Edit tour

Windows Analysis Report
https://tiny.ee/AAZ8

Overview

General Information

Sample URL:https://tiny.ee/AAZ8
Analysis ID:1655053
Infos:

Detection

Score:56
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
AI detected landing page (webpage, office document or email)
HTML page contains hidden URLs
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML body with high number of embedded images detected
HTML title does not match URL
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 6936 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 7128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,13518129610167972777,9435742061913405732,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 2660 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tiny.ee/AAZ8" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.htmlJoe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The URL 'edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com' does not match the legitimate domain 'microsoft.com'., The URL contains multiple hyphens and unusual subdomain structure, which is a common tactic in phishing URLs., The domain 'linodeobjects.com' is associated with Linode, a cloud hosting provider, which could be used to host phishing sites., The presence of a personal or company name in the subdomain is suspicious and not typical for a Microsoft-related service. DOM: 2.5.pages.csv
Source: https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.htmlJoe Sandbox AI: Page contains button: 'VIEW DOCUMENT' Source: '2.2.pages.csv'
Source: https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.htmlHTTP Parser: https://one.alketbilabs.ai/
Source: https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.htmlHTTP Parser: Number of links: 0
Source: https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.htmlHTTP Parser: Total embedded image size: 45708
Source: https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.htmlHTTP Parser: Title: Account sign in does not match URL
Source: https://ballardcorntractors.net/HTTP Parser: let usuuid = "vak9rlbi9fmzzneubmt8vu3v3wmvo4kwmtfqrdb0/crtwotwglpucovoi9+i+dydqoctlyhv819ikruljlx48g=="; let policy = "xrhayzdlugvbr+c+/ccx6favvw8bhenhoagfxohejvipzw9bfgidd60tywt5vrao"; let sv = "0"; let sir = "1"; let tb = ""; function decstr(encryptedstring, key) { const keysize = [16, 24, 32]; if (!keysize.includes(key.length)) { throw new error("incorrect aes key length. use a 16, 24, or 32 bytes key."); } const encrypteddata = cryptojs.enc.base64.parse(encryptedstring); const iv = cryptojs.lib.wordarray.create(encrypteddata.words.slice(0, 4)); const ciphertext = cryptojs.lib.wordarray.create( encrypteddata.words.slice(4) ); const decrypteddata = cryptojs.aes.decrypt( { ciphertext: ciphertext, }, cryptojs.enc.utf8.parse(key), { ...
Source: https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.htmlHTTP Parser: No favicon
Source: https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.htmlHTTP Parser: No favicon
Source: https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.htmlHTTP Parser: No favicon
Source: https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.htmlHTTP Parser: No favicon
Source: https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.htmlHTTP Parser: No favicon
Source: https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.htmlHTTP Parser: No <meta name="author".. found
Source: https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.htmlHTTP Parser: No <meta name="author".. found
Source: https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.htmlHTTP Parser: No <meta name="copyright".. found
Source: https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.htmlHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 91.204.209.45:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 91.204.209.45:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.236.50.14:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.236.50.14:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.80.123:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.80.123:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.80.123:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.80.123:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.80.123:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.80.123:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.36.213.229:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.195.249:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.195.249:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.236.50.14:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.236.50.14:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.236.50.14:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.173.132.88:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.173.132.88:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.226.34.36:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.80.127:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.226.34.99:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.173.132.34:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.173.132.34:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.249.91.5:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.249.91.5:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.232.10.21:443 -> 192.168.2.16:49767 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.232.10.21:443 -> 192.168.2.16:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 64.23.255.40:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.68.147:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.16:49780 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.0.170:443 -> 192.168.2.16:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.69.226:443 -> 192.168.2.16:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.69.226:443 -> 192.168.2.16:49783 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 6MB later: 38MB
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /AAZ8 HTTP/1.1Host: tiny.eeConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /proof/qknagqtgrqjpaiegm43mjrk3pg HTTP/1.1Host: lonestarrrr.ziflow.ioConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://tiny.ee/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /api/branding/styles.css?1743625305665 HTTP/1.1Host: lonestarrrr.ziflow.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform-version: "10.0.0"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://lonestarrrr.ziflow.io/proof/qknagqtgrqjpaiegm43mjrk3pgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: AWSALBTG=rsnBfNP/t3WrfVgMaP5b41U5TTqwof1k5NkrQcunQ28RQZa4UbjOMs9XJq4YeVlAJOgv/lNRSu0yUrrQqTxi1ZJiNABLhmh9AsVD6igFiEZBDm5HOrDohiyeOtHpLF+oVSQpfgfyUklpdb7FX2msTf6+qN5J4M5L2ZvZcQHP+JLPxBkMMMU=; AWSALBTGCORS=rsnBfNP/t3WrfVgMaP5b41U5TTqwof1k5NkrQcunQ28RQZa4UbjOMs9XJq4YeVlAJOgv/lNRSu0yUrrQqTxi1ZJiNABLhmh9AsVD6igFiEZBDm5HOrDohiyeOtHpLF+oVSQpfgfyUklpdb7FX2msTf6+qN5J4M5L2ZvZcQHP+JLPxBkMMMU=
Source: global trafficHTTP traffic detected: GET /api/configuration HTTP/1.1Host: lonestarrrr.ziflow.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform-version: "10.0.0"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://lonestarrrr.ziflow.io/proof/qknagqtgrqjpaiegm43mjrk3pgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: AWSALBTG=rsnBfNP/t3WrfVgMaP5b41U5TTqwof1k5NkrQcunQ28RQZa4UbjOMs9XJq4YeVlAJOgv/lNRSu0yUrrQqTxi1ZJiNABLhmh9AsVD6igFiEZBDm5HOrDohiyeOtHpLF+oVSQpfgfyUklpdb7FX2msTf6+qN5J4M5L2ZvZcQHP+JLPxBkMMMU=; AWSALBTGCORS=rsnBfNP/t3WrfVgMaP5b41U5TTqwof1k5NkrQcunQ28RQZa4UbjOMs9XJq4YeVlAJOgv/lNRSu0yUrrQqTxi1ZJiNABLhmh9AsVD6igFiEZBDm5HOrDohiyeOtHpLF+oVSQpfgfyUklpdb7FX2msTf6+qN5J4M5L2ZvZcQHP+JLPxBkMMMU=
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/styles-E6OCYWWW.css HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveOrigin: https://lonestarrrr.ziflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/chunk-SAAV663H.js HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveOrigin: https://lonestarrrr.ziflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/chunk-RC4SPUNQ.js HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveOrigin: https://lonestarrrr.ziflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/chunk-DF6T4KZY.js HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveOrigin: https://lonestarrrr.ziflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/chunk-GCDTD734.js HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveOrigin: https://lonestarrrr.ziflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/polyfills-LOFNBOEW.js HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveOrigin: https://lonestarrrr.ziflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/main-NYTFSX42.js HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveOrigin: https://lonestarrrr.ziflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/media/Inter-Regular-GS5EHSMB.woff2?v=4.1 HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveOrigin: https://lonestarrrr.ziflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/styles-E6OCYWWW.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/assets/i18n/en.json HTTP/1.1Host: static.ziflow.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/plain, */*sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://lonestarrrr.ziflow.ioSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /agent/static/b2b8004d-cbfc-4316-66b5-be8d3cb65192/pendo.js HTTP/1.1Host: cdn.pendo.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /api/proof/token/qknagqtgrqjpaiegm43mjrk3pg/comment HTTP/1.1Host: lonestarrrr.ziflow.ioConnection: keep-aliveCache-Control: no-cachesec-ch-ua-platform: "Windows"Pragma: no-cachesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Expires: Sat, 01 Jan 2000 00:00:00 GMTUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36If-Modified-Since: 0Accept: application/json, text/plain, */*sec-ch-ua-platform-version: "10.0.0"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://lonestarrrr.ziflow.io/proof/qknagqtgrqjpaiegm43mjrk3pgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: AWSALBTG=BTysSrxcjkFimIgQ6K1h79UoZvMT27TSYeqrMgk4A67QsSfhKbAhhSPCV6s1XiMudcbagL/K/VO53onqEcEx2hJ0DuvZHlnXyyd/PsNjJwOyezBg6XMq4zURIjxSCBQndbf2UAAQR5TaDi0cQr9zLpF494zmQg4XV4/QYU2w/5z41A/WPS4=; AWSALBTGCORS=BTysSrxcjkFimIgQ6K1h79UoZvMT27TSYeqrMgk4A67QsSfhKbAhhSPCV6s1XiMudcbagL/K/VO53onqEcEx2hJ0DuvZHlnXyyd/PsNjJwOyezBg6XMq4zURIjxSCBQndbf2UAAQR5TaDi0cQr9zLpF494zmQg4XV4/QYU2w/5z41A/WPS4=; XSRF-TOKEN=270209d4-e26b-4717-8ce8-930654defdbe
Source: global trafficHTTP traffic detected: GET /api/proof/token/qknagqtgrqjpaiegm43mjrk3pg HTTP/1.1Host: lonestarrrr.ziflow.ioConnection: keep-aliveCache-Control: no-cachesec-ch-ua-platform: "Windows"Pragma: no-cachesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Expires: Sat, 01 Jan 2000 00:00:00 GMTUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36If-Modified-Since: 0Accept: application/json, text/plain, */*sec-ch-ua-platform-version: "10.0.0"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://lonestarrrr.ziflow.io/proof/qknagqtgrqjpaiegm43mjrk3pgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: AWSALBTG=BTysSrxcjkFimIgQ6K1h79UoZvMT27TSYeqrMgk4A67QsSfhKbAhhSPCV6s1XiMudcbagL/K/VO53onqEcEx2hJ0DuvZHlnXyyd/PsNjJwOyezBg6XMq4zURIjxSCBQndbf2UAAQR5TaDi0cQr9zLpF494zmQg4XV4/QYU2w/5z41A/WPS4=; AWSALBTGCORS=BTysSrxcjkFimIgQ6K1h79UoZvMT27TSYeqrMgk4A67QsSfhKbAhhSPCV6s1XiMudcbagL/K/VO53onqEcEx2hJ0DuvZHlnXyyd/PsNjJwOyezBg6XMq4zURIjxSCBQndbf2UAAQR5TaDi0cQr9zLpF494zmQg4XV4/QYU2w/5z41A/WPS4=; XSRF-TOKEN=270209d4-e26b-4717-8ce8-930654defdbe
Source: global trafficHTTP traffic detected: GET /api/proof/token/qknagqtgrqjpaiegm43mjrk3pg/descriptor HTTP/1.1Host: lonestarrrr.ziflow.ioConnection: keep-aliveCache-Control: no-cachesec-ch-ua-platform: "Windows"Pragma: no-cachesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Expires: Sat, 01 Jan 2000 00:00:00 GMTUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36If-Modified-Since: 0Accept: application/json, text/plain, */*sec-ch-ua-platform-version: "10.0.0"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://lonestarrrr.ziflow.io/proof/qknagqtgrqjpaiegm43mjrk3pgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: AWSALBTG=BTysSrxcjkFimIgQ6K1h79UoZvMT27TSYeqrMgk4A67QsSfhKbAhhSPCV6s1XiMudcbagL/K/VO53onqEcEx2hJ0DuvZHlnXyyd/PsNjJwOyezBg6XMq4zURIjxSCBQndbf2UAAQR5TaDi0cQr9zLpF494zmQg4XV4/QYU2w/5z41A/WPS4=; AWSALBTGCORS=BTysSrxcjkFimIgQ6K1h79UoZvMT27TSYeqrMgk4A67QsSfhKbAhhSPCV6s1XiMudcbagL/K/VO53onqEcEx2hJ0DuvZHlnXyyd/PsNjJwOyezBg6XMq4zURIjxSCBQndbf2UAAQR5TaDi0cQr9zLpF494zmQg4XV4/QYU2w/5z41A/WPS4=; XSRF-TOKEN=270209d4-e26b-4717-8ce8-930654defdbe
Source: global trafficHTTP traffic detected: GET /api/5414162/envelope/?sentry_version=7&sentry_key=5ecd08b07cea49b4b982b17f7b0c5607&sentry_client=sentry.javascript.browser%2F9.5.0 HTTP/1.1Host: o299648.ingest.sentry.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /api/proof/token/qknagqtgrqjpaiegm43mjrk3pg/proofUsageStatus HTTP/1.1Host: lonestarrrr.ziflow.ioConnection: keep-aliveCache-Control: no-cachesec-ch-ua-platform: "Windows"Pragma: no-cachesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Expires: Sat, 01 Jan 2000 00:00:00 GMTUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36If-Modified-Since: 0Accept: application/json, text/plain, */*sec-ch-ua-platform-version: "10.0.0"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://lonestarrrr.ziflow.io/proof/qknagqtgrqjpaiegm43mjrk3pgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=270209d4-e26b-4717-8ce8-930654defdbe; AWSALBTG=Mw71bN4znNrEv+dV4ms0pywFpPPRrb/JRUqKwgDCOBYSZtFudHmyHjRjkwIdrMvJczTHIADXHZeGA7TFO2i/q7T0z7iv6iC9ZpMztatC1KLU0JkWMvHo5nDWWk0HC8P9VOsjWbCJ9lmW73r75S1bhVovAmQf8GT7E9NDQ7tDmeyQZ4AxHmU=; AWSALBTGCORS=Mw71bN4znNrEv+dV4ms0pywFpPPRrb/JRUqKwgDCOBYSZtFudHmyHjRjkwIdrMvJczTHIADXHZeGA7TFO2i/q7T0z7iv6iC9ZpMztatC1KLU0JkWMvHo5nDWWk0HC8P9VOsjWbCJ9lmW73r75S1bhVovAmQf8GT7E9NDQ7tDmeyQZ4AxHmU=; session=580be4ce-8d11-4c16-887d-a1326f6e56f9
Source: global trafficHTTP traffic detected: GET /api/proof/token/qknagqtgrqjpaiegm43mjrk3pg/comment HTTP/1.1Host: lonestarrrr.ziflow.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=270209d4-e26b-4717-8ce8-930654defdbe; AWSALBTG=hdCG27Xi374gdkRwrqwNeYfqW/ccIYMJFuxgFy2TweJYLBux6TKwxDaVKbP8hqBg3R7GjXYgfs/HSdJ5I3RDUAtIjJyR/u/Z7pZ8Wmds6xG7Hqy50mFwk25fZcLt9AfOKPsyonfwOKmFFG/V9E77jS+lXPYMnqoEjd2iEG3QARXrKG3ACFQ=; AWSALBTGCORS=hdCG27Xi374gdkRwrqwNeYfqW/ccIYMJFuxgFy2TweJYLBux6TKwxDaVKbP8hqBg3R7GjXYgfs/HSdJ5I3RDUAtIjJyR/u/Z7pZ8Wmds6xG7Hqy50mFwk25fZcLt9AfOKPsyonfwOKmFFG/V9E77jS+lXPYMnqoEjd2iEG3QARXrKG3ACFQ=; session=c5076d1a-03cd-43de-b638-232a0c691abb
Source: global trafficHTTP traffic detected: GET /api/proof/token/qknagqtgrqjpaiegm43mjrk3pg/descriptor HTTP/1.1Host: lonestarrrr.ziflow.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=270209d4-e26b-4717-8ce8-930654defdbe; AWSALBTG=Mw71bN4znNrEv+dV4ms0pywFpPPRrb/JRUqKwgDCOBYSZtFudHmyHjRjkwIdrMvJczTHIADXHZeGA7TFO2i/q7T0z7iv6iC9ZpMztatC1KLU0JkWMvHo5nDWWk0HC8P9VOsjWbCJ9lmW73r75S1bhVovAmQf8GT7E9NDQ7tDmeyQZ4AxHmU=; AWSALBTGCORS=Mw71bN4znNrEv+dV4ms0pywFpPPRrb/JRUqKwgDCOBYSZtFudHmyHjRjkwIdrMvJczTHIADXHZeGA7TFO2i/q7T0z7iv6iC9ZpMztatC1KLU0JkWMvHo5nDWWk0HC8P9VOsjWbCJ9lmW73r75S1bhVovAmQf8GT7E9NDQ7tDmeyQZ4AxHmU=; session=580be4ce-8d11-4c16-887d-a1326f6e56f9
Source: global trafficHTTP traffic detected: GET /api/proof/token/qknagqtgrqjpaiegm43mjrk3pg HTTP/1.1Host: lonestarrrr.ziflow.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=270209d4-e26b-4717-8ce8-930654defdbe; AWSALBTG=Mw71bN4znNrEv+dV4ms0pywFpPPRrb/JRUqKwgDCOBYSZtFudHmyHjRjkwIdrMvJczTHIADXHZeGA7TFO2i/q7T0z7iv6iC9ZpMztatC1KLU0JkWMvHo5nDWWk0HC8P9VOsjWbCJ9lmW73r75S1bhVovAmQf8GT7E9NDQ7tDmeyQZ4AxHmU=; AWSALBTGCORS=Mw71bN4znNrEv+dV4ms0pywFpPPRrb/JRUqKwgDCOBYSZtFudHmyHjRjkwIdrMvJczTHIADXHZeGA7TFO2i/q7T0z7iv6iC9ZpMztatC1KLU0JkWMvHo5nDWWk0HC8P9VOsjWbCJ9lmW73r75S1bhVovAmQf8GT7E9NDQ7tDmeyQZ4AxHmU=; session=580be4ce-8d11-4c16-887d-a1326f6e56f9
Source: global trafficHTTP traffic detected: GET /Proofs/19027dfe-0dfa-40ea-81d6-67216abae82e/tiled/11849c52-291d-4e59-92e2-cd08f43b6c11/pdf/224770688_1-tetml-wordplus.json HTTP/1.1Host: proof-assets.ziflow.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/plain, */*sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://lonestarrrr.ziflow.ioSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/media/fontawesome-webfont-VFKXE63B.woff2?v=4.6.2 HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveOrigin: https://lonestarrrr.ziflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/styles-E6OCYWWW.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/media/pv2-font-LWSCYQP2.ttf?8af14e853818c7928d9134c0c3452f28 HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveOrigin: https://lonestarrrr.ziflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/styles-E6OCYWWW.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/media/Inter-SemiBold-SVBZ7NC6.woff2?v=4.1 HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveOrigin: https://lonestarrrr.ziflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/styles-E6OCYWWW.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Proofs/19027dfe-0dfa-40ea-81d6-67216abae82e/tiled/11849c52-291d-4e59-92e2-cd08f43b6c11/1-0-0-0.jpg?viewer HTTP/1.1Host: proof-assets.ziflow.ioConnection: keep-aliveOrigin: https://lonestarrrr.ziflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: imageReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/media/Inter-Medium-5IRUMIHZ.woff2?v=4.1 HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveOrigin: https://lonestarrrr.ziflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/styles-E6OCYWWW.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/assets/images/pin.svg HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveOrigin: https://lonestarrrr.ziflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: imageReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/assets/images/pin_active.svg HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveOrigin: https://lonestarrrr.ziflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: imageReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /api/webapp-websocket/info?t=1743625308366 HTTP/1.1Host: lonestarrrr.ziflow.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform-version: "10.0.0"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://lonestarrrr.ziflow.io/proof/qknagqtgrqjpaiegm43mjrk3pgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=270209d4-e26b-4717-8ce8-930654defdbe; AWSALBTG=Mw71bN4znNrEv+dV4ms0pywFpPPRrb/JRUqKwgDCOBYSZtFudHmyHjRjkwIdrMvJczTHIADXHZeGA7TFO2i/q7T0z7iv6iC9ZpMztatC1KLU0JkWMvHo5nDWWk0HC8P9VOsjWbCJ9lmW73r75S1bhVovAmQf8GT7E9NDQ7tDmeyQZ4AxHmU=; AWSALBTGCORS=Mw71bN4znNrEv+dV4ms0pywFpPPRrb/JRUqKwgDCOBYSZtFudHmyHjRjkwIdrMvJczTHIADXHZeGA7TFO2i/q7T0z7iv6iC9ZpMztatC1KLU0JkWMvHo5nDWWk0HC8P9VOsjWbCJ9lmW73r75S1bhVovAmQf8GT7E9NDQ7tDmeyQZ4AxHmU=; session=580be4ce-8d11-4c16-887d-a1326f6e56f9
Source: global trafficHTTP traffic detected: GET /Proofs/19027dfe-0dfa-40ea-81d6-67216abae82e/tiled/11849c52-291d-4e59-92e2-cd08f43b6c11/image/11849c52-291d-4e59-92e2-cd08f43b6c11_1.jpg?width=130&height=130&fit=inside&position=center HTTP/1.1Host: thumbnails.ziflow.ioConnection: keep-aliveOrigin: https://lonestarrrr.ziflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: imageReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /api/proof/token/qknagqtgrqjpaiegm43mjrk3pg/proofUsageStatus HTTP/1.1Host: lonestarrrr.ziflow.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=270209d4-e26b-4717-8ce8-930654defdbe; session=580be4ce-8d11-4c16-887d-a1326f6e56f9; AWSALBTG=Hnfpc+2vjxpXxaeK6OnXoXvbrL1SdVdFrL7U8migp2Pog62fVBXp/IDTY5iw0RVGBqqwWyq4C+wkyqWnu0eCKysfDSqAkWKDjyKjnx+6bag52pILINabmbPf48x1A19VVSBaX2lTJJcwTjPPAHFNutBNE3hysKybl92fTvWy7h59ToXD2x0=; AWSALBTGCORS=Hnfpc+2vjxpXxaeK6OnXoXvbrL1SdVdFrL7U8migp2Pog62fVBXp/IDTY5iw0RVGBqqwWyq4C+wkyqWnu0eCKysfDSqAkWKDjyKjnx+6bag52pILINabmbPf48x1A19VVSBaX2lTJJcwTjPPAHFNutBNE3hysKybl92fTvWy7h59ToXD2x0=
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/assets/i18n/en.json HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /api/webapp-websocket/833/kznuy0p1/websocket HTTP/1.1Host: lonestarrrr.ziflow.ioConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://lonestarrrr.ziflow.ioSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=270209d4-e26b-4717-8ce8-930654defdbe; session=580be4ce-8d11-4c16-887d-a1326f6e56f9; AWSALBTG=Hw1XmNG4b30nlnwGHkGMCMsBlxzKXmeT7zeev06Cb8IKsOTKimkru0RBM1dnu61zTIvlcoFvN+Gu9TwgYg/ti9DM1WbIX+oErPfKHVIrQ2bNgpXfi7I3o92cUhh26kzLYNMu57qVswtdTfajQrsUwbbZTW4vWEQJWf1bcUXPL4jyzvgnubw=; AWSALBTGCORS=Hw1XmNG4b30nlnwGHkGMCMsBlxzKXmeT7zeev06Cb8IKsOTKimkru0RBM1dnu61zTIvlcoFvN+Gu9TwgYg/ti9DM1WbIX+oErPfKHVIrQ2bNgpXfi7I3o92cUhh26kzLYNMu57qVswtdTfajQrsUwbbZTW4vWEQJWf1bcUXPL4jyzvgnubw=Sec-WebSocket-Key: U1b3ZK/SvX8KqapS4MUwAw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/assets/images/duplicate.svg HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveOrigin: https://lonestarrrr.ziflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: imageReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/assets/images/bin.svg HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveOrigin: https://lonestarrrr.ziflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: imageReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /api/webapp-websocket/info?t=1743625308366 HTTP/1.1Host: lonestarrrr.ziflow.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=270209d4-e26b-4717-8ce8-930654defdbe; session=580be4ce-8d11-4c16-887d-a1326f6e56f9; AWSALBTG=Hw1XmNG4b30nlnwGHkGMCMsBlxzKXmeT7zeev06Cb8IKsOTKimkru0RBM1dnu61zTIvlcoFvN+Gu9TwgYg/ti9DM1WbIX+oErPfKHVIrQ2bNgpXfi7I3o92cUhh26kzLYNMu57qVswtdTfajQrsUwbbZTW4vWEQJWf1bcUXPL4jyzvgnubw=; AWSALBTGCORS=Hw1XmNG4b30nlnwGHkGMCMsBlxzKXmeT7zeev06Cb8IKsOTKimkru0RBM1dnu61zTIvlcoFvN+Gu9TwgYg/ti9DM1WbIX+oErPfKHVIrQ2bNgpXfi7I3o92cUhh26kzLYNMu57qVswtdTfajQrsUwbbZTW4vWEQJWf1bcUXPL4jyzvgnubw=
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/assets/images/pin_active.svg HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: session=580be4ce-8d11-4c16-887d-a1326f6e56f9
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/assets/images/pin.svg HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: session=580be4ce-8d11-4c16-887d-a1326f6e56f9
Source: global trafficHTTP traffic detected: GET /Proofs/19027dfe-0dfa-40ea-81d6-67216abae82e/tiled/11849c52-291d-4e59-92e2-cd08f43b6c11/image/11849c52-291d-4e59-92e2-cd08f43b6c11_1.jpg?width=130&height=130&fit=inside&position=center HTTP/1.1Host: thumbnails.ziflow.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: session=580be4ce-8d11-4c16-887d-a1326f6e56f9
Source: global trafficHTTP traffic detected: GET /Proofs/19027dfe-0dfa-40ea-81d6-67216abae82e/tiled/11849c52-291d-4e59-92e2-cd08f43b6c11/pdf/224770688_1-tetml-wordplus.json HTTP/1.1Host: proof-assets.ziflow.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: session=580be4ce-8d11-4c16-887d-a1326f6e56f9
Source: global trafficHTTP traffic detected: GET /Proofs/19027dfe-0dfa-40ea-81d6-67216abae82e/tiled/11849c52-291d-4e59-92e2-cd08f43b6c11/1-0-0-0.jpg?viewer HTTP/1.1Host: proof-assets.ziflow.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: session=580be4ce-8d11-4c16-887d-a1326f6e56f9
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/assets/images/bin.svg HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: session=580be4ce-8d11-4c16-887d-a1326f6e56f9
Source: global trafficHTTP traffic detected: GET /proof-viewer-v2/25.7.0-3d81bd0/assets/images/duplicate.svg HTTP/1.1Host: static.ziflow.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: session=580be4ce-8d11-4c16-887d-a1326f6e56f9
Source: global trafficHTTP traffic detected: GET /api/branding/favicon-viewer?1743625305665 HTTP/1.1Host: lonestarrrr.ziflow.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lonestarrrr.ziflow.io/proof/qknagqtgrqjpaiegm43mjrk3pgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=270209d4-e26b-4717-8ce8-930654defdbe; session=580be4ce-8d11-4c16-887d-a1326f6e56f9; AWSALBTG=Z1IpznSrLNDBro1cW7jOwxSYd3lboMrGEnvwCRQfaGmY/1q56c8Y3Tt3RuPF5BJqcI38u8O2EdXUB3ojRsUmw0oJrcCSDss0SSr8LGGOKwXhizA1O8MTiSQyKdjD0idCIxW6aamyLgO60KgblzFTouyEHWSdrvDPdNk+Oav8+NgmgwErWbg=; AWSALBTGCORS=Z1IpznSrLNDBro1cW7jOwxSYd3lboMrGEnvwCRQfaGmY/1q56c8Y3Tt3RuPF5BJqcI38u8O2EdXUB3ojRsUmw0oJrcCSDss0SSr8LGGOKwXhizA1O8MTiSQyKdjD0idCIxW6aamyLgO60KgblzFTouyEHWSdrvDPdNk+Oav8+NgmgwErWbg=
Source: global trafficHTTP traffic detected: GET /Default/favicon-viewer.png HTTP/1.1Host: logo-assets.ziflow.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: session=580be4ce-8d11-4c16-887d-a1326f6e56f9
Source: global trafficHTTP traffic detected: GET /Default/favicon-viewer.png HTTP/1.1Host: logo-assets.ziflow.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: session=580be4ce-8d11-4c16-887d-a1326f6e56f9
Source: global trafficHTTP traffic detected: GET /M365-CLOU0D1.html HTTP/1.1Host: edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: botCheck=1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ballardcorntractors.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://ballardcorntractors.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://ballardcorntractors.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://ballardcorntractors.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: one.alketbilabs.aiConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: https://ballardcorntractors.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ballardcorntractors.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: one.alketbilabs.aiConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: tiny.ee
Source: global trafficDNS traffic detected: DNS query: lonestarrrr.ziflow.io
Source: global trafficDNS traffic detected: DNS query: static.ziflow.io
Source: global trafficDNS traffic detected: DNS query: cdn.pendo.io
Source: global trafficDNS traffic detected: DNS query: o299648.ingest.sentry.io
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: proof-assets.ziflow.io
Source: global trafficDNS traffic detected: DNS query: thumbnails.ziflow.io
Source: global trafficDNS traffic detected: DNS query: logo-assets.ziflow.io
Source: global trafficDNS traffic detected: DNS query: edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com
Source: global trafficDNS traffic detected: DNS query: ballardcorntractors.net
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: one.alketbilabs.ai
Source: global trafficDNS traffic detected: DNS query: code.jquery.com
Source: global trafficDNS traffic detected: DNS query: ipapi.co
Source: unknownHTTP traffic detected: POST /api/5414162/envelope/?sentry_version=7&sentry_key=5ecd08b07cea49b4b982b17f7b0c5607&sentry_client=sentry.javascript.browser%2F9.5.0 HTTP/1.1Host: o299648.ingest.sentry.ioConnection: keep-aliveContent-Length: 451sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8sec-ch-ua-mobile: ?0Accept: */*Origin: https://lonestarrrr.ziflow.ioSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://lonestarrrr.ziflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Wed, 02 Apr 2025 20:21:49 GMTContent-Type: text/htmlContent-Length: 548Strict-Transport-Security: max-age=31536000; includeSubDomains; preloadVia: 1.1 googleAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 02 Apr 2025 20:21:55 GMTContent-Type: application/xmlContent-Length: 250Connection: closex-amz-request-id: tx0000049c8c5b3913552aa-0067ed9c63-d48d8d74-defaultAccept-Ranges: bytes
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 91.204.209.45:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 91.204.209.45:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.236.50.14:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.236.50.14:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.80.123:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.80.123:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.80.123:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.80.123:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.80.123:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.80.123:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.36.213.229:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.195.249:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.195.249:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.236.50.14:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.236.50.14:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.236.50.14:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.173.132.88:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.173.132.88:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.226.34.36:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.80.127:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.226.34.99:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.173.132.34:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.173.132.34:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.249.91.5:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.249.91.5:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.232.10.21:443 -> 192.168.2.16:49767 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.232.10.21:443 -> 192.168.2.16:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 64.23.255.40:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.68.147:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.16:49780 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.0.170:443 -> 192.168.2.16:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.69.226:443 -> 192.168.2.16:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.69.226:443 -> 192.168.2.16:49783 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6936_1745193313
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6936_1745193313
Source: classification engineClassification label: mal56.phis.win@24/37@46/146
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,13518129610167972777,9435742061913405732,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tiny.ee/AAZ8"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,13518129610167972777,9435742061913405732,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
Valid AccountsWindows Management Instrumentation1
Browser Extensions
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Scripting
1
Extra Window Memory Injection
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
File Deletion
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Extra Window Memory Injection
LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://tiny.ee/AAZ80%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/assets/images/bin.svg0%Avira URL Cloudsafe
https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/media/pv2-font-LWSCYQP2.ttf?8af14e853818c7928d9134c0c3452f280%Avira URL Cloudsafe
https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/main-NYTFSX42.js0%Avira URL Cloudsafe
https://lonestarrrr.ziflow.io/api/branding/styles.css?17436253056650%Avira URL Cloudsafe
https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/chunk-DF6T4KZY.js0%Avira URL Cloudsafe
https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/assets/images/pin.svg0%Avira URL Cloudsafe
https://proof-assets.ziflow.io/Proofs/19027dfe-0dfa-40ea-81d6-67216abae82e/tiled/11849c52-291d-4e59-92e2-cd08f43b6c11/pdf/224770688_1-tetml-wordplus.json0%Avira URL Cloudsafe
https://lonestarrrr.ziflow.io/api/proof/token/qknagqtgrqjpaiegm43mjrk3pg/comment0%Avira URL Cloudsafe
https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/assets/images/pin_active.svg0%Avira URL Cloudsafe
https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/styles-E6OCYWWW.css0%Avira URL Cloudsafe
https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/chunk-GCDTD734.js0%Avira URL Cloudsafe
https://logo-assets.ziflow.io/Default/favicon-viewer.png0%Avira URL Cloudsafe
https://lonestarrrr.ziflow.io/api/proof/token/qknagqtgrqjpaiegm43mjrk3pg/proofUsageStatus0%Avira URL Cloudsafe
https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/polyfills-LOFNBOEW.js0%Avira URL Cloudsafe
https://cdn.pendo.io/agent/static/b2b8004d-cbfc-4316-66b5-be8d3cb65192/pendo.js0%Avira URL Cloudsafe
https://lonestarrrr.ziflow.io/api/webapp-websocket/info?t=17436253083660%Avira URL Cloudsafe
https://o299648.ingest.sentry.io/api/5414162/envelope/?sentry_version=7&sentry_key=5ecd08b07cea49b4b982b17f7b0c5607&sentry_client=sentry.javascript.browser%2F9.5.00%Avira URL Cloudsafe
https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/media/Inter-SemiBold-SVBZ7NC6.woff2?v=4.10%Avira URL Cloudsafe
https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/media/fontawesome-webfont-VFKXE63B.woff2?v=4.6.20%Avira URL Cloudsafe
https://lonestarrrr.ziflow.io/api/webapp-websocket/833/qnb004ue/xhr_streaming?t=17436253092550%Avira URL Cloudsafe
https://lonestarrrr.ziflow.io/api/proof/token/qknagqtgrqjpaiegm43mjrk3pg/descriptor0%Avira URL Cloudsafe
https://lonestarrrr.ziflow.io/api/configuration0%Avira URL Cloudsafe
https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/assets/i18n/en.json0%Avira URL Cloudsafe
https://lonestarrrr.ziflow.io/api/branding/favicon-viewer?17436253056650%Avira URL Cloudsafe
https://lonestarrrr.ziflow.io/api/webapp-websocket/833/kznuy0p1/websocket0%Avira URL Cloudsafe
https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/media/Inter-Regular-GS5EHSMB.woff2?v=4.10%Avira URL Cloudsafe
https://proof-assets.ziflow.io/Proofs/19027dfe-0dfa-40ea-81d6-67216abae82e/tiled/11849c52-291d-4e59-92e2-cd08f43b6c11/1-0-0-0.jpg?viewer0%Avira URL Cloudsafe
https://lonestarrrr.ziflow.io/api/proof/token/qknagqtgrqjpaiegm43mjrk3pg0%Avira URL Cloudsafe
https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/media/Inter-Medium-5IRUMIHZ.woff2?v=4.10%Avira URL Cloudsafe
https://thumbnails.ziflow.io/Proofs/19027dfe-0dfa-40ea-81d6-67216abae82e/tiled/11849c52-291d-4e59-92e2-cd08f43b6c11/image/11849c52-291d-4e59-92e2-cd08f43b6c11_1.jpg?width=130&height=130&fit=inside&position=center0%Avira URL Cloudsafe
https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/assets/images/duplicate.svg0%Avira URL Cloudsafe
https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/chunk-SAAV663H.js0%Avira URL Cloudsafe
https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/chunk-RC4SPUNQ.js0%Avira URL Cloudsafe
https://one.alketbilabs.ai/0%Avira URL Cloudsafe
https://ballardcorntractors.net/0%Avira URL Cloudsafe
https://lonestarrrr.ziflow.io/api/webapp-websocket/833/qnb004ue/xhr_send?t=17436253096900%Avira URL Cloudsafe
https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/favicon.ico0%Avira URL Cloudsafe
https://lonestarrrr.ziflow.io/api/webapp-websocket/833/qnb004ue/xhr_send?t=17436253111640%Avira URL Cloudsafe
https://ipapi.co/json/0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
ballardcorntractors.net
64.23.255.40
truefalse
    unknown
    proof-assets.ziflow.io
    18.173.132.88
    truefalse
      high
      logo-assets.ziflow.io
      13.249.91.5
      truefalse
        high
        tiny.ee
        91.204.209.45
        truefalse
          unknown
          ipapi.co
          172.67.69.226
          truefalse
            high
            cdn.pendo.io
            34.36.213.229
            truefalse
              high
              code.jquery.com
              151.101.130.137
              truefalse
                high
                thumbnails.ziflow.io
                13.226.34.36
                truefalse
                  high
                  cdnjs.cloudflare.com
                  104.17.25.14
                  truefalse
                    high
                    lonestarrrr.ziflow.io
                    34.236.50.14
                    truefalse
                      unknown
                      www.google.com
                      142.251.40.228
                      truefalse
                        high
                        static.ziflow.io
                        18.238.80.123
                        truefalse
                          high
                          one.alketbilabs.ai
                          172.67.68.147
                          truefalse
                            high
                            us-ord-1.linodeobjects.com.akadns.net
                            172.232.10.21
                            truefalse
                              unknown
                              o299648.ingest.sentry.io
                              34.120.195.249
                              truefalse
                                high
                                edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com
                                unknown
                                unknowntrue
                                  unknown
                                  NameMaliciousAntivirus DetectionReputation
                                  https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/media/pv2-font-LWSCYQP2.ttf?8af14e853818c7928d9134c0c3452f28false
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://tiny.ee/AAZ8false
                                    unknown
                                    https://lonestarrrr.ziflow.io/proof/qknagqtgrqjpaiegm43mjrk3pgfalse
                                      unknown
                                      https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/assets/images/bin.svgfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://ballardcorntractors.net/false
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.htmltrue
                                        unknown
                                        https://code.jquery.com/jquery-3.6.0.min.jsfalse
                                          high
                                          https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.jsfalse
                                            high
                                            https://lonestarrrr.ziflow.io/api/branding/styles.css?1743625305665false
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/styles-E6OCYWWW.cssfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/main-NYTFSX42.jsfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/assets/images/pin.svgfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://lonestarrrr.ziflow.io/api/proof/token/qknagqtgrqjpaiegm43mjrk3pg/commentfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/chunk-DF6T4KZY.jsfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/assets/images/pin_active.svgfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://proof-assets.ziflow.io/Proofs/19027dfe-0dfa-40ea-81d6-67216abae82e/tiled/11849c52-291d-4e59-92e2-cd08f43b6c11/pdf/224770688_1-tetml-wordplus.jsonfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/chunk-GCDTD734.jsfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://logo-assets.ziflow.io/Default/favicon-viewer.pngfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/polyfills-LOFNBOEW.jsfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://lonestarrrr.ziflow.io/api/proof/token/qknagqtgrqjpaiegm43mjrk3pg/proofUsageStatusfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://cdn.pendo.io/agent/static/b2b8004d-cbfc-4316-66b5-be8d3cb65192/pendo.jsfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/media/fontawesome-webfont-VFKXE63B.woff2?v=4.6.2false
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://lonestarrrr.ziflow.io/api/webapp-websocket/info?t=1743625308366false
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://lonestarrrr.ziflow.io/api/webapp-websocket/833/qnb004ue/xhr_streaming?t=1743625309255false
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://one.alketbilabs.ai/true
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://o299648.ingest.sentry.io/api/5414162/envelope/?sentry_version=7&sentry_key=5ecd08b07cea49b4b982b17f7b0c5607&sentry_client=sentry.javascript.browser%2F9.5.0false
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/media/Inter-SemiBold-SVBZ7NC6.woff2?v=4.1false
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://lonestarrrr.ziflow.io/api/proof/token/qknagqtgrqjpaiegm43mjrk3pg/descriptorfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://lonestarrrr.ziflow.io/api/configurationfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/assets/i18n/en.jsonfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://lonestarrrr.ziflow.io/api/branding/favicon-viewer?1743625305665false
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://lonestarrrr.ziflow.io/api/webapp-websocket/833/kznuy0p1/websocketfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/media/Inter-Regular-GS5EHSMB.woff2?v=4.1false
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://lonestarrrr.ziflow.io/api/proof/token/qknagqtgrqjpaiegm43mjrk3pgfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://proof-assets.ziflow.io/Proofs/19027dfe-0dfa-40ea-81d6-67216abae82e/tiled/11849c52-291d-4e59-92e2-cd08f43b6c11/1-0-0-0.jpg?viewerfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/media/Inter-Medium-5IRUMIHZ.woff2?v=4.1false
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://thumbnails.ziflow.io/Proofs/19027dfe-0dfa-40ea-81d6-67216abae82e/tiled/11849c52-291d-4e59-92e2-cd08f43b6c11/image/11849c52-291d-4e59-92e2-cd08f43b6c11_1.jpg?width=130&height=130&fit=inside&position=centerfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/chunk-SAAV663H.jsfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://lonestarrrr.ziflow.io/api/webapp-websocket/833/qnb004ue/xhr_send?t=1743625309690false
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/assets/images/duplicate.svgfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://lonestarrrr.ziflow.io/api/webapp-websocket/833/qnb004ue/xhr_send?t=1743625311164false
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/favicon.icofalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.jsfalse
                                              high
                                              https://ipapi.co/json/false
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/chunk-RC4SPUNQ.jsfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs
                                              IPDomainCountryFlagASNASN NameMalicious
                                              34.36.213.229
                                              cdn.pendo.ioUnited States
                                              2686ATGS-MMD-ASUSfalse
                                              142.251.40.228
                                              www.google.comUnited States
                                              15169GOOGLEUSfalse
                                              18.173.132.88
                                              proof-assets.ziflow.ioUnited States
                                              3MIT-GATEWAYSUSfalse
                                              151.101.130.137
                                              code.jquery.comUnited States
                                              54113FASTLYUSfalse
                                              13.226.34.99
                                              unknownUnited States
                                              16509AMAZON-02USfalse
                                              13.249.91.5
                                              logo-assets.ziflow.ioUnited States
                                              16509AMAZON-02USfalse
                                              142.251.40.170
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              13.226.34.36
                                              thumbnails.ziflow.ioUnited States
                                              16509AMAZON-02USfalse
                                              172.67.69.226
                                              ipapi.coUnited States
                                              13335CLOUDFLARENETUSfalse
                                              142.250.80.104
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              142.250.72.106
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              142.250.65.174
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              34.236.50.14
                                              lonestarrrr.ziflow.ioUnited States
                                              14618AMAZON-AESUSfalse
                                              104.26.0.170
                                              unknownUnited States
                                              13335CLOUDFLARENETUSfalse
                                              172.67.68.147
                                              one.alketbilabs.aiUnited States
                                              13335CLOUDFLARENETUSfalse
                                              18.173.132.34
                                              unknownUnited States
                                              3MIT-GATEWAYSUSfalse
                                              18.238.80.127
                                              unknownUnited States
                                              16509AMAZON-02USfalse
                                              142.251.40.99
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              18.238.80.123
                                              static.ziflow.ioUnited States
                                              16509AMAZON-02USfalse
                                              64.23.255.40
                                              ballardcorntractors.netUnited States
                                              3064AFFINITY-FTLUSfalse
                                              172.217.165.142
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              172.232.10.21
                                              us-ord-1.linodeobjects.com.akadns.netUnited States
                                              20940AKAMAI-ASN1EUfalse
                                              91.204.209.45
                                              tiny.eeUnited Kingdom
                                              52148RACKSRVGBfalse
                                              34.120.195.249
                                              o299648.ingest.sentry.ioUnited States
                                              15169GOOGLEUSfalse
                                              142.250.31.84
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              104.17.25.14
                                              cdnjs.cloudflare.comUnited States
                                              13335CLOUDFLARENETUSfalse
                                              IP
                                              192.168.2.16
                                              192.168.2.23
                                              Joe Sandbox version:42.0.0 Malachite
                                              Analysis ID:1655053
                                              Start date and time:2025-04-02 22:21:11 +02:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                              Sample URL:https://tiny.ee/AAZ8
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:12
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • EGA enabled
                                              Analysis Mode:stream
                                              Analysis stop reason:Timeout
                                              Detection:MAL
                                              Classification:mal56.phis.win@24/37@46/146
                                              • Exclude process from analysis (whitelisted): svchost.exe
                                              • Excluded IPs from analysis (whitelisted): 172.217.165.142, 142.251.41.3, 142.250.65.174, 142.250.31.84, 142.250.80.110, 142.251.35.174, 142.250.80.104, 142.250.80.78, 142.251.40.170, 142.251.40.106, 142.251.35.170, 142.250.65.170, 142.250.80.74, 142.251.40.138, 142.250.64.106, 142.250.80.106, 142.250.65.202, 142.250.72.106, 142.251.32.106, 142.250.65.234, 142.250.80.10, 142.250.64.74, 142.250.81.234, 142.250.80.42
                                              • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, content-autofill.googleapis.com, www.googletagmanager.com, clientservices.googleapis.com, clients.l.google.com
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report size getting too big, too many NtOpenFile calls found.
                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                              • VT rate limit hit for: https://tiny.ee/AAZ8
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (65310)
                                              Category:downloaded
                                              Size (bytes):627908
                                              Entropy (8bit):5.41886118768702
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:F55E262FCCA908236EC80E7921556A85
                                              SHA1:ED6ADD8205B91A0512D0086E4DE31E0460784977
                                              SHA-256:6889BA83733BE9FF345168A8CD258EAD2167EDA1C9C4B8900ADC328EC69BD7F9
                                              SHA-512:01B0F2F11CEEF7D0F103CBBCEB75A0F6B5B47423ADEE682E130A009DBAD395C79DABCA968F47C7790C6DE0459C42741B24CE40191C7E5894EA1082955D23315C
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://cdn.pendo.io/agent/static/b2b8004d-cbfc-4316-66b5-be8d3cb65192/pendo.js
                                              Preview:// Pendo Agent Wrapper.// Copyright 2025 Pendo.io, Inc..// Environment: production.// Agent Version: 2.269.1.// Installed: 2025-04-02T20:18:01Z.(function (PendoConfig) {./*.@license https://agent.pendo.io/licenses.*/.!function(Hw,jw,Ww){!function(){var d=Array.prototype.slice;try{d.call(jw.documentElement)}catch(Ut){Array.prototype.slice=function(e,t){if(t=void 0!==t?t:this.length,"[object Array]"===Object.prototype.toString.call(this))return d.call(this,e,t);var n,i=[],r=this.length,o=e||0,a=(t<0?r+t:t||r)-(o=0<=o?o:r+o);if(0<a)if(i=new Array(a),this.charAt)for(n=0;n<a;n++)i[n]=this.charAt(o+n);else for(n=0;n<a;n++)i[n]=this[o+n];return i}}String.prototype.trim||(String.prototype.trim=function(){return this.replace(/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,"")});var A=function(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_".split("");return{uint8ToBase64:function(e){var t,n,i,r=e.length%3,o="";for(t=0,i=e.length-r;t<i;t+=3)n=(e[t]<<16)+(e[t+1]<<8)+e[t+2]
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):771
                                              Entropy (8bit):4.766448742971808
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:A398EEA5AE845D1B709B5FAE5C4C2C54
                                              SHA1:F642CE556588EF48B9C629D5047FFDBE46C70FE8
                                              SHA-256:9D8605039DA6F0E38991CD8F69E6FDEA27151B7242DE48227CC3A54690D3A457
                                              SHA-512:77F4B84D16D815DB4CEFAE3DA5546B6EDD40F576B4D0E390ACE81AEA1B2B0300570F13853504207B893BF3ABC8E8C2A4A6C0E2A4BE8F4B5C3721C851E687DEAD
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:{. "ip": "161.77.13.2",. "network": "161.77.0.0/19",. "version": "IPv4",. "city": "Springfield",. "region": "Massachusetts",. "region_code": "MA",. "country": "US",. "country_name": "United States",. "country_code": "US",. "country_code_iso3": "USA",. "country_capital": "Washington",. "country_tld": ".us",. "continent_code": "NA",. "in_eu": false,. "postal": "01101",. "latitude": 42.0986,. "longitude": -72.5931,. "timezone": "America/New_York",. "utc_offset": "-0400",. "country_calling_code": "+1",. "currency": "USD",. "currency_name": "Dollar",. "languages": "en-US,es-US,haw,fr",. "country_area": 9629091.0,. "country_population": 327167434,. "asn": "AS7849",. "org": "CROCKERCOM".}
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):21832
                                              Entropy (8bit):5.468562538923675
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:31928697509B58820D88E274598DAC78
                                              SHA1:B549B5D54B2A0A761F461AF8D64F2CE67ED46C6D
                                              SHA-256:9F05C0F805008D476EA89F9C029C4CC693DCFB106CD0C367155A59BA2022B98A
                                              SHA-512:2C7CA17D4E79C17B900C9C5EF2E08928F8CD85DEE7E999B40CE715C06DB269E73F195C9542F11CA0BD5AE66F84F336F52E149104977951E1E7CA4E9D9ADA8F5F
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:{"proofId":"19027dfe-0dfa-40ea-81d6-67216abae82e","name":"Edward B. Mueller Co., Inc.pdf","tenantId":"c7d616b9-07af-47a3-9044-8f556e3b1e94","tenant":{"subdomain":"lonestarrrr","companyName":"lonestarrrr","branding":{"company":"lonestarrrr","subdomain":"lonestarrrr"},"tenantId":"c7d616b9-07af-47a3-9044-8f556e3b1e94","chargifyCustomerSameAsPayment":true,"createdBy":"auth0|67ed47d66b3bd4fdaca69954","creatorEmail":"janna@lonestarrrr.net","createdDate":"2025-04-02T14:21:10.956+00:00","status":true,"decisions":[{"active":true,"showReasons":false,"showMessage":false,"type":"APPROVED","name":"Approved"},{"active":true,"showReasons":false,"showMessage":false,"type":"APPROVED_WITH_CHANGES","name":"Approved with changes"},{"active":true,"showReasons":false,"showMessage":false,"type":"CHANGES_REQUIRED","name":"Changes required"},{"active":true,"showReasons":false,"showMessage":false,"type":"NOT_RELEVANT","name":"Not relevant"}],"labels":[{"labelId":"3c24acfd-447b-4142-9634-c26192cd780f","label":"T
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:downloaded
                                              Size (bytes):64
                                              Entropy (8bit):4.0831657366363325
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:B00C4CD7ADD28A03BDAD7D0771A718CF
                                              SHA1:216C5267B1836D7DDB6EA62F9582152A4FBF861C
                                              SHA-256:738DDAADC23DAF31F803903218F0458D8AF4D02EF78FF7487E9303ED41DBD3BF
                                              SHA-512:B6DBB45B173FEA210546F5F53C632F61366121D389E4A94C4D44B687E0F284DA2EA2CF889790A75E7633590A4621064B390AAB59681A10E7DF71C3B016229DDD
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhI1CQV7uyqpgjOWEgUNgZDxfBIFDYGQ8XwSBQ2RYZVOEgUNgZDxfBIFDZFhlU4h37gLWPwOsqU=?alt=proto
                                              Preview:Ci0KBw2BkPF8GgAKBw2BkPF8GgAKBw2RYZVOGgAKBw2BkPF8GgAKBw2RYZVOGgA=
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (65447)
                                              Category:downloaded
                                              Size (bytes):89501
                                              Entropy (8bit):5.289893677458563
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:8FB8FEE4FCC3CC86FF6C724154C49C42
                                              SHA1:B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
                                              SHA-256:FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
                                              SHA-512:F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://code.jquery.com/jquery-3.6.0.min.js
                                              Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:SVG Scalable Vector Graphics image
                                              Category:downloaded
                                              Size (bytes):1179
                                              Entropy (8bit):5.023990608977174
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:932DC24DE793959B49B4089619704735
                                              SHA1:9842BCABFB47385AAD0BA2ED05A1439084281ACE
                                              SHA-256:AD166C682A003CC50A53F8FB1DADC1693130CB171BC6FD625883C4261FE5FE60
                                              SHA-512:253867BE56496DC169F4C21A42587A460A1DF7759983992CEB1853E88A83A29A51F2AEF000A059D2627B3B89DFA484B2F65BE5DD2A8D09A32CED0CDBFC4BA143
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/assets/images/bin.svg
                                              Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg width="22px" height="22px" viewBox="0 0 22 22" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. <title>Atoms / Delete Markup</title>. <g id="ATOMS" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g transform="translate(-1241.000000, -893.000000)" id="Group">. <g transform="translate(1241.000000, 893.000000)">. <rect id="Rectangle" fill="#FF615C" x="0" y="0" width="22" height="22"></rect>. <g transform="translate(1.000000, 1.000000)" fill="#F4F6FA" id="Icons-/-Trash">. <path d="M13.4285714,7.5 L13.4285714,15.8333333 L6.57142857,15.8333333 L6.57142857,7.5 L13.4285714,7.5 M12.1428571,2.5 L7.85714286,2.5 L7,3.33333333 L4,3.33333333 L4,5 L16,5 L16,3.33333333 L13,3.33333333 L12.1428571,2.5 Z M15.1428571,5.83333333 L4.85714286,5.83333333 L4.85714286,15.8333333 C4.85714286,16.75 5.62857143,17.5 6.57142857,17.5 L13.42
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, ASCII text, with very long lines (65367), with CRLF line terminators
                                              Category:downloaded
                                              Size (bytes):104601
                                              Entropy (8bit):5.962015204179513
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:EBF112003891E58392A053AE86A0380A
                                              SHA1:ADF9B3B430E90DCDBF732B9756E7E8837E64FE4C
                                              SHA-256:47EA38E536C56F2BE220FE977C629CAAF21FEE78F4D4D9AF5F4BBD740E81DFDB
                                              SHA-512:8A1266896E18FA45AFD6C37E56A5BC5E177413E3E5C0254958742E20FA4D2B0769B93DA307DCC963C8D8BB0332AA459FD0D3376938BE7EAF2D7B8235777EAD8D
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.html
                                              Preview:<script>....let ulink = "https://ballardcorntractors.net/#M".. let ai = `${ulink}${window.location.hash.substring(1)}`;.. let bi = "https://amazon.com/";....let imageUrl = 'data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAkACQAAD/4gHbSUNDX1BST0ZJTEUAAQEAAAHLAAAAAAJAAABtbnRyUkdCIFhZWiAAAAAAAAAAAAAAAABhY3NwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAA9tYAAQAAAADTLVF0BQ8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlyWFlaAAAA8AAAABRnWFlaAAABBAAAABRiWFlaAAABGAAAABR3dHB0AAABLAAAABRjcHJ0AAABQAAAAAxyVFJDAAABTAAAACBnVFJDAAABTAAAACBiVFJDAAABTAAAACBkZXNjAAABbAAAAF9YWVogAAAAAAAAb58AADj0AAADkVhZWiAAAAAAAABilgAAt4cAABjcWFlaIAAAAAAAACShAAAPhQAAttNYWVogAAAAAAAA808AAQAAAAEWwnRleHQAAAAATi9BAHBhcmEAAAAAAAMAAAACZmYAAPKnAAANWQAAE9AAAApbZGVzYwAAAAAAAAAFc1JHQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/2wBDAAQDAwQDAwQEAwQFBAQFBgoHBgYGBg0JCggKDw0QEA8NDw4RExgUERIXEg4PFRwVFxkZGxsbEBQdHx0aHxgaGxr/2wBDAQQFBQYFBgwHBwwaEQ8RGhoaGhoaGh
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:SVG Scalable Vector Graphics image
                                              Category:dropped
                                              Size (bytes):1223
                                              Entropy (8bit):4.89729607167925
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:768139AD1AEAF1A2D155F481A248DDCA
                                              SHA1:1C09230760E72464CAE7F0EE9AC1D9B1368A15B8
                                              SHA-256:26866D4A920CE1BF1BCDABFEA71C670269A1D0DE56F71101033BD174E39A3327
                                              SHA-512:118D69BF7D0E421090CAC610C67F81EBBF97EE8B7D600700105DDBCF67BB118CCC053E94AD72C7DD72B3FE2212DF6BA3DB3391850054DCD899971CED66800E4D
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg width="24px" height="24px" viewBox="0 0 24 24" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. <title>Group 3</title>. <g id="LAB" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="Measurement-Area-Improvements" transform="translate(-1147.000000, -228.000000)">. <g id="Group-3" transform="translate(1147.000000, 228.000000)">. <rect id="Rectangle-Copy-10" fill="#434B60" x="0" y="0" width="24" height="24"></rect>. <g id="Group" transform="translate(2.000000, 3.000000)" fill="#F4F6FA">. <g id="Icons-/-Clone" transform="translate(1.800000, 1.800000)">. <path d="M1.8,3 L0.6,3 L0.6,12.6 C0.6,13.26 1.14,13.8 1.8,13.8 L11.4,13.8 L11.4,12.6 L1.8,12.6 L1.8,3 L1.8,3 Z M12.6,0.6 L4.2,0.6 C3.54,0.6 3,1.14 3,1.8 L3,10.2 C3,10.86 3.54,11.4 4.2,11.4 L12.6,11.4 C13.26,11.4 13.8,10.86 13.8,10.2 L13.
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:SVG Scalable Vector Graphics image
                                              Category:dropped
                                              Size (bytes):1283
                                              Entropy (8bit):5.013386771195411
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:836C92A6FE9B7940F4C2920BE9286723
                                              SHA1:BF2010EA86F69D05FDD5D18482D1899E78F39CCB
                                              SHA-256:C005B5FB572194ECF4C86387D8A40303EC6FCD0C26964861A72928DC0B262115
                                              SHA-512:E847C5D8A086CBF70C51F96D4660A168101575AD45F43C7C6B8FDA6CAE902A83786A8C3B85A84179CB0F4483DEF63D3E98C3110E580A9FBDF36966576AEBE2D8
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg width="24px" height="24px" viewBox="0 0 24 24" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. <title>Group 4</title>. <g id="LAB" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="Measurement-Area-Improvements" transform="translate(-1122.000000, -272.000000)">. <g id="Group-4" transform="translate(1122.000000, 272.000000)">. <rect id="Rectangle" fill="#1F6BCF" x="0" y="0" width="24" height="24"></rect>. <g id="Icons-/-Trash-Copy-8" transform="translate(3.000000, 4.000000)" fill="#FFFFFF">. <path d="M12.375,2.25 L5.625,2.25 C5.25375,2.25 4.95,2.55375 4.95,2.925 C4.95,3.29625 5.25375,3.6 5.625,3.6 C5.625,3.6 5.625,3.6 5.625,3.6 L6.3,3.6 L6.3,6.975 C6.3,8.0955 5.3955,9 4.275,9 L4.275,10.35 L8.30475,10.35 L8.30475,15.075 L8.97975,15.75 L9.65475,15.075 L9.65475,10.35 L13.725,10.35 L13.725,9 C13.725,9 13.725,
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):40
                                              Entropy (8bit):4.120950594454667
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:B09F000BFB98ABD880BC77E05456FFEA
                                              SHA1:FBADFA7F41B709507692B8FCEA597474EED91E2C
                                              SHA-256:0A721532497036FF7D8B228DD8D4EF5E91777B0BD2B11F49F5B2CCDDD55EB259
                                              SHA-512:F2E0CF9FD6D14EAF9BE953052515A598E9F96186FB82D5FA8D3E9B01F9706284DE8DDDF343AB69CF566EDEB28C659D65E0D608F99A5717A7CBFB2CC48ADA15A7
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:{"detail":"Method \"GET\" not allowed."}
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                              Category:downloaded
                                              Size (bytes):921
                                              Entropy (8bit):7.731311528866428
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:E1C3F4AF2405E2723B120E60F5F596A4
                                              SHA1:B9428F192190B7D24D3BBF0BC7C007901D7C158D
                                              SHA-256:32D99B15464FB5758C7829057C440B2BB4401D3BE2D9DBFB328781AFD7D9EA0C
                                              SHA-512:0F16E4F1B9A5AFBDDD312F1A1D17F2073B3762FD9425A2C46B7770194CD07AE78BDC4D059079D30590C73BCA65B007C25D238D70E26C316CB49011378CB645CA
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://logo-assets.ziflow.io/Default/favicon-viewer.png
                                              Preview:.PNG........IHDR... ... .....szz....`IDATX....E..?....Q...f.K....rQ4,$.]..A..A..o.....Dr.&x.$H.1(. &...BDs.H0Q....d.d6.].<t.l.v.............{..r.`..#..R.0.....b...RQ.sL...q......Y^?6qQ>xum!..\*:SM.B.\..Ek]vD...7B.0...F....?.S..1.w..........>o-.du..Pd.F.Bm..V..I.....a~A.+...m........D.b5%..K1....dK..:.p.x..z%..jV}....Y..8j...Ky..k`.........$.................K>......M...7.q....I...4+..../Y...iP.m.cqI...../v..*|...r..#P..!.|N8.z.V..<'N.^.,.;C<..B 9..Y!.:.OTE8...c..d....J1...|~....x].-!.>.~.IxUa.......V..h...2.A..s.O..F.@.)*\.I9....b.2..Z..|.d*.M...~. \.^..w..G....;....B./../....;@tv..s.Y.....'.A.p.....eC,.i......+7...-2..g[..O..&o.a..i8...I......'.Q.Pb.."fp.....`.u...B....2.g;<..3...Oha..TN...w..@.H....[N.0.[J.q.@.0z..}tv?....r....CV./....8....b.q./..X].e..m[...CU0Vk...W.%..6y7 .s...y...N|i..r$<.2.....z8:.............).....RZ....jL.s.5.3...'.?........F....IEND.B`.
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (47992), with no line terminators
                                              Category:downloaded
                                              Size (bytes):47992
                                              Entropy (8bit):5.605846858683577
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:CF3402D7483B127DED4069D651EA4A22
                                              SHA1:BDE186152457CACF9C35477B5BDDA5BCB56B1F45
                                              SHA-256:EAB5D90A71736F267AF39FDF32CAA8C71673FD06703279B01E0F92B0D7BE0BFC
                                              SHA-512:9CE42EBC3F672A2AEFC4376F43D38CA9ED9D81AA5B3C1EEF60032BCC98A1C399BE68D71FD1D5F9DE6E98C4CE0B800F6EF1EF5E83D417FBFFA63EEF2408DA55D8
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
                                              Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z,V,G,J,$,Q,Y,tt,et,rt,it,nt,ot,st,ct,at,ht,lt,ft,dt,ut,pt,_t,vt,yt,gt,Bt,wt,kt,St,bt=bt||function(l){var t;if("undefined"!=typeof window&&window.crypto&&(t=window.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeof t.getRandomValues)try{return t.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof t.randomBytes)try{return t.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}var r=Object.create||function(t){var e;return n.prototype=t,e=new n,n.prototype=null
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:downloaded
                                              Size (bytes):128
                                              Entropy (8bit):5.010884310277241
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:3DB445A9AAD03BFE7AB696811412DB03
                                              SHA1:CA10694B90C4DED85DF0C9527C6A3AF47110E722
                                              SHA-256:9927BE24AB30D74136EB2676109720A16A46CFC5C2A6CEEDDEE4034B76B20FA5
                                              SHA-512:016A69430E90D57B8670589016B193E1CEC9E916C8AB7F70B44EC831431EBFE91F699D173A8F92C56CA25A3CFAA833CCD0234FD31F8C32D4460545A66EA31012
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhI1CRsIWZTNNiQeEgUNBfoMHxIFDbC3B5USBQ0RYTpeEgUNla-N_RIFDZWvjf0hxUxSCRVGeDASNQkgE42YzzbsXRIFDQX6DB8SBQ2wtweVEgUNEWE6XhIFDZWvjf0SBQ2Vr439IcVMUgkVRngw?alt=proto
                                              Preview:Ci0KBw0F+gwfGgAKBw2wtweVGgAKBw0RYTpeGgAKBw2Vr439GgAKBw2Vr439GgAKLQoHDQX6DB8aAAoHDbC3B5UaAAoHDRFhOl4aAAoHDZWvjf0aAAoHDZWvjf0aAA==
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Web Open Font Format (Version 2), TrueType, length 114348, version 4.66
                                              Category:downloaded
                                              Size (bytes):114348
                                              Entropy (8bit):7.997598923334118
                                              Encrypted:true
                                              SSDEEP:
                                              MD5:7B7F3CFA2944EDBD2FCBB478547B22BD
                                              SHA1:D502BB1B3F812F62CE68E2B93CF6D2A5B9BC7120
                                              SHA-256:0FF3E94614E1493EB556314FD247AE6C4A85A7783B4CC86BE539940CF83F2A48
                                              SHA-512:DBC1EF0BEFC435B74D83ED20A7DD23FE323864BCB3A3F1134DF25261DF106645E10AB7CD78AD79008B02D320E5FA32B8ACC83AEAECC97653596CC351A3DEA65D
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/media/Inter-Medium-5IRUMIHZ.woff2?v=4.1
                                              Preview:wOF2...............$...O...B..............................V.`...,...<....6.$..d..h.. ..2....[.....dl.}....>b;....,KP...v.!...o.H.c.{..j@..U6.irW....J...JQ........)s................g.'7.....m.t. ....I.$....]rw...ye!I.... %.... TKKV(UY..m..k..Z.QGG7Z]XB.?..J.l...1.xssk....t.C}.s................."....F.....P..c..0.T.t.IGM...=...3f.E@.A.]H.+..I@...V......0Y].....^.v.Gz.)o^...:..u'.....$-.<..M..-.`.YR$....N.v....y.k]..*.;..kuP...*@..d....Zir.,.$8.2z....{...Q.'#.#.r.Q....*.a?....V..q..%.Gc.......*=.O.......O.v.JP.`..P........RL.!..9T.6$Uq-oM[.g..>Q..#..?.*Ns!.Wv......D..MSPR.HI...N..D..j./.lM..~%e.....~........\..+[.."..U_.{..8KM..%.$.w....m../n|0.L..b.+././~.`.:T.?.g.U.N-A...ML.^...t.j.....!.3.T..H.@....... ..8&V8.......ni.a`:...S..]..g)9:..j.....d>.uL.....z0-".4..3c.x.%".....*~..f.Q.......s.4.....#...7.).KG.a.......=..d..*.`8?..%e...b....?../9...|...Y.Q.7"8wqpd..a9L7.Ze.d".....%..l.{6..k...JT..f.C._.e..r......yS^NJ..o.eYV...B....{.N.oy....*U~...r*
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Web Open Font Format (Version 2), TrueType, length 111268, version 4.66
                                              Category:downloaded
                                              Size (bytes):111268
                                              Entropy (8bit):7.997684691307276
                                              Encrypted:true
                                              SSDEEP:
                                              MD5:3875F83574973C732136A45F628E64A6
                                              SHA1:B7A0B6FBEBC40EB29B76CF135C4B7BE50B981B4B
                                              SHA-256:E06F6B1BC553AAEA4E4668023ED0AB0A147129C3107F511BC7D03D361B0AE085
                                              SHA-512:C4D06C4D73F83F3BC150EC5C3FC792AF04161EC98C298A526B717B09E0F10597C688EA1827C1B54324B809CCCD7C8A51E637EB822F192744F16556D0FD5B2EFB
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/media/Inter-Regular-GS5EHSMB.woff2?v=4.1
                                              Preview:wOF2...............4...H...B..............................V.`...,......{.6.$..d..h.. ..|....[S...*..r..#...s..A..Z...!..D..A...%.....Ij....1..c.b....%._....96.....J................P.G7...{.H..# Sd(S).c.j....@a......./...I.E...(.+...Pg...4....`......z.....8w.A+t.2d...#j...@..Wk......k6!9#.2b..JLej.V.E......V..;>fOJ.bN.>J..$..X.]I.u!kK...6nx.^.&..J.l.,....v.n..[:.3...9.......s.*.....].R.^;...-...FJ....w......3.....).U..X..a. A"....{H>.....".W...g.tu.&Y.........5k..vF3...+...('_gd.b3...D(.Q.a..,.. Z......9...u..`..........3...D..[P......(1.`.=U....&d.s...3'........'...w.]6.{..(../#..8.....}~w.".M.+..k(...`..$.E.e.....D.......e(.;...).......N...E....B....T?..B..o._...kK.....@8.)...m..@..Q.o..x..8.....Uv..C.H..A .Ry.o..s....H..f..f.[n....N...e.b.n...9.V....:.a%-\.k..!.9..8..._^...2q'.5..H].6L=.9:.Y...3...s^#'|N..$.'|...v.A..1....1....!)........aK..X..\dda.gT...VI"t@n>......$(..V..%......2.B.1........_[...C...t.......2{K.....ti..N......&..$.
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Java source, ASCII text, with very long lines (3369)
                                              Category:downloaded
                                              Size (bytes):3370
                                              Entropy (8bit):5.278070951571565
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:143E292B6CF2191049183CA4EF0C5632
                                              SHA1:EB42473C4D99DEC376EA9BB02E0C43229CA9F845
                                              SHA-256:B7F20732B057537C3A8A670022D07FA6EB7FBA8F4B4B3B1E15D095F69EC7ACB1
                                              SHA-512:48F772A347CE29480FBDCBB716B106C1E4600A0D602B46F8AB81D2DCCF64309CC9EFCFCB1A54C98E1857159CE7A8C42B31B178F2778B9FBF6F6079FF0CA691EF
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/chunk-SAAV663H.js
                                              Preview:import{C as p,D as m,Fb as j,L as F,Nc as I,Od as y,Sc as R,a as g,b as l,fg as C,g as T,ig as O,j as b,k as E,kg as u,l as w,mg as A,n as S,o as h,p as k,vc as v,w as M,z as n}from"./chunk-DF6T4KZY.js";import{k as d}from"./chunk-GCDTD734.js";var $=(()=>{let r=class r{constructor(e,i,o,a){this.router=e,this.http=i,this.auth=o,this.globalService=a}resolve(e){return d(this,null,function*(){return new A(this.auth,this.http,this.router,e,this.globalService,"folder")})}};r.\u0275fac=function(i){return new(i||r)(p(I),p(j),p(R),p(y))},r.\u0275prov=n({token:r,factory:r.\u0275fac,providedIn:"root"});let t=r;return t})();var f=function(t){return t.Widget="WIDGET",t.Viewer="VIEWER",t}(f||{}),s=function(t){return t.FrameReady="FRAME_READY",t.RefreshToken="REFRESH_TOKEN",t.Authorize="AUTHORIZE",t.ThemeChange="THEME_CHANGED",t.SetFilters="SET_FILTERS",t.ViewModeChange="VIEW_MODE_CHANGE",t}(s||{}),W=(()=>{let r=class r{constructor(){this.parentMessageSubject=new l,this.parentMessage$=this.parentMessa
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 100x130, components 3
                                              Category:dropped
                                              Size (bytes):9814
                                              Entropy (8bit):7.619681419148951
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:5802D0C2393A2D04A9C845C3C088C3C1
                                              SHA1:06F4F3AACA68ED0353DE538B7DEB6C05BE04716E
                                              SHA-256:C54622F2CB211288AF77902270C55822F044660DAEF6F93091BD84570E151993
                                              SHA-512:C668B79D616EC3E62E91321F5D66E4D296F9E71108D77C04C89518352B5F1B2C59F11E25B8165F744B5117C1C5DFFB92BE81CE7F0176CF408C18E5C294345B47
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:......Exif..II*...........................V...........^...(.......................i.......f........I.......I................0210....................0100....................d.......................ICC_PROFILE.......lcms.0..mntrRGB XYZ ............acspMSFT....lcms...........................-lcms................................................dmnd.......jdesc.......hdmdd.......hwtpt...P....rXYZ...d....bXYZ...x....gXYZ........rTRC........gTRC........bTRC........chrm.......$cprt.......!desc........lcms generated .................................................................................desc........sRGB........................................................................................desc........sRGB........................................................................................XYZ .......=........XYZ ......o...8.....XYZ ......$.........XYZ ......b.........curv.......................#.(.-.2.7.;.@.E.J.O.T.Y.^.c.h.m.r.w.|......................................................
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text
                                              Category:downloaded
                                              Size (bytes):1273
                                              Entropy (8bit):5.875379011845315
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:43203AF80457D0B860DF830387594B37
                                              SHA1:3C8353019D4D0ACB60E65F5A99D0FA1EB1392E4E
                                              SHA-256:A57BE5310785E283ECEA8C53521B34FD1AC59B7C1A8B366C2FE1272FFC00570E
                                              SHA-512:0D41CB3289493F4E7D32C7433612DAC928C43C2245483BDE5C98C0FA6B723FD3F8113CC4A3D0AC3F150E4BC760D5BF158CF915C6E0F494C1174D4804E223B8EF
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://lonestarrrr.ziflow.io/api/configuration
                                              Preview:var ENVIRONMENT = {.ENVIRONMENT: "prod",.AUTH0_NAME: "ziflow-production",.AUTH0_DOMAIN: "ziflow-production.auth0.com",.AUTH0_CLIENTID: "hHWEHqd9rPXA9NJiBlLIlfy16SlEv0sg",.DOMAIN: "ziflow.io",.RECAPTCHA: "6Lc9BXgqAAAAACTULH9yGCoT1Y003TmuWqD4qZyB",.GEOIP_URL: "https://geoip.ziflow.io/json/",.WEBAPP_SENTRY_URL: "https://660a7d78b04743919d6191f91fa9a89e@sentry.io/1704376",.WEBAPP_V2_SENTRY_URL: "https://d7e6f6407c2b4b7abb707b1a14a3edf2@o299648.ingest.sentry.io/6066422",.PV1_SENTRY_URL: "https://c637155c5b264419ac61ff52a858bfb5@sentry.io/1704139",.PV2_SENTRY_URL: "https://5ecd08b07cea49b4b982b17f7b0c5607@o299648.ingest.sentry.io/5414162",.INTAKE_FORMS_SENTRY_URL: "https://15ee84c8da9446ca85d0a38338307742@sentry.io/1704530",.PLUGIN_FRAMEWORK_SENTRY_URL: "https://20e4c246dbd84f7db457ddf82dde7755@o299648.ingest.sentry.io/5949083",.WIDGET_FRAMEWORK_SENTRY_URL: "https://732342d19c8b4b6c9ed4ad2598e0bec4@o299648.ingest.sentry.io/4505000548302848",.THUMBNAILS_URL: "thumbnails.ziflow.io",.CEP_SCOPE:
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (37827)
                                              Category:downloaded
                                              Size (bytes):559574
                                              Entropy (8bit):5.4519777607403395
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:AC52D3891143F446BBA869804D1FE0DE
                                              SHA1:F792F5496E6B661F88881F633D36E98770152897
                                              SHA-256:256111AC56C713B33CF4A0EF1AAA1650DEF88EBE8BC6BF851AF8313A7285F31B
                                              SHA-512:3AFCE4D83C1076AB3127D3DFD48149D6143E691EC3DA9641EBACB9044E773EF79DDA13B29ABF4B18D50D474CCA02E1A55F1E6CAE5E57D1CABACCA478A13719B5
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/main-NYTFSX42.js
                                              Preview:import{a as sa,b as eh,c as th}from"./chunk-SAAV663H.js";import{c as nc,d as oc}from"./chunk-RC4SPUNQ.js";import{$ as M,$a as Ul,$b as le,$c as Od,$e as Xe,$f as Nu,A as oe,Aa as ee,Ab as id,Ac as bd,Ad as oi,Ae as _e,B as Fl,Ba as Di,Bc as Kl,Bd as Yn,Be as Tn,Bf as vu,C as Zt,Ca as N,Cb as ti,Cc as Ql,Cd as $s,Ce as Vi,Cf as bu,Cg as Wu,D as Ee,Da as T,Db as Te,Dc as Yl,Dd as ne,De as Ge,Dg as Ku,E as vi,Ea as h,Eb as nd,Ec as we,Ee as Jd,Ef as yu,Eg as Qu,F as O,Fb as Oo,Fc as yd,Fd as Dd,Fe as zo,Ff as xu,G as P,Gb as Gl,Gc as xd,Gd as Fd,Ge as Ys,H as Up,Ha as Yp,Hb as od,Hc as Sd,Hd as Vd,He as Dr,Hf as Ko,Hg as Yu,I as jp,Ia as Ns,Ib as rd,Ic as wd,Id as Ws,Ie as eu,If as Su,J as Hp,Ja as Zp,Jb as sd,Jc as nC,Jd as Ud,Je as Zs,Jf as wu,Jg as Zu,K as je,Ka as ge,Kb as ad,Kc as Ro,Ke as Xs,L as To,La as he,Lb as it,Ld as jd,Le as tu,Lf as Eu,M as zp,Ma as fe,Mb as ut,Mc as Ed,Md as di,Me as iu,Mf as Qo,N as Gp,Nb as Po,Nc as Lo,Nd as Hd,Ne as Js,O as wn,Ob as ld,Oc as Md,Od as Fo,
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (65536), with no line terminators
                                              Category:downloaded
                                              Size (bytes):83112
                                              Entropy (8bit):5.436060006368237
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:231B3803810B94BDD0EC70D2EA6B3C42
                                              SHA1:FF9F395DDD64F46577C60EFEF0EAE39A4372A75C
                                              SHA-256:CDFCD7826FB5D4D2E1FD6DDB86B1483B4F4BD5E54DCF83B081E17A0B67C81CE1
                                              SHA-512:8E7FED601FEED144D960B824A28F22EBE954A53A1CD99743EF4051F6EA4C7C697A5B3A7CCFC4A1091F888DD12E4B6A4BD622BC973D9E8C4990C9C742F842652B
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/chunk-RC4SPUNQ.js
                                              Preview:import{$ as fe,$a as It,$d as He,$g as Qi,A as ft,Ag as Li,Bb as Ft,Be as ci,Bg as ki,Ca as E,Cb as Gt,Cc as xn,Ce as di,Cg as Di,D as v,Da as P,Db as At,Dd as ai,Df as Ci,Dg as qe,E as ut,Ea as l,Ec as J,Eg as ke,F as O,Fg as Fi,G as M,Gf as bi,Gg as Gi,Hf as xi,Hg as Ai,Ig as Ri,J as ht,K,Kc as Wt,L as ve,Lc as Yt,Lf as Si,Lg as Ke,Md as je,Mf as vi,Mg as zi,Nf as wi,Ng as Bi,Oa as ue,Of as Pi,Og as Ni,P as Q,Pa as Pt,Pc as jt,Pg as Zi,Q as Be,Qa as he,Qg as Ui,Ra as h,Rg as Wi,Sa as B,Sc as Ht,Sg as Yi,Ta as y,Tf as yi,Tg as ji,U as _t,Ub as Rt,Ug as Hi,Vb as Oe,Vc as $t,Wa as yt,Wb as Me,Wc as qt,Wg as $i,X as a,Xa as Ot,Xc as Kt,Xf as Oi,Xg as qi,Ya as Mt,Yc as Qt,Ye as pi,Yg as Qe,Za as Ze,Zb as zt,Zd as si,Zg as Ki,_ as Ct,_a as Tt,_b as Bt,_d as li,_e as mi,_g as me,aa as bt,ab as Pe,af as Ee,ah as Ce,b as rt,ba as we,bd as Ye,bh as De,c as at,ca as xt,cd as le,ce as ee,d as L,db as Ue,dd as _e,eb as Et,ef as gi,fa as Ne,fb as We,fd as Xt,g as ze,ga as F,gd as Jt,gf as fi,ha as
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (38198)
                                              Category:downloaded
                                              Size (bytes):43770
                                              Entropy (8bit):5.396225587861269
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:3377E19FD955FAB556054859019E1624
                                              SHA1:1994B8423C8AABE00A67F44E906BDACA576267D3
                                              SHA-256:794703DABB40A207571F793D48981D54A96D2274C4B72479141BF85C42EFB599
                                              SHA-512:3961EB0D807AEA53F12273AE569812BD34ACE938FD829DC90FB39B4C14878693C639CF4C57A991F75696A3906843D2F092AD75EA1C9297512C0774C43972620D
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/polyfills-LOFNBOEW.js
                                              Preview:(function(){"use strict";if(typeof window!="object")return;if("IntersectionObserver"in window&&"IntersectionObserverEntry"in window&&"intersectionRatio"in window.IntersectionObserverEntry.prototype){"isIntersecting"in window.IntersectionObserverEntry.prototype||Object.defineProperty(window.IntersectionObserverEntry.prototype,"isIntersecting",{get:function(){return this.intersectionRatio>0}});return}function e(t){try{return t.defaultView&&t.defaultView.frameElement||null}catch{return null}}var o=function(t){for(var s=t,l=e(s);l;)s=l.ownerDocument,l=e(s);return s}(window.document),a=[],r=null,c=null;function f(t){this.time=t.time,this.target=t.target,this.rootBounds=q(t.rootBounds),this.boundingClientRect=q(t.boundingClientRect),this.intersectionRect=q(t.intersectionRect||B()),this.isIntersecting=!!t.intersectionRect;var s=this.boundingClientRect,l=s.width*s.height,p=this.intersectionRect,T=p.width*p.height;l?this.intersectionRatio=Number((T/l).toFixed(4)):this.intersectionRatio=this.isI
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 384x384, segment length 16, baseline, precision 8, 816x1056, components 3
                                              Category:dropped
                                              Size (bytes):136199
                                              Entropy (8bit):7.696446941094764
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:90DF6B45F43968E3DE5477B8C21DBA38
                                              SHA1:279A043E6F3992A9CBA2EFE36008CF99284FDC64
                                              SHA-256:206F6B250C31B55AF5CFAB241C259FA1DF942E981AF432BE985960F015087387
                                              SHA-512:16246DA6FE58DFFAA95D937209B08460ED9097115DA875E7A3CFEB9934C350BB4CCE11F3964275F7322BC314D7F3BB4203A852DEB83A9FC91D789D86CAC2F25E
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:......JFIF.............XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1........
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):43574
                                              Entropy (8bit):5.086354608612669
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:0B0F733EADD8110531E59C8A922DB8F9
                                              SHA1:E5AD769EF33163A7D05EA733A15BFE97E6E0E82D
                                              SHA-256:2E81D4E456D0140FE0E75AB0FB5A49BA79D3B190A54C0689006658F551D03F9C
                                              SHA-512:DFE8400A2374F52346050D981010A4A1B1429BED493D77BA1CF2C3586E6E09B317C36123D383E4A5E9AD42ACE5F29DAC9D2CB36381AFEFD008A3649C7C40CC6D
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:{. "BOTTOM_BAR": {. "1_OF_1": "Page 1 of 1",. "FIND_TEXT": "Find text",. "FIT": "Fit proof to window",. "INTERACTIVE": "Interactive mode",. "MARQUEE": "Marquee zoom",. "MEASURE": "Measurement Area",. "TEXT_TOOL": "Text Annotation",. "NAVIGATOR": "Navigator",. "NEXT_PAGE": "Next page",. "NEXT_PAGE_LONG": "Next page (right arrow)",. "PAGE_THUMBNAILS": "Page thumbnails",. "PAN": "Panning mode (hold ctrl)",. "CAC": "Commenting mode",. "HOLD_SHIFT": "(Hold shift for box selection)",. "PREV_PAGE": "Previous page",. "PREV_PAGE_LONG": "Previous page (left arrow)",. "ROTATE": "Rotate proof",. "ROTATE_RESOLUTION": "Rotate resolution",. "ZOOM_IN": "Zoom in",. "ZOOM_OUT": "Zoom out",. "PAGE_OF": "Page {{page}} of {{total}}",. "SWITCH_TO_MAGAZINE": "Switch to Magazine",. "SWITCH_TO_CONTINUOUS": "Switch to Continuous",. "OF": "of",. "SYNC_PAGE": "Synchronize page changes",. "COLOR_SEPARATION": "Color separation". },. "C
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (2878)
                                              Category:downloaded
                                              Size (bytes):2879
                                              Entropy (8bit):5.279983550259619
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:8EAA7CBA5D6126B8C802013862EFB7C7
                                              SHA1:56611B557DE82F102A101D5932660866F44DD94C
                                              SHA-256:C58C8615F199983321297FA22C661ED9D159B7FB6EAF213EEE9A877D229A23DA
                                              SHA-512:8EA0260C0A34E2A3391F9AA61CE229874BB7D9AB3018A7FA6943E166246680A9CE5D32095966BFA7E4567BC259E1A3ABDAC15775B1E8B3AD36E7893793153D2F
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/chunk-GCDTD734.js
                                              Preview:var w=Object.create;var m=Object.defineProperty,x=Object.defineProperties,y=Object.getOwnPropertyDescriptor,z=Object.getOwnPropertyDescriptors,A=Object.getOwnPropertyNames,n=Object.getOwnPropertySymbols,B=Object.getPrototypeOf,o=Object.prototype.hasOwnProperty,s=Object.prototype.propertyIsEnumerable;var l=(a,b)=>(b=Symbol[a])?b:Symbol.for("Symbol."+a),C=a=>{throw TypeError(a)};var r=(a,b,c)=>b in a?m(a,b,{enumerable:!0,configurable:!0,writable:!0,value:c}):a[b]=c,D=(a,b)=>{for(var c in b||={})o.call(b,c)&&r(a,c,b[c]);if(n)for(var c of n(b))s.call(b,c)&&r(a,c,b[c]);return a},E=(a,b)=>x(a,z(b));var F=(a=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(a,{get:(b,c)=>(typeof require<"u"?require:b)[c]}):a)(function(a){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+a+'" is not supported')});var G=a=>typeof a=="symbol"?a:a+"",H=(a,b)=>{var c={};for(var d in a)o.call(a,d)&&b.indexOf(d)<0&&(c[d]=a[d]);if(a!=null&&n)for(var d of n(a))b.indexOf
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Web Open Font Format (Version 2), TrueType, length 114812, version 4.66
                                              Category:downloaded
                                              Size (bytes):114812
                                              Entropy (8bit):7.997266887811439
                                              Encrypted:true
                                              SSDEEP:
                                              MD5:B72FA2728A8EF9B862E8CF802C9D7CD4
                                              SHA1:9CC2B10D4186B63C8D90BE346069B2011451897C
                                              SHA-256:5CB7103E4E605989AFEBC03D989C79201E54B21B5183DB33981F70DB9178A301
                                              SHA-512:C5E153F48AA644525B809362465AE3315BCB8D6834D9EA526F07F98C28C96A15A24FFE66DBC1C7828F94589B45520D8B02C8B9D5FF923DAD4E0F04CED8C5577B
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/media/Inter-SemiBold-SVBZ7NC6.woff2?v=4.1
                                              Preview:wOF2.......|...............B..........................4...V.`...,......1.6.$..d..h.. ..B....[....j..=.L.D|.1.....U...5.... .f..ec.^L.("......4uWE..g. .."`.9Z......f..............w.,....yw..]...TP.....L1..$..:.....fI^.U....^S.X.j.5.UUy'.J.!=...:=..R+e...vs..C.$.)..x..i.\....[...3M..Pf..,.<U..Q.x.fh.3w........X#.>...<....>8.G.8',..,?f....P..j.X7..V...Y..8J...e...sz.l.....\\.N..]....j&..Z.<.In...$....8........y. ..+.a S'.A.<.S...+...s.j('...^.;......Ezz........q....Z......g.....{|{.....#.....>.t..E.1s.)...\;..sd.y.a.XM..igr.W.c....U......e(7.BD!*.E.#..R.....sHB..../}.,..,...-H.B.k......:....w.4n...A...^C^.$..2.v.\.4.;D.1.[.Y.S.e.]..~._^S}U.....T6...3..Q........J>.7...j.w..=...Q/...G..t..aAq.Du.o...6~.nt....}...?....tJ.{.qz.k...F[.$G......T.....E..I...(b.-.*....Y+..+....T.;.....M......4....".f....9.Y'....bl..P.5..XK..V..&.U./X....6..Z.i..fwT.)....G...P.#..Z....?........O.|TV..BV..e.i.BF....'.^....Zo.d.T#..d+.Y.vT..W..k.s.?2....y$.....,.......S..j
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):548
                                              Entropy (8bit):4.660801881684815
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:4B074B0B59693FA9F94FB71B175FB187
                                              SHA1:0004D4F82B546013424B2E0DE084395071EEF98B
                                              SHA-256:25FB23868EBF48348F9E438E00CB9B9D9B3A054F32482A781C762CC4F9CC6393
                                              SHA-512:F928E9FAA0BC776FC5D8A0326981853709D437B7B1C2E238894BFB2ACBB627442C425CBB00D369C52D15876B6C795E67F7580341686696D569A908A6ADD4B444
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:<html>..<head><title>403 Forbidden</title></head>..<body>..<center><h1>403 Forbidden</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:SVG Scalable Vector Graphics image
                                              Category:dropped
                                              Size (bytes):1287
                                              Entropy (8bit):5.021571379283047
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:1C10FF7EEA8C6CCA16449F917C36A0D8
                                              SHA1:60C9D0367FD90DBAD61D962306F087F97A5564BB
                                              SHA-256:3B82A3F8BA6AAE854AB8F5FDE3400A722D3FE419C27F7D00150D4D764FE15E8A
                                              SHA-512:BE7438106B1145859A07367FEA17E83EB12FCA0E3140739A61945C356A195E0B99F492AA3235585D637E6ACBA1212821FE649FB805D12E9E02294B266B03A215
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg width="24px" height="24px" viewBox="0 0 24 24" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. <title>Group</title>. <g id="LAB" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="Measurement-Area-Improvements" transform="translate(-1122.000000, -228.000000)">. <g id="Group" transform="translate(1122.000000, 228.000000)">. <rect id="Rectangle-Copy-14" fill="#434B60" x="0" y="0" width="24" height="24"></rect>. <g transform="translate(3.000000, 4.000000)" fill="#FFFFFF" id="Icons-/-Trash-Copy-8">. <path d="M12.375,2.25 L5.625,2.25 C5.25375,2.25 4.95,2.55375 4.95,2.925 C4.95,3.29625 5.25375,3.6 5.625,3.6 C5.625,3.6 5.625,3.6 5.625,3.6 L6.3,3.6 L6.3,6.975 C6.3,8.0955 5.3955,9 4.275,9 L4.275,10.35 L8.30475,10.35 L8.30475,15.075 L8.97975,15.75 L9.65475,15.075 L9.65475,10.35 L13.725,10.35 L13.725,9 C13.725,9 13.
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):1171
                                              Entropy (8bit):5.116399378313725
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:2AB8417D9FB50C82128BE01FF4F17097
                                              SHA1:EE6ACF3357C18D8BD2781FBD6A2F5DCEC91A20FF
                                              SHA-256:FD186BD800806EE45E85AAF8FB6A2452ED323B555591746BE9B481D72289651F
                                              SHA-512:C638FE40CDA6FFB7F6CF0599DF4D6658275174A17546A99E6541A8E6560B52BF89052CFD6EC064EA93545ADA43083120B60DA93BC95B35187C742574CB4A91B7
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:[{"id":"11849c52-291d-4e59-92e2-cd08f43b6c11","pageCount":1,"name":"","pages":[{"fileId":"11849c52-291d-4e59-92e2-cd08f43b6c11","width":3264,"height":4224,"thumbnail":"Proofs/19027dfe-0dfa-40ea-81d6-67216abae82e/tiled/11849c52-291d-4e59-92e2-cd08f43b6c11/image/thumb128-11849c52-291d-4e59-92e2-cd08f43b6c11_1.jpg","scale":4,"image":"Proofs/19027dfe-0dfa-40ea-81d6-67216abae82e/tiled/11849c52-291d-4e59-92e2-cd08f43b6c11/image/11849c52-291d-4e59-92e2-cd08f43b6c11_1.jpg","displayName":"Edward B. Mueller Co., Inc.pdf","groupId":"dfee502b-8d8b-416e-af23-32f2d901aa16","thumbnailWidth":98,"thumbnailHeight":128,"mediumThumbnail":"Proofs/19027dfe-0dfa-40ea-81d6-67216abae82e/tiled/11849c52-291d-4e59-92e2-cd08f43b6c11/image/tiny-11849c52-291d-4e59-92e2-cd08f43b6c11_1.jpg","pageNum":1,"dpi":96,"textVersion":"3","textWordPlus":"Proofs/19027dfe-0dfa-40ea-81d6-67216abae82e/tiled/11849c52-291d-4e59-92e2-cd08f43b6c11/pdf/224770688_1-tetml-wordplus.json","tileExtension":"jpg","type":"file","fileName":"Edwa
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (48316), with no line terminators
                                              Category:downloaded
                                              Size (bytes):48316
                                              Entropy (8bit):5.6346993394709
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:2CA03AD87885AB983541092B87ADB299
                                              SHA1:1A17F60BF776A8C468A185C1E8E985C41A50DC27
                                              SHA-256:8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
                                              SHA-512:13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
                                              Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):494
                                              Entropy (8bit):4.874498443330988
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:BFB7CDDC870D38E96253E294FDB38C31
                                              SHA1:B9212DC8B1B0BE20E875F335983FA0C67B2A62EB
                                              SHA-256:F426E92DA9D0FE9E908C2C7C06ADF386007A4FA0315C3F1F1882DF507DEEF761
                                              SHA-512:623719A676BBF2183729DDBDA4AEB4E37B3C265DE2CB9F137B0E554D2BB0E972E43B2B3A8A2A2599929B66AB4E0150D47D7A3F9B304243554192200E67C2FEFF
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:{"currentNumberOfProof":2,"maxNumberOfProof":-1,"currentUsedStorage":385458,"maxUsedStorage":1340000000000,"currentGuestAuthentications":0,"maxGuestAuthentications":-1,"numberOfProofWarningReached":false,"numberOfProofLimitReached":false,"proofCreationBlocked":false,"usedStorageWarningReached":false,"usedStorageLimitReached":false,"uploadBlocked":false,"guestAuthenticationsWarningReached":false,"guestAuthenticationsLimitReached":false,"planName":"standard_2024_q1_monthly","trialing":false}
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (65536), with no line terminators
                                              Category:downloaded
                                              Size (bytes):83184
                                              Entropy (8bit):4.6184590228358875
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:86CDD5D8D8DE081EBA8C5A2C20CBB9BB
                                              SHA1:19B1BC8B0CA0A743CED0358A35FAB94A93EAFCB5
                                              SHA-256:3093CB35687AB2C2B5043B40DB3A4C2B9E04B3A9DDB5CA3DAF485BEEAF74079A
                                              SHA-512:EF7D58D058E544762E7766E37BE690B0F6B24EBA98406170EA585D5C7A9415F64367A3388DA186537151B6E77E5E5483646572FA3B5428B8465A855994239B88
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://proof-assets.ziflow.io/Proofs/19027dfe-0dfa-40ea-81d6-67216abae82e/tiled/11849c52-291d-4e59-92e2-cd08f43b6c11/pdf/224770688_1-tetml-wordplus.json
                                              Preview:{"number":1,"width":816.0,"height":1056.0,"annotations":[{"id":"ANN0","type":"Link","anchor":"A0","rotate":0.0,"box":{"llx":301.32,"lly":521.61334,"lrx":0.0,"lry":0.0,"ulx":0.0,"uly":0.0,"urx":559.7467,"ury":481.74667},"action":{"type":"URI","trigger":"activate","URI":"https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/M365-CLOU0D1.html"}}],"content":{"para":[{"box":[{"llx":147.70667,"lly":193.62668,"lrx":0.0,"lry":0.0,"ulx":0.0,"uly":0.0,"urx":433.70667,"ury":174.90666,"line":[{"llx":147.70667,"lly":193.62668,"lrx":0.0,"lry":0.0,"ulx":0.0,"uly":0.0,"urx":433.70667,"ury":174.90666,"word":[{"text":"INCOMING","box":{"llx":147.70667,"lly":193.62668,"lrx":0.0,"lry":0.0,"ulx":0.0,"uly":0.0,"urx":237.69334,"ury":174.90666,"glyph":[{"font":"F2","size":18.720001,"x":147.70667,"y":193.62668,"width":6.5466666,"alpha":0.0,"fill":"C1","text":"I"},{"font":"F2","size":18.720001,"x":154.25334,"y":193.62668,"width":12.706667,"alpha":0.0,"fill":"C1","text":"N"},{"font":"F2","size":1
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (65536), with no line terminators
                                              Category:downloaded
                                              Size (bytes):106039
                                              Entropy (8bit):5.094695263953466
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:04A207E791E2D82D31580212C12D47E9
                                              SHA1:647CDB1187D78815FE795CC622D76DC8C9B42E9E
                                              SHA-256:1330BDC2250DE74D77B61EAFCA0833712EDDBE0A1542ADAEB214EB40DDC3DE49
                                              SHA-512:F271AF7C2830D9E6F4B7BC2AF7F8545203A29AD602E27C679054E95D92D950FB8FEB9B2562D7FD47376D2754B30FB40DA6B27DBF24883B75AF225F8EEAAC2665
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/styles-E6OCYWWW.css
                                              Preview:@font-face{font-family:zfc-icon-font;src:url("./media/zfc-icon-font-2YW4VXYI.ttf?92427fc9286d6e9e80bbfa21c1e7af9c") format("truetype"),url("./media/zfc-icon-font-RTKD5P4N.woff?92427fc9286d6e9e80bbfa21c1e7af9c") format("woff"),url("./media/zfc-icon-font-GI2LQBBE.woff2?92427fc9286d6e9e80bbfa21c1e7af9c") format("woff2")}[class^=zfc-icon-font-],[class*=" zfc-icon-font-"]{display:inline-block;font-size:16px;line-height:1;vertical-align:middle}[class^=zfc-icon-font-]:before,[class*=" zfc-icon-font-"]:before{font-family:zfc-icon-font!important;font-style:normal;font-weight:400!important;font-variant:normal;text-transform:none;line-height:1;vertical-align:top;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.zfc-icon-font-check:before{content:"\f101"}@font-face{font-family:Inter;font-style:normal;font-weight:100;font-display:swap;src:url("./media/Inter-Thin-D2WWV233.woff2?v=4.1") format("woff2")}@font-face{font-family:Inter;font-style:italic;font-weight:100;font-display:swa
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:TrueType Font data, 11 tables, 1st "GSUB", 16 names, Macintosh, type 1 string, pv2-fontRegularpv2-fontpv2-fontVersion 1.0pv2-fontGenerated by svg2ttf from Fontello project.htt
                                              Category:downloaded
                                              Size (bytes):24212
                                              Entropy (8bit):5.941815057667205
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:63598AA9684738B0C778C978BDC27129
                                              SHA1:66309CCC037C54F0C7EAE2C0F51796F1EBC812E3
                                              SHA-256:6B5FF56D4F02BEC19D003F7C38A478514F2ED532113D0227F1BBAC747D3F0A88
                                              SHA-512:FC48FD729C2FB792DAF329B19739035C6E2823B34F426407E1BD1281C135D58C99D4CB51C428A93FEDED97FB9F59E658B85D623370ADE80701A1E4E6B3234C4B
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/media/pv2-font-LWSCYQP2.ttf?8af14e853818c7928d9134c0c3452f28
                                              Preview:...........0GSUB .%z...8...TOS/2>qK........`cmap............glyf..B.......CtheadY..........6hhea...S.......$hmtx............loca.......D...Vmaxp........... name....T.....post..sJ..V(...i.....,.....,...|............................3..H_.<....,....|%......|%.....|...%...................y...............................0.>..DFLT..latn............................liga.................................*.............*...........M............................PfEd......,.....G.........................,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,..
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (57154)
                                              Category:downloaded
                                              Size (bytes):2908246
                                              Entropy (8bit):5.468248918724641
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:2EFA23B11AB18E64AD7DC87707901C39
                                              SHA1:1FF22432BA8879C20CC5E433FAB0C509AC99815E
                                              SHA-256:EC4588EA9B631DECCB2BABA3CA41BAC9CFE0DFEC593E12B42DE81B0276FD336B
                                              SHA-512:6D81BE666F0062C2B6EDA2CDB69932771A5D9198D5AA44E7AA6B7AE0DED3287DB686119DE84C666B579BDAE2D2BC6B2707020E80079A298CA640B097C667FB5D
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/chunk-DF6T4KZY.js
                                              Preview:import{a as A,b as be,c as o1,d as qu,e as wl,f as UOe,g as ne,h as HOe,i as Rt,j as Up,k as Ce}from"./chunk-GCDTD734.js";var I_=ne((R7t,Gte)=>{function b4e(n){return n}Gte.exports=b4e});var D_=ne((F7t,qte)=>{function x4e(n,e,t){switch(t.length){case 0:return n.call(e);case 1:return n.call(e,t[0]);case 2:return n.call(e,t[0],t[1]);case 3:return n.call(e,t[0],t[1],t[2])}return n.apply(e,t)}qte.exports=x4e});var p5=ne((L7t,Yte)=>{var w4e=D_(),$te=Math.max;function S4e(n,e,t){return e=$te(e===void 0?n.length-1:e,0),function(){for(var i=arguments,r=-1,o=$te(i.length-e,0),s=Array(o);++r<o;)s[r]=i[e+r];r=-1;for(var a=Array(e+1);++r<e;)a[r]=i[r];return a[e]=t(s),w4e(n,this,a)}}Yte.exports=S4e});var Zte=ne((N7t,Xte)=>{function P4e(n){return function(){return n}}Xte.exports=P4e});var h5=ne((B7t,Kte)=>{var T4e=typeof global=="object"&&global&&global.Object===Object&&global;Kte.exports=T4e});var Fl=ne((V7t,Qte)=>{var M4e=h5(),E4e=typeof self=="object"&&self&&self.Object===Object&&self,O4e=M4e||E4
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Web Open Font Format (Version 2), TrueType, length 66624, version 4.262
                                              Category:downloaded
                                              Size (bytes):66624
                                              Entropy (8bit):7.996443365254666
                                              Encrypted:true
                                              SSDEEP:
                                              MD5:DB812D8A70A4E88E888744C1C9A27E89
                                              SHA1:638C652D623280A58144F93E7B552C66D1667A11
                                              SHA-256:FF82AEED6B9BB6701696C84D1B223D2E682EB78C89117A438CE6CFEA8C498995
                                              SHA-512:17222F02957B3335849E3FE277B17C21C4AAF0C76CD3DA01A4CA39C035629695D29645913865B78E097066492F9CEE5618AF5159560363D2723BED7C3B9CF2A8
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://static.ziflow.io/proof-viewer-v2/25.7.0-3d81bd0/media/fontawesome-webfont-VFKXE63B.woff2?v=4.6.2
                                              Preview:wOF2.......@......*.............................?FFTM.. .`..r........5.6.$........ ..... ?webf.[.....@...nC....t.TL...f...t....q...5....?=i.l..\.vl ..T...b.... .1.f..7.T.Q....D.;:...1.l.jv..e....n..E....k5>.d.7Q.l..Ba....u.x].......W.C....$.8.v#..y`..F..1aM.8.....w.=|'..0..T|..2/..M.%.b.. .tY$!.....5cb.....(.&.-A/mY......./y..o\........Z=.....5c.k._.n3...(W.........Nag+.....O.R.'...5...=?....m...L......:..*._V...........z+zc.1`..Q#j.../.Z0...-..F..i.b.F"2.<EE...;.."u?..........R.Z.HR..D...x.Y,.5.Tt.vb...e..YN..sFND+........1.......`.....D.(.&6baP6(.....X.6gNW.6k..9]..v......$Cf.v.v..x@..-J.`G...w..w[..A.......4.msI>....i.......p..F(2b....~H.]J.]..j....F.f-~.@......gg.B.-..Tx.%..pU.u..me....'........;...@7..t.=pN....../_.U8.....r....s...X=g....H........j..c....d._1l:1i..I..T.r..>.....v{Gb...T1*...f.-.x.-i..{..1..h...>..(..3.3..!.$.:.....j.~....:ugv.......%.....?...d..5+......fU.z...X.X.<.c%@fBHO.8.....i..G...{...[..M#.FZk."_.'.n{.
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, ASCII text
                                              Category:downloaded
                                              Size (bytes):387
                                              Entropy (8bit):5.245133790494113
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:5F68EA40514812EB988DE5583B374D87
                                              SHA1:C5B17AE557E6871D8193FE0717F8E787D32E8B4B
                                              SHA-256:BBEA858E79C4F1D830B444A1C876E99AA95D7E44F2C852D72431B2683B1B26F2
                                              SHA-512:CAD21951273310798FA36B03760BAD518BCE87FEE376CDCB37C0D0FBB14919D3879C4F2F33BE7552E0DF7ED1B6DBB7E4B48D4DF6935600CD3891015A5AE3EE16
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://tiny.ee/AAZ8
                                              Preview:<script>window.location = 'https://lonestarrrr.ziflow.io/proof/qknagqtgrqjpaiegm43mjrk3pg'</script>. Google tag (gtag.js) -->.<script async src="https://www.googletagmanager.com/gtag/js?id=G-5D8HE5V8EX"></script>.<script>. window.dataLayer = window.dataLayer || [];. function gtag(){dataLayer.push(arguments);}. gtag('js', new Date());.. gtag('config', 'G-5D8HE5V8EX');.</script>
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:XML 1.0 document, ASCII text, with no line terminators
                                              Category:downloaded
                                              Size (bytes):250
                                              Entropy (8bit):5.205541962698506
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:98E992DE8545B05A9585187A55057ADC
                                              SHA1:A959E4AE09C1184819D9378DBC1A5A16EE04B9CB
                                              SHA-256:468014824842F1C908361A5965C11E8CD2AA5DA031555634BAF8B1FF54324132
                                              SHA-512:C774A037473623894379D5B5CF19B7234DF0C067BDB45E2CC0AE12CBD5C14100689E8A1A2543891A9102CC06B8A70834795461ED9823472E1AA5B56663C9ABD7
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://edward-b-mueller-co-iinc-statements.us-ord-1.linodeobjects.com/favicon.ico
                                              Preview:<?xml version="1.0" encoding="UTF-8"?><Error><Code>NoSuchKey</Code><BucketName>edward-b-mueller-co-iinc-statements</BucketName><RequestId>tx0000049c8c5b3913552aa-0067ed9c63-d48d8d74-default</RequestId><HostId>d48d8d74-default-default</HostId></Error>
                                              No static file info