbt1d,zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;uY49fb:COQbmf;uuQkY:u2V3ud;vfVwPd:OXTqFb;w3bZCb:ZPGaIb;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;xbe2wc:wbTLEd;xqZiqf:wmnU7d;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zxnPse:GkRiKb/m=ANyn1,CnSW2d,DPreE,U4MzKc,WlNQGd,fXO0xe,kQvlef,nabPbb?xjs=s2	false	high
https://www.facebook.com/api/graphql/	false	high
https://static.xx.fbcdn.net/rsrc.php/v3i4sp4/yI/l/en_US/J1cWRahNExI.js?_nc_x=Ij3Wp8lg5Kz	false	high
https://www.facebook.com/ajax/bz?__a=1&__ccg=EXCELLENT&__comet_req=15&__hs=19514.HYP%3Acomet_loggedout_pkg.2.1..0.0&__hsi=7241591534329730376&__req=9&__rev=1007625843&__s=%3A4rbixk%3Aof2uc8&__spin_b=trunk&__spin_r=1007625843&__spin_t=1686064418&__user=0&dpr=1&jazoest=2829&lsd=AVp79D1dYSA&ph=C3	false	high

ID:	882698
Product:	CloudBasic
Start time:	17:13:10
Start date:	06.06.2023
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Architecture:	WINDOWS

Source: chromecache_234.1.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/2v2plzJQoTQ/ equals www.facebook.com (Facebook)
Source: chromecache_377.1.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/9cisb7Fe7ih/ equals www.facebook.com (Facebook)
Source: chromecache_273.1.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/A4tfXiHOGrs/ equals www.facebook.com (Facebook)
Source: chromecache_341.1.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/CCT5pM3qiNk/ equals www.facebook.com (Facebook)
Source: chromecache_273.1.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/Ga6vBwdwgUx/ equals www.facebook.com (Facebook)
Source: chromecache_290.1.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/HAC-_9WTKIm/ equals www.facebook.com (Facebook)
Source: chromecache_341.1.dr, chromecache_271.1.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
Source: chromecache_341.1.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/OKBVmODmb-W/ equals www.facebook.com (Facebook)
Source: chromecache_341.1.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/V9vdYColc4k/ equals www.facebook.com (Facebook)
Source: chromecache_341.1.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/WRsJ32R7YJG/ equals www.facebook.com (Facebook)
Source: chromecache_341.1.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/aJoeSHn7XcN/ equals www.facebook.com (Facebook)
Source: chromecache_341.1.dr, chromecache_336.1.dr, chromecache_271.1.dr, chromecache_377.1.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/t3hOLs8wlXy/ equals www.facebook.com (Facebook)
Source: chromecache_362.1.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/yWz46xmco3f/ equals www.facebook.com (Facebook)
Source: chromecache_232.1.dr	String found in binary or memory: __d("Chromedome",["fbt"],(function(a,b,c,d,e,f,g,h){function a(a){if(top!==window\|\|document.domain==null\|\|!/(^\|\.)facebook\.(com\|sg)$/.test(document.domain))return;a=h._("Stop!");var b=h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Facebook feature or \"hack\" someone's account, it is a scam and will give them access to your Facebook account."),c=h._("See {url} for more information.",[h._param("url","https://www.facebook.com/selfxss")]);if(window.chrome\|\|window.safari){var d="font-family:helvetica; font-size:20px; ";[[a,d+"font-size:50px; font-weight:bold; color:red; -webkit-text-stroke:1px black;"],[b,d],[c,d],["",""]].map(function(a){window.setTimeout(console.log.bind(console,"\n%c"+a[0].toString(),a[1]))})}else{a=[""," .d8888b. 888 888","d88P Y88b 888 888","Y88b. 888 888",' "Y888b. 888888 .d88b. 88888b. 888',' "Y88b. 888 d88""88b 888 "88b 888',' "888 888 888 888 888 888 Y8P',"Y88b d88P Y88b. Y88..88P 888 d88P",' "Y8888P" "Y888 "Y88P" 88888P" 888'," 888"," 888"," 888"];d=(""+b.toString()).match(/.{35}.+?\s+\|.+$/g);if(d!=null){b=Math.floor(Math.max(0,(a.length-d.length)/2));for(var e=0;e<a.length\|\|e<d.length;e++){var f=a[e];a[e]=f+new Array(45-f.length).join(" ")+(d[e-b]\|\|"")}}console.log("\n\n\n"+a.join("\n")+"\n\n"+c.toString()+"\n");return}}g.start=a}),98); equals www.facebook.com (Facebook)
Source: chromecache_313.1.dr	String found in binary or memory: __d("CometCookieConsent2023Q1OtherCompanies.react",["CometCookieConsentModalStringsUpdated","CometCookieConsentSectionAccordion.react","CometCookieConsentUtils.react","CometListCellText.react","TetraText.react","react"],(function(a,b,c,d,e,f,g){"use strict";var h=d("react");function a(){return h.jsxs("div",{className:"xua58t2 xx6bls6",children:[h.jsx("div",{className:"x9orja2",children:h.jsx(c("TetraText.react"),{type:"headlineEmphasized2",children:d("CometCookieConsentModalStringsUpdated").COOKIES_FROM_OTHER_COMPANIES_SECTION_HEADER})}),h.jsx("div",{className:"x1cnzs8",children:h.jsx(c("TetraText.react"),{type:"body3",children:d("CometCookieConsentModalStringsUpdated").getCookiesFromOtherCompaniesSubHeader(o)})}),h.jsx("div",{className:"x1cnzs8",children:h.jsx(c("CometCookieConsentSectionAccordion.react"),{content:j,sectionTitle:i})}),h.jsx("div",{children:h.jsx(c("CometCookieConsentSectionAccordion.react"),{content:l,sectionTitle:k})}),h.jsx("div",{children:h.jsx(c("CometCookieConsentSectionAccordion.react"),{content:n,sectionTitle:m})})]})}a.displayName=a.name+" [from "+f.id+"]";var i=h.jsx(c("CometListCellText.react"),{headline:h.jsx(c("TetraText.react"),{type:"headlineEmphasized3",children:d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES})}),j=h.jsxs("div",{style:{marginLeft:10},children:[h.jsx("div",{style:{paddingBottom:10,paddingTop:10},children:h.jsx(c("TetraText.react"),{type:"body3",children:d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_INTRO})}),h.jsx(d("CometCookieConsentUtils.react").CometConsentListBullets,{list:[d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_ITEM_1,d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_ITEM_2,d("CometCookieConsentModalStringsUpdated").HOW_WE_USE_THESE_COOKIES_ITEM_3]})]}),k=h.jsx(c("CometListCellText.react"),{headline:h.jsx(c("TetraText.react"),{type:"headlineEmphasized3",children:d("CometCookieConsentModalStringsUpdated").IF_ALLOW_THESE_COOKIES})}),l=h.jsx("div",{style:{marginLeft:10},children:h.jsx(d("CometCookieConsentUtils.react").CometConsentListBullets,{list:[d("CometCookieConsentModalStringsUpdated").IF_ALLOW_THESE_COOKIES_ITEM_1,d("CometCookieConsentModalStringsUpdated").IF_ALLOW_THESE_COOKIES_ITEM_2,d("CometCookieConsentModalStringsUpdated").IF_ALLOW_THESE_COOKIES_ITEM_3]})}),m=h.jsx(c("CometListCellText.react"),{headline:h.jsx(c("TetraText.react"),{type:"headlineEmphasized3",children:d("CometCookieConsentModalStringsUpdated").IF_DONT_ALLOW_THESE_COOKIES})}),n=h.jsx("div",{style:{marginLeft:10},children:h.jsx(d("CometCookieConsentUtils.react").CometConsentListBullets,{list:[d("CometCookieConsentModalStringsUpdated").IF_DONT_ALLOW_THESE_COOKIES_ITEM_1,d("CometCookieConsentModalStringsUpdated").IF_DONT_ALLOW_THESE_COOKIES_ITEM_2]})}),o="https://www.facebook.com/privacy/policies/cookies/?annotations[0]=explanation%2F3_companies_list";g.CometCookieConsent2023Q1OtherCompanies=a}),98); equals www.facebook.com (Facebook)
Source: chromecache_290.1.dr	String found in binary or memory: __d("CometLegalFooter.react",["fbt","ix","CometErrorBoundary.react","CometLazyPopoverTrigger.react","CometLink.react","CometMiddot.react","CometPressable.react","JSResourceForInteraction","ServerTime","TetraIcon.react","TetraText.react","XDataPolicyControllerRouteBuilder","XPrivacyPolicyCometControllerRouteBuilder","fbicon","gkx","qex","react","useCurrentRoute"],(function(a,b,c,d,e,f,g,h,i){"use strict";var j=d("react"),k=c("JSResourceForInteraction")("CometLegalFooterMoreMenu.react").__setRef("CometLegalFooter.react");function l(){try{var a;return(a=new Date(d("ServerTime").getMillis()))==null?void 0:a.getFullYear()}catch(a){return null}}function a(a){var b=a.isHelpCenter;b=b===void 0?!1:b;var e=a.isPage;e=e===void 0?!1:e;var f=a.onClick,g=c("useCurrentRoute")();a=l();var m=c("qex")._("698")===!0;m=m?c("XPrivacyPolicyCometControllerRouteBuilder").buildUri({entry_point:"comet_dropdown"}):c("XDataPolicyControllerRouteBuilder").buildUri({});e=[{href:"https://www.facebook.com/legal/terms/information_about_page_insights_data",label:h._("Information about Page Insights Data"),render:e&&c("gkx")("1470093")},{href:m.toString(),label:h._("Privacy"),testid:"CometDropdownPrivacy"},{href:"/terms?ref=pf",label:"Impressum/Terms/NetzDG/UrhDaG",render:c("gkx")("1539946")&&!c("gkx")("4359")},{href:"/terms?ref=pf",label:h._("Imprint\/Terms"),render:c("gkx")("4359")},{href:"/legal/netzdg/",label:h._("NetzDG\/UrhDaG\/Ranking of Content"),render:c("gkx")("4359")},{href:"/policies?ref=pf",label:h._("Terms"),render:!c("gkx")("1539946")&&!c("gkx")("4359"),testid:"CometDropdownTerms"},{href:"/business/",label:h._("Advertising")},{href:"/help/568137493302217",label:j.jsxs(j.Fragment,{children:[h._("Ad Choices")," ",j.jsx(c("CometErrorBoundary.react"),{children:j.jsx("span",{className:"x1n2onr6 x1qiirwl",children:j.jsx(c("TetraIcon.react"),{color:"secondary",icon:d("fbicon")._(i("871692"),12)})})})]})},{href:"/policies/cookies/",label:h._("Cookies"),testid:"CometDropdownCookies"}].filter(function(a){return a.render==null\|\|a.render===!0});var n=[];if((g==null?void 0:(m=g.rootView.props)==null?void 0:m.seoCrawlingPool)&&(g==null?void 0:(m=g.rootView.props)==null?void 0:m.seoCrawlingPool.url)){Array.from(Array((g==null?void 0:(m=g.rootView.props)==null?void 0:m.seoCrawlingPool.multiple_links)\|\|0)).forEach(function(a,b){n.push(j.jsxs("li",{className:"xt0psk2",children:[j.jsx(c("CometLink.react"),{color:"secondary",href:g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawlingPool.url,onClick:f,weight:"normal",children:g==null?void 0:(a=g.rootView.props)==null?void 0:a.seoCrawlingPool.link_string}),j.jsx(c("CometMiddot.react"),{})]},b))})}if((g==null?void 0:(m=g.rootView.props)==null?void 0:m.seoGrowthAutomationCrawlingPool)&&(g==null?void 0:(m=g.rootView.props)==null?void 0:m.seoGrowthAutomationCrawlingPool.url)){var o;m=(m=g==null?void 0:(m=g.rootView.props)==null?void 0:m.seoCrawlingPool.multiple_links)!=null?m:0;n.push(j.jsxs("li",{className:"xt0psk2",children:[j.jsx(
Source: chromecache_377.1.dr	String found in binary or memory: __d("CometNMEEducationStrings",["fbt","CometLink.react","react"],(function(a,b,c,d,e,f,g,h){"use strict";var i=c("react"),j="https://www.facebook.com/help/196050490547892";function a(){return Object.freeze({getBBEducationPopoverTextForPage:function(){return h._("Facebook confirmed this Page is authentic.")},getBBEducationPopoverTextForProfile:function(){return h._("Facebook confirmed this profile is authentic.")},getVerifiedSectionBody:function(){return h._("A verified badge now means an account has been verified with a government ID, and may not be well known. Meta Verified is a subscription that offers enhanced verification, proactive account protection and increased visibility in search, comments and recommendations. {learn more link}",[h._param("learn more link",i.jsx(c("CometLink.react"),{href:j,target:"_blank",children:h._("Learn more")}))])},getVerifiedSectionTitle:function(){return h._("Verified")}})}g["default"]=a}),98); equals www.facebook.com (Facebook)
Source: chromecache_377.1.dr	String found in binary or memory: __d("FBPayECPAPMUtils",["ConstUriUtils","PaypalPopup","recoverableViolation"],(function(a,b,c,d,e,f,g){"use strict";var h=900,i=900;e="apm_button";f="apm_button";var j="apm_url",k="apm_webview";function l(a){switch(a){case"NEW_PAYPAL_CHECKOUT":return"new_paypal_checkout";case"NEW_PAYPAL_BNPL_CHECKOUT":return"new_paypal_bnpl_checkout";case"NEW_SHOP_PAY":return"new_shop_pay";default:if(a!=null){c("recoverableViolation")("unsupported credential type: \n"+a,"fbpay");return"dummy"}else return"dummy"}}function a(a,b,c,e,f,g,h){var i;i=(i=d("ConstUriUtils").getUri("/payments/redirect/"))==null?void 0:(i=i.setDomain("facebook.com"))==null?void 0:(i=i.setSecure(!0))==null?void 0:(i=i.addQueryParam("type","rp"))==null?void 0:(i=i.addQueryParam("instance_id",g))==null?void 0:i.toString();return{credential_type:a,session_id:h,start_credential_acquisition_request:{checkout_session_info:{apm_client_return_url:(a=i)!=null?a:"https://www.facebook.com",app_return_failure_url:"https://www.facebook.com",app_return_success_url:"https://www.facebook.com",checkout_session_id:g,payment_product_id:c},client_request_id:f,order_info:{charge_amount:b,merchant_routing_country:"US",receiver_info:{receiver_id:e}}}}}function m(a,b,c,d,e,f,g,h){return{complete_credential_acquisition_request:{checkout_session_id:f,client_request_id:e,payment_product_id:d,processor_data:{paypal_braintree_data:{external_payer_id:c,external_payment_id:b,payment_token:h},processor_token:h}},credential_type:a,session_id:g}}function b(a,b,d,e,f,g,j,n,o){try{b=new(c("PaypalPopup"))({},g).setIsDigitalGoodsFlow(!1).setWidth(h).setHeight(i).setPaymentType("ECP").setHandler(function(a){a=m(d,a.external_payment_id,a.payer_id,e,f,g,j,a.processor_token);o(a)}).setCancelHandler(b).setPollingInterval(100);return b}catch(c){n();b={error:c.toString()};a.logClientLoadAPMCredentialFail(l(d),e,k,b)}return null}var n="https://www.internalfb.com/intern/wiki/Meta_FinTech/MFT_Engineering/Business/B2B/Billing_Interfaces_Platform/Engineering/Testing_Guides/testing-in-dev/#payments-dev-environment";g.apmButtonViewName=e;g.apmButtonTargetName=f;g.apmRedirectViewName=j;g.apmCredentialViewName=k;g.castCredentialType=l;g.getStartCrendetialAcquisitionInputData=a;g.getPaypalPopupHandler=b;g.PAYMENT_DEV_LINK=n}),98); equals www.facebook.com (Facebook)
Source: chromecache_313.1.dr	String found in binary or memory: __d("FacebookCookieConsentCustomization",["fbt","ix","JSResourceForInteraction","XCookiesPolicyControllerRouteBuilder","isBaseline4EnabledForLoggedOut","isCNILEnabledForLoggedOut","lazyLoadComponent"],(function(a,b,c,d,e,f,g,h,i){"use strict";var j=c("lazyLoadComponent")(c("JSResourceForInteraction")("FacebookCometCookieConsentDialogDataSettings.react").__setRef("FacebookCookieConsentCustomization"));a=function(){var a,b,d,e=null;c("isBaseline4EnabledForLoggedOut")()\|\|c("isCNILEnabledForLoggedOut")()?(b=i("1954651"),d=i("1954649"),e=h._("More options")):(b=i("856481"),d=i("856481"),e=h._("Manage Data Settings"));a=(a=(a=c("XCookiesPolicyControllerRouteBuilder").buildUri({}).getQualifiedUri())==null?void 0:(a=a.setDomain("www.facebook.com"))==null?void 0:a.toString())!=null?a:"";return{essentialCookiesOnly:!1,faviconDark:d,faviconLight:b,policyUrl:a,productName:"FACEBOOK",secondaryAction:{label:e,viewReference:j}}};b=a;g["default"]=b}),98); equals www.facebook.com (Facebook)
Source: chromecache_377.1.dr	String found in binary or memory: __d("GroupsCometMemberCountAndPrivacy.react",["fbt","CometLink.react","CometMiddot.react","CometRelay","CometRow.react","CometRowItem.react","CurrentEnvironment","GroupsCometMemberCountAndPrivacy_group.graphql","GroupsCometPrivacyText.react","XCometGroupMembersControllerRouteBuilder","promiseDone","react","requireDeferred","useGroupsCometMemberCount","useMinifiedProductAttribution","usePreviousSurfaceForGroupLogging"],(function(a,b,c,d,e,f,g,h){"use strict";var i,j=d("react"),k=d("react").useRef,l=c("requireDeferred")("GroupClickActionFalcoEvent").__setRef("GroupsCometMemberCountAndPrivacy.react"),m="www.facebook.com";function a(a){var e;a=a.group$key;var f=d("CometRelay").useFragment(i!==void 0?i:i=b("GroupsCometMemberCountAndPrivacy_group.graphql"),a);a=(f==null?void 0:f.if_viewer_can_see_subgroups_auto_join)!=null;e=c("CurrentEnvironment").messengerdotcom?(e=c("XCometGroupMembersControllerRouteBuilder").buildUri({idorvanity:f.id}).setDomain(m))==null?void 0:(e=e.setProtocol("https"))==null?void 0:e.toString():c("XCometGroupMembersControllerRouteBuilder").buildUri({idorvanity:f.id}).toString();var g=c("useGroupsCometMemberCount")({group$key:f}),n=c("useMinifiedProductAttribution")(),o=c("usePreviousSurfaceForGroupLogging")(),p=k(o);o=function(){c("promiseDone")(l.load().then(function(a){return a.log(function(){var a;return{attribution_id:"[]",attribution_id_v2:(a=n)!=null?a:"[]",current_surface:"group_mall",group_id:(a=f.id)!=null?a:"",previous_surface:p.current,unit_name:"group_ngn_members"}})}))};return j.jsxs(c("CometRow.react"),{align:"start",paddingHorizontal:0,paddingTop:0,spacing:4,verticalAlign:"center",wrap:"forward",children:[j.jsx(c("CometRowItem.react"),{children:j.jsx(c("GroupsCometPrivacyText.react"),{group$key:f})}),g!=null&&j.jsx(c("CometRowItem.react"),{children:j.jsx(c("CometMiddot.react"),{})}),a?j.jsx(c("CometRowItem.react"),{children:h._("All group members")}):g!=null&&j.jsx(c("CometRowItem.react"),{children:j.jsx(c("CometLink.react"),{color:"secondary",href:e,onClick:o,children:g})})]})}a.displayName=a.name+" [from "+f.id+"]";g["default"]=a}),98); equals www.facebook.com (Facebook)
Source: chromecache_377.1.dr	String found in binary or memory: __d("MWV2ThreadNullstate.react",["fbt","CometLink.react","CometScrollableArea.react","I64","JSResourceForInteraction","LSIntEnum","LSNullstateCTAType","LSThreadTitle.react","MWPreloadedText","MWV2ThreadNullstateCTAs.react","MWXText.react","P2bDifferentiationPrivacyDisclosureOpenClickWebFalcoEvent","gkx","qex","react","useCometLazyDialog"],(function(a,b,c,d,e,f,g,h){"use strict";var i=d("react"),j=d("react").useContext,k={privacy_text:{paddingBottom:"xx6bls6",paddingStart:"xurb0ha",paddingEnd:"x1sxyh0",$$css:!0},privacy_text_offset:{paddingBottom:"xg8j3zb",paddingTop:"x1iorvi4",$$css:!0},welcome_text:{paddingBottom:"x1hhzuzn",paddingStart:"xurb0ha",paddingEnd:"x1sxyh0",$$css:!0}};function a(a){var b,e=a.initiatingSource,f=a.lsSource;f=f===void 0?"unknown":f;var g=a.nullstate,l=a.nullstateCtas,m=a.thread;a=j(c("MWPreloadedText"));b=(b=c("qex")._("357"))!=null?b:!1;b=b?h._("Click to send"):h._("Tap to send");var n=h._("When you send a message, {name} will see your {= public info link}.",[h._param("name",i.jsx(c("LSThreadTitle.react"),{thread:m,wrapOutput:function(a,b){return b}})),h._param("= public info link",i.jsx(c("CometLink.react"),{color:"primary",href:"https://www.facebook.com/help/messenger-app/719578818758231",role:"link",target:"_blank",children:i.jsx(c("MWXText.react"),{type:"body4",children:h._("public info")})}))]),o=g.privacyText,p=g.welcomeText,q=g.privacyTextNonWelcomeScreen,r=a.text!=null&&!!q;r=r\|\|o!=null?i.jsx(c("MWXText.react"),{color:"secondary",type:"body4",children:r?q:o}):null;q=c("useCometLazyDialog")(c("JSResourceForInteraction")("MWPrivacyDisclosureDialog.bs").__setRef("MWV2ThreadNullstate.react"));var s=q[0];q=g.privacyTextCtaTitle;q=i.jsx(c("CometLink.react"),{color:"primary",onClick:function(){s({entryPoint:"NULL_STATE",threadKey:m.threadKey},function(){}),c("P2bDifferentiationPrivacyDisclosureOpenClickWebFalcoEvent").log(function(){return{consumer_id:"0",entry_point:"NULL_STATE",page_id:d("I64").to_string(m.threadKey)}})},role:"link",target:"_blank",children:q!=null?i.jsx(c("MWXText.react"),{color:"blueLink",type:"body4",children:q}):null});p=i.jsxs("div",{children:[p!=null&&a.text==null?l.length!==0?p!==b.toString()?i.jsxs("div",{children:[i.jsx("div",{className:"x1hhzuzn xurb0ha x1sxyh0",children:i.jsx(c("MWXText.react"),{align:"center",color:"secondary",type:"headline4",children:p})}),i.jsx("div",{className:"x1hhzuzn xurb0ha x1sxyh0",children:i.jsx(c("MWXText.react"),{align:"center",color:"secondary",type:"headline4",children:b})})]}):i.jsx("div",{className:"x1hhzuzn xurb0ha x1sxyh0",children:i.jsx(c("MWXText.react"),{align:"center",color:"secondary",type:"headline4",children:b})}):p!==b.toString()?i.jsx("div",{className:"x1hhzuzn xurb0ha x1sxyh0",children:i.jsx(c("MWXText.react"),{align:"center",color:"secondary",type:"headline4",children:p})}):null:l.length!==0&&a.text!=null?i.jsx("div",{className:"x1hhzuzn xurb0ha x1sxyh0",children:i.jsx(c("MWXText.react"),{align:"center",color:"secondary",type:"headline4",childr
Source: chromecache_336.1.dr	String found in binary or memory: __d("MarketplaceSellerProfileRatings.react",["fbt","CometColumn.react","CometColumnItem.react","CometLink.react","CometRelay","CometStarRating.react","CometUnit.react","CometUnitHeader.react","CurrentUser","MarketplaceSellerProfileBadRatings.react","MarketplaceSellerProfileGoodRatings.react","MarketplaceSellerProfileRatings_user.graphql","TetraTextPairing.react","gkx","react"],(function(a,b,c,d,e,f,g,h){"use strict";var i,j=d("react");function a(a){var e,f,g,k;a=d("CometRelay").useFragment(i!==void 0?i:i=b("MarketplaceSellerProfileRatings_user.graphql"),a.user);e=(e=(e=a.marketplace_ratings_stats_by_role)==null?void 0:(e=e.seller_stats)==null?void 0:e.min_ratings_required_to_be_public)!=null?e:c("gkx")("1923901")?3:5;var l=c("CurrentUser").getID()===a.id;f=((f=a.marketplace_ratings_stats_by_role)==null?void 0:(f=f.seller_stats)==null?void 0:f.five_star_total_rating_count_by_role)\|\|0;g=!((g=(g=a.marketplace_ratings_stats_by_role)==null?void 0:g.seller_ratings_are_private)!=null?g:!0);k=((k=a.marketplace_ratings_stats_by_role)==null?void 0:(k=k.seller_stats)==null?void 0:k.five_star_ratings_average)\|\|0;return!g&&!l?null:j.jsx(c("CometUnit.react"),{header:j.jsx(c("CometUnitHeader.react"),{hasTopDivider:!0,headline:h._("Seller Ratings"),level:3}),children:j.jsxs(c("CometColumn.react"),{paddingHorizontal:16,spacing:12,children:[j.jsx(c("CometColumnItem.react"),{children:j.jsx(c("CometStarRating.react"),{filledColor:"accent",rating:k,size:24})}),j.jsx(c("CometColumnItem.react"),{children:j.jsx(c("TetraTextPairing.react"),{body:f>0?h._({"":"Based on {number} ratings","_1":"Based on 1 rating"},[h._plural(f,"number")]):h._("No ratings"),level:4,meta:g?void 0:(k=h._plural(e,"number"),h._({"":"(Visible to the public after {number} ratings. {=m4})","_1":"(Visible to the public after 1 rating. {=m4})"},[k,h._implicitParam("=m4",j.jsx(c("CometLink.react"),{color:"highlight",href:"https://www.facebook.com/help/915385548593204",children:h._({"*":"Learn more"},[k])}))]))})}),f>0?j.jsx(c("MarketplaceSellerProfileGoodRatings.react"),{user:a}):null,f>0&&l?j.jsx(c("MarketplaceSellerProfileBadRatings.react"),{user:a}):null]})})}a.displayName=a.name+" [from "+f.id+"]";g["default"]=a}),98); equals www.facebook.com (Facebook)
Source: chromecache_377.1.dr	String found in binary or memory: __d("PayoutEnvironmentProvider",["$InternalEnum","BSCRoutingUtil","CometRouteParams","CometTransientDialogProvider.react","PayoutUPLLogger","cr:6380","cr:6626","react"],(function(a,b,c,d,e,f,g){"use strict";var h=d("react"),i=d("react"),j=i.useContext,k=i.useMemo,l=b("$InternalEnum").Mirrored(["FBS_WEB","FB_WEB","OC_WEB","CS_WEB","BIZAPP_IOS","BIZAPP_ANDROID","FB_IOS","FB_ANDROID","IG_IOS","IG_ANDROID","HM_WEB","NONPROFIT_MANAGER","MOMA_WEB"]),m=new(c("PayoutUPLLogger"))({productType:"payouthub_msc"}),n="https://www.facebook.com/help/contact/1540812909361378/?ref=payout_hub",o=!1,p=h.createContext({get:function(){return l.FB_WEB},getCurrentFEID:function(){return""},getRouteBuilder:function(){return d("BSCRoutingUtil").getRouteBuilder(l.FB_WEB)},isIgOnly:function(){return o},logger:function(){return m},routeDispatcher:function(a,b){},routeParameterUpdater:function(){return null},supportFormURI:function(){return n},transactionLinks:function(a){return null}});function a(a){var e=a.children,f=a.environmentType,g=a.isIgOnly,i=a.supportFormURI,j=a.transactionLinks,q=b("cr:6380")();f===l.MOMA_WEB&&b("cr:6626")!=null&&(q=function(a){b("cr:6626").get().navigateTo(a)});var r=d("CometRouteParams").useRouteParams().fe_id,s=d("BSCRoutingUtil").useRouteParameterUpdaterUtil(f);a=k(function(){var a;switch(f){case l.FBS_WEB:a="FBS_WEB";break;case l.FB_WEB:a="FACEBOOK_WEB";break;case l.OC_WEB:a="OC_WEB";break;case l.CS_WEB:a="CS_WEB";break;case l.BIZAPP_IOS:a="BIZAPP_IOS";break;case l.BIZAPP_ANDROID:a="BIZAPP_ANDROID";break;case l.FB_IOS:a="FB_IOS";break;case l.FB_ANDROID:a="FB_ANDROID";break;case l.IG_IOS:a="IG_IOS";break;case l.IG_ANDROID:a="IG_ANDROID";break;case l.HM_WEB:a="HM_WEB";break;case l.NONPROFIT_MANAGER:a="NONPROFIT_MANAGER";break;case l.MOMA_WEB:a="MOMA_WEB";break}m.setInterface(a);if(g!=null){var b=g===!0?"IG_ONLY_LOGIN":"FB_LOGIN";m.setLoginMode(b)}return{get:function(){return f},getCurrentFEID:function(){return typeof r==="string"?r:""},getRouteBuilder:function(){return d("BSCRoutingUtil").getRouteBuilder(f)},isIgOnly:function(){var a;return(a=g)!=null?a:o},logger:function(){return m},routeDispatcher:function(a,b){if(typeof q==="function")q(a);else{var c;(c=q)==null?void 0:c.go(a,b)}},routeParameterUpdater:function(){return s},supportFormURI:function(){var a;return(a=i)!=null?a:n},transactionLinks:function(a){if(j)return j(a)}}},[f,g,r,q,s,i,j]);return h.jsx(p.Provider,{value:a,children:h.jsx(c("CometTransientDialogProvider.react"),{children:e})})}a.displayName=a.name+" [from "+f.id+"]";function e(){var a=j(p);return a.get()}function q(){var a=j(p);return a.logger()}function r(){var a=j(p);return a.supportFormURI()}function s(){var a=j(p);return a.isIgOnly()}function t(){var a=j(p);return a.routeDispatcher}function u(){var a=j(p);return a.getCurrentFEID()}function v(){var a=j(p);return a.getRouteBuilder()}function w(){var a=j(p);return a.routeParameterUpdater()}function x(){var a=j(p);return a.transactionLinks}g.PayoutEnvironmentType=l;g.PayoutEnv
Source: chromecache_377.1.dr	String found in binary or memory: __d("PaypalPopup",["ConstUriUtils","PaypalPopupManager","Popup","UserAgent","XPaymentsPaypalInitController","emptyFunction","gkx","guid"],(function(a,b,c,d,e,f,g){var h="https://secure.facebook.com";a=function(){function a(a,b){this.cancelHandler=c("emptyFunction"),this.handler=c("emptyFunction"),this.width=0,this.height=0,this.pollingInterval=100,this.isDigitalGoodsFlow=!0,this.isFinalStepOfDigitalGoodsFlow=!1,this.overrideUri=null,this.fbpayUPLLogger=null,this.paymentType=null,this.initData=a,this.pollingInterval=100,this.isDigitalGoodsFlow=!0,this.isFinalStepOfDigitalGoodsFlow=!1,this.timerID,this.width,this.height,this.secretKey=b!=null?b:"paypalPopup$"+c("guid")(),c("PaypalPopupManager").register(this.secretKey,this)}var b=a.prototype;b.setPollingInterval=function(a){this.pollingInterval=a;return this};b.setIsDigitalGoodsFlow=function(a){this.isDigitalGoodsFlow=a;return this};b.setIsFinalDigitalGoodFlow=function(a){this.isFinalStepOfDigitalGoodsFlow=a;return this};b.setCancelHandler=function(a){this.cancelHandler=a;return this};b.setHandler=function(a){this.handler=a;return this};b.setWidth=function(a){this.width=a;return this};b.setHeight=function(a){this.height=a;return this};b.setUPLLogger=function(a){this.fbpayUPLLogger=a;return this};b.setOverrideUri=function(a){this.overrideUri=a;return this};b.setPaymentType=function(a){this.paymentType=a;return this};b.open=function(){var a=this.initData,b=this.paymentType==="MOR_VOICES",e=c("gkx")("1902661")\|\|b?"rpi":"rp";this.fbpayUPLLogger!=null&&this.fbpayUPLLogger.logClientLoadCredentialSuccess({credential_type:"new_paypal_ba",view_name:"add_paypal"});Object.prototype.hasOwnProperty.call(a,"redirect_data")?(a.redirect_data.instance_id=this.secretKey,a.redirect_data.type=e):a.redirect_data={instance_id:this.secretKey,type:e};a.is_dg_flow_final_action=this.isFinalStepOfDigitalGoodsFlow;if(this.overrideUri!=null){e=this.overrideUri.getQueryParam("close_url");if(e!=null){a.close_url=(e=d("ConstUriUtils").getUri(String(e)))==null?void 0:(e=e.addQueryParams(new Map(Object.entries(a.redirect_data))))==null?void 0:e.toString()}e=(e=this.overrideUri)==null?void 0:(e=e.addQueryParams(new Map(Object.entries(a))))==null?void 0:e.toString()}else e=c("XPaymentsPaypalInitController").getURIBuilder().getURI().setProtocol("https").setSubdomain("secure").setQueryData(a),b&&(e=e.setDomain("facebook.com")),e=e.toString();this.popup=d("Popup").open(e,this.getHeight(),this.getWidth());this.setupPopupOpenCheck()};b.redirectPopUpTo=function(a){this.popup&&(this.popup.location=a)};b.openLoadingPage=function(){c("UserAgent").isBrowser("Firefox")\|\|c("UserAgent").isBrowser("Safari")?this.popup=d("Popup").open("https://www.paypal.com/newtab",this.getHeight(),this.getWidth()):this.popup=d("Popup").open("about:blank",this.getHeight(),this.getWidth()),this.setupPopupOpenCheck()};b.close=function(a){this.closePopup(),a.cancel?this.cancelHandler(a):this.handler&&this.handler(a)};b.setupPopupOpenCheck=function(){var a=this;this.t
Source: chromecache_352.1.dr	String found in binary or memory: __d("SellerHealthDashboardConstants",["$InternalEnum"],(function(a,b,c,d,e,f){"use strict";a=b("$InternalEnum").Mirrored(["AVERAGE_PRODUCT_RATING","CHARGEBACK","CLAIM_ESCALATION","LATE_DELIVERY","LATE_HANDLING","NEGATIVE_CUSTOMER_REVIEWS","SELLER_INITIATED_CANCELLATION"]);c=b("$InternalEnum").Mirrored(["MAILING_LIST","OFFERS","PRODUCT_LAUNCHES","SHOP_TAB","SYML"]);d=12;e=6;b=[a.LATE_DELIVERY,a.LATE_HANDLING,a.NEGATIVE_CUSTOMER_REVIEWS,a.AVERAGE_PRODUCT_RATING,a.SELLER_INITIATED_CANCELLATION,a.CLAIM_ESCALATION,a.CHARGEBACK];var g=84,h=49,i=28,j=21,k="&return_status=in_progress",l="SellerHealthMetricRecommendationCard",m="SellerHealthMetricCard",n="SellerHealthMetricAppealCard",o="SellerHealthAppealsModal",p="SellerHealthAppealsConfirmationModal",q="SellerHealthDetailPage",r="SellerHealthMetricDetailsTable",s="SellerHealthEvaluationCard",t="SellerHealthDashboardPolicyComplianceCard",u="SellerHealthTableLayout",v="SellerHealthMetricsReportCard",w="https://www.facebook.com/business/help/2347002662267537",x="https://www.facebook.com/business/help/1268984156585391",y="https://www.facebook.com/business/help/386185880223138",z="https://transparency.fb.com/policies/community-standards/?source=https%3A%2F%2Fwww.facebook.com%2Fcommunitystandards%2F",A="https://www.facebook.com/policies_center/community_feedback/";f.HealthMetrics=a;f.AccountHealthFeature=c;f.PAGE_COLUMNS_SPAN=d;f.METRIC_COLUMNS_SPAN=e;f.METRICS=b;f.DAYS_SINCE_START_OF_EVALUATION_WINDOW=g;f.DAYS_SINCE_START_OF_EVALUATION_WINDOW_28D=h;f.DAYS_SINCE_END_OF_EVALUATION_WINDOW=i;f.DAYS_SINCE_END_OF_EVALUATION_WINDOW_28D=j;f.shopifyReturnPageFilter=k;f.recommendationCardComponent=l;f.metricCardComponent=m;f.appealCardComponent=n;f.appealModalComponent=o;f.appealConfirmationComponent=p;f.viewDetailsPageComponent=q;f.viewDetailsTable=r;f.evaluationCardComponent=s;f.policyComplianceCardComponent=t;f.tableLayoutComponent=u;f.metricsReportCardComponent=v;f.COMMERCE_ELIBILITY_REQUIREMENTS_LINK=w;f.ACCOUNT_HEALTH_HELP_CENTER_ARTICLE_LINK=x;f.SELLER_PERFORMANCE_STANDARDS_LINK=y;f.COMMUNITY_STANDARDS_LINK=z;f.COMMUNITY_FEEDBACK_POLICY_LINK=A}),66); equals www.facebook.com (Facebook)
Source: chromecache_362.1.dr	String found in binary or memory: __d("VideoPlayerFallbackLearnMoreLink.react",["fbt","CometLink.react","TetraText.react","gkx","react"],(function(a,b,c,d,e,f,g,h){"use strict";var i=d("react");function a(a){a=c("gkx")("1224637")?"/help/work/1876956335887765/i-cant-view-or-play-videos-on-workplace":"https://www.facebook.com/help/396404120401278/list";return i.jsx(c("TetraText.react"),{color:"primaryOnMedia",type:"headlineEmphasized3",children:i.jsx(c("CometLink.react"),{href:a,children:h._("Learn More")})})}a.displayName=a.name+" [from "+f.id+"]";g["default"]=a}),98); equals www.facebook.com (Facebook)
Source: chromecache_377.1.dr	String found in binary or memory: __d("useEventsShareToGivenGroupAction",["Actor","EventCometActionContext","EventCometActionLogger","XCometEventPermalinkControllerRouteBuilder","cr:864","emptyFunction","react","useCometEntryPointDialog"],(function(a,b,c,d,e,f,g){"use strict";e=d("react");var h=e.useContext,i=e.useRef;function a(a){var e=a.eventID,f=a.eventUrl,g=a.groupID,j=a.isViewerAdmin,k=a.mechanism,l=a.prefillText,m=a.surface,n=a.upcomingCount,o=a.actionType,p=o===void 0?"click":o;o=a.actionTarget;var q=o===void 0?"share_to_given_group_button":o;o=a.onClose;var r=o===void 0?function(){}:o;a=d("Actor").useActor();o=a[0];f={actorID:o,id:g,prefillText:l,url:((a=f)!=null?a:e!=="")?(l=(o=c("XCometEventPermalinkControllerRouteBuilder").buildUri({event_id:e}).setDomain("www.facebook.com"))==null?void 0:o.toString())!=null?l:"":""};a=i(null);o=c("useCometEntryPointDialog")(b("cr:864"),f);var s=o[0],t=h(c("EventCometActionContext"));l=function(){d("EventCometActionLogger").log(e,{acontext:t,mechanism:k,surface:m,target:q,type:p},{group_id:g,is_viewer_admin:j,upcoming_count:n}),s({onReturn:c("emptyFunction"),onShareComplete:function(){d("EventCometActionLogger").log(e,{acontext:t,mechanism:k,surface:m,target:q,type:"share"},{group_id:g,is_viewer_admin:j,upcoming_count:n}),r()},onShareFail:c("emptyFunction"),shareScrapeData:"",storyData:null})};return{onClick:l,triggerRef:a}}g["default"]=a}),98); equals www.facebook.com (Facebook)

Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: chromecache_305.1.dr	String found in binary or memory: http://google.com
Source: chromecache_305.1.dr	String found in binary or memory: http://google.com/maps
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: chromecache_277.1.dr	String found in binary or memory: http://schema.org/WebPage
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: chromecache_236.1.dr, chromecache_321.1.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_277.1.dr	String found in binary or memory: https://accounts.google.com/ServiceLogin?hl
Source: chromecache_293.1.dr, chromecache_342.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_293.1.dr, chromecache_342.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://api.aadrm.com
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://api.aadrm.com/
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://api.addins.store.office.com/app/query
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://api.cortana.ai
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://api.office.net
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: F3EA5CE5-5C27-4346-921A-BA7873DFADF5.6.dr	String found in binary or memory: https://api.onedrive.com

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.102Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tn.jsp?f=001CCL86fJDpsRHuQQ0MIIthqGUZAi2JUmHy4ncAcHjuvjM9iX8_HMVbioNepGkgiWJEOLK3XwyAzolplhu7jFP1SY-CXFM79kRh97w3oOttmLpYJWcRXPAy--Bg77Ali40YMwS57tnIwudzcFXYlT3qfpsvr33mz9lvlI43f74n2DUlbzGilODsQ==&c=IGiZdO4-K681vYDJ-JQn4a9__m62OX-wSBz1F1fIKT1VrZkocTlB9Q==&ch=Y28P-IEvypj9CHsGeYCy2XEfDQKhf9AncPYlUSh8eBNU-Rr4xocjcA== HTTP/1.1Host: r20.rs6.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /BottomLineConceptsLLC/ HTTP/1.1Host: www.facebook.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yt/l/0,cross/YRdeZKaoFRV.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yH/r/L06-BxVb16o.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3ihsI4/yX/l/en_US/oMpzTaQgOR8hMpWAVYlXdYu_Iz5Tn8vf-mO_tRkQdliBLgvwffuKmeXNxFzSLFjuDvBEPAtSb-fc72ScckIVDALtb-2zB45PiS91n5cx2jeI7CQ50iNXfarXG3-bM5ry7GMHLjXzORdMbdwFi-aVUJLm73QbCd88upp-C0201vZBLsuZdm0oi1FQlnLoYlm25-h0gE_R9PIWAtR0Kp55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iBKX4/yz/l/en_US/hnVurozPtf-.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3izHu4/y3/l/en_US/GEBr6B1CD8P.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3icFd4/yP/l/en_US/YlTxHtl_2HX7hiR07EzxooT31SvzVtrGKdTjRO0q-nxILosSkpxwdy0.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3idBq4/yR/l/en_US/YX_pyITj8P9.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3ilgK4/yu/l/en_US/Y4Wn-QhexES.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iJeu4/yW/l/en_US/eibuaAXv244.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yr/r/Mh1DyvZSY7n.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iFgX4/yq/l/en_US/cR3-7WZCIuFRxRgx7aBlEhPmGZ-e9jTR_gBqNeLXuwgS6DIsEFDSvi5mvqdG8rMFmBCDvUN52qYMfbkbZIIqm0SedZY8G4tAz8S2vhgnqbrhS02T5FfnaH9FVYWnnxUXXHShKNcaLdavv1kcmQsIb7Mh_IDzozzeNIiHW33mbYraReDjDCkzjnuGpsp.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3ihIw4/yF/l/en_US/C4Vscjm2Cpi.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3il4T4/yu/l/en_US/bQ_6mqPZ7GE.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3irHs4/y2/l/en_US/7MW4FbZ04-x.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3i7Ik4/yl/l/en_US/IRGQ886KHZR2pgyCr427spCixC5cRHIUCNb4BZAJH4CZrEk4DL4wE6NciOItvP1liacQpTNShd7j6NXy6KXaADepTAvMZ5zYE8BTd7IGd_XUqgQ9AjJWS_h0IgTjek126V0QFq_z-M3y3Bkz6DvUQeBAjc.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3iHfL4/yF/l/en_US/7QBVCOvyPu0.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t39.30808-6/338431032_6095484290494428_3250729999650697670_n.png?stp=dst-png_fb50_s320x320&_nc_cat=104&ccb=1-7&_nc_sid=e3f864&_nc_ohc=Nf47EfqnFZ8AX_SbWC9&_nc_ht=scontent-zrh1-1.xx&oh=00_AfBuXcOPv1bKjkhk9JQ1-0vDX4phEipMzFI5mgJZOrmPrg&oe=64852452 HTTP/1.1Host: scontent-zrh1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/ye/r/4PEEs7qlhJk.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t39.30808-6/338431032_6095484290494428_3250729999650697670_n.png?_nc_cat=104&ccb=1-7&_nc_sid=e3f864&_nc_ohc=Nf47EfqnFZ8AX_SbWC9&_nc_ht=scontent-zrh1-1.xx&oh=00_AfBZECMWfh_UBNLvU5O-ukp_t_YQd-rq8DVUF3ORVIg3jg&oe=64852452 HTTP/1.1Host: scontent-zrh1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t39.30808-6/346951665_6172899002803806_7287199530495698062_n.jpg?stp=c0.41.160.160a_dst-jpg_p160x160&_nc_cat=101&ccb=1-7&_nc_sid=574b62&_nc_ohc=b5MdVNnud5cAX-YHxFF&_nc_ht=scontent-zrh1-1.xx&oh=00_AfA9CEe_InV4DZQOSCELk-8Ypw6s5D50Y8FYEtJ1hh1KWg&oe=6483542C HTTP/1.1Host: scontent-zrh1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t39.30808-6/291972133_471938678265445_7038740350748896115_n.jpg?stp=c80.0.160.160a_dst-jpg_p160x160&_nc_cat=100&ccb=1-7&_nc_sid=574b62&_nc_ohc=mFc4Wz3gKO4AX-f3-OC&_nc_ht=scontent-zrh1-1.xx&oh=00_AfDcsvueAZB2Jp939IBKHewAutshGdDmkPN_U_n13aCv9w&oe=64845B86 HTTP/1.1Host: scontent-zrh1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t39.30808-6/351924043_130916166672723_7378247399580416388_n.jpg?stp=c18.0.160.160a_dst-jpg_p160x160&_nc_cat=101&ccb=1-7&_nc_sid=574b62&_nc_ohc=1aa38x4MHfkAX_gILf_&_nc_ht=scontent-zrh1-1.xx&oh=00_AfBc1JwcLJbw7l0nr7s5IkwghmXSL4SLUW5XwXT26OH24g&oe=64844C61 HTTP/1.1Host: scontent-zrh1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t39.30808-6/348844493_2512606765555783_4034908256627906766_n.jpg?stp=dst-jpg_p160x160&_nc_cat=100&ccb=1-7&_nc_sid=574b62&_nc_ohc=LC5YWvXXiR4AX92AK13&_nc_ht=scontent-zrh1-1.xx&oh=00_AfAZ_PxS6qR7PVd_tL0GE_oXtqYQGEQfniZ8zzqC3KAH6w&oe=6483E8AE HTTP/1.1Host: scontent-zrh1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yW/r/8k_Y-oVxbuU.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yT/r/Dc7-7AgwkwS.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yE/r/2PIcyqpptfD.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t39.30808-6/347806262_960539811806015_7684186186037199483_n.jpg?stp=c27.0.160.160a_cp6_dst-jpg_p160x160&_nc_cat=109&ccb=1-7&_nc_sid=574b62&_nc_ohc=ehdf6VjxiKMAX_8inrL&_nc_ht=scontent-zrh1-1.xx&oh=00_AfCFs43ZjUi0eMR4OLjOL9-clo3zFVN1z8l21n7DbfhLWQ&oe=6483BB67 HTTP/1.1Host: scontent-zrh1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yj/r/LPnnw6HJjJT.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/y3/r/BQdeC67wT9z.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/ye/r/4PEEs7qlhJk.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t39.30808-6/347647259_634913161467949_3985712804973973429_n.jpg?stp=c0.18.160.160a_cp6_dst-jpg_p160x160&_nc_cat=106&ccb=1-7&_nc_sid=574b62&_nc_ohc=LYyw7GPbrokAX-LQLCq&_nc_ht=scontent-zrh1-1.xx&oh=00_AfBelCkL3NbJDKCdlFbpRtplVzH_WtETP2dQhJX3XXnwnQ&oe=6484B9D4 HTTP/1.1Host: scontent-zrh1-1.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yV/r/jOzGYY5O9WJ.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t39.30808-6/346951665_6172899002803806_7287199530495698062_n.jpg?stp=c0.41.160.160a_dst-jpg_p160x160&_nc_cat=101&ccb=1-7&_nc_sid=574b62&_nc_ohc=b5MdVNnud5cAX-YHxFF&_nc_ht=scontent-zrh1-1.xx&oh=00_AfA9CEe_InV4DZQOSCELk-8Ypw6s5D50Y8FYEtJ1hh1KWg&oe=6483542C HTTP/1.1Host: scontent-zrh1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yT/r/Dc7-7AgwkwS.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v/t39.30808-6/351924043_130916166672723_7378247399580416388_n.jpg?stp=c18.0.160.160a_dst-jpg_p160x160&_nc_cat=101&ccb=1-7&_nc_sid=574b62&_nc_ohc=1aa38x4MHfkAX_gILf_&_nc_ht=scontent-zrh1-1.xx&oh=00_AfBc1JwcLJbw7l0nr7s5IkwghmXSL4SLUW5XwXT26OH24g&oe=64844C61 HTTP/1.1Host: scontent-zrh1-1.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yW/r/8k_Y-oVxbuU.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/cookies/cookie_info_card_image_4.png HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36viewport-width: 1280sec-ch-ua-platform-version: "8.0.0"sec-ch-ua-full-version-list: "Chromium";v="104.0.5112.102", " Not A;Brand";v="99.0.0.0", "Google Chrome";v="104.0.5112.102"sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/BottomLineConceptsLLC/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs