Windows Analysis Report
437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.eml

Overview

General Information

Sample name: 437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.eml
Analysis ID: 1640942
MD5: 17704fbe421ef93ce3619f9952467a85
SHA1: a0be43765ecb8e5cdf1d90a3763aaf40c3cf9e5b
SHA256: 6abd2f711bcd75820d9eec05afa009bf0a821fa1b0038d8a63621f2371866bd1
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA
Score: 100
Range: 0 - 100
Confidence: 100%

Signatures

AI detected phishing page
Found malware configuration
Yara detected AntiDebug via timestamp check
Yara detected HtmlPhish10
Yara detected HtmlPhish44
Yara detected Invisible JS
Yara detected Obfuscation Via HangulCharacter
Yara detected Tycoon 2FA PaaS
AI detected landing page (webpage, office document or email)
AI detected suspicious Javascript
AI detected suspicious elements in Email content
AI detected suspicious elements in Email header
Detected use of open redirect vulnerability
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden javascript code
HTML title does not match URL
IP address seen in connection with other malware
Invalid T&C link found
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores large binary data to the registry
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

AV Detection
barindex
Found malware configuration
Source: 1.16.d.script.csv Malware Configuration Extractor: Tycoon2FA {"websitenames": "[\"godaddy\", \"okta\"]", "bes": "[\"Apple.com\",\"Netflix.com\"]", "pes": "[\"https:\\/\\/t.me\\/\",\"https:\\/\\/t.com\\/\",\"t.me\\/\",\"https:\\/\\/t.me.com\\/\",\"t.me.com\\/\",\"t.me@\",\"https:\\/\\/t.me@\",\"https:\\/\\/t.me\",\"https:\\/\\/t.com\",\"t.me\",\"https:\\/\\/t.me.com\",\"t.me.com\",\"t.me\\/@\",\"https:\\/\\/t.me\\/@\",\"https:\\/\\/t.me@\\/\",\"t.me@\\/\",\"https:\\/\\/www.telegram.me\\/\",\"https:\\/\\/www.telegram.me\"]", "capnum": "1", "appnum": "1", "pvn": "0", "view": "", "pagelinkval": "OT1xVD", "emailcheck": "johng@edcodistributing.com", "webname": "rtrim(/web8/, '/')", "urlo": "/qxQ4HAEDWuhosbVQ1dW6HqvLQzGIwgJj7Hg4HAJk0Df36BLVjCV9Mhx"}

Phishing
barindex
AI detected phishing page
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK Joe Sandbox AI: Score: 9 Reasons: The URL '2025_notificationx1invoice_review.fmhjhctk.ru' does not match the legitimate domain 'microsoft.com'., The domain 'fmhjhctk.ru' is unrelated to Microsoft and uses a Russian domain extension, which is unusual for a Microsoft-related service., The URL contains suspicious elements such as 'notificationx1invoice_review', which are often used in phishing attempts to create urgency or mimic legitimate notifications., The use of a subdomain and the structure of the URL suggest an attempt to deceive users into thinking it is a legitimate notification from Microsoft., The email domain 'edcodistributing.com' does not match the brand 'Microsoft', which raises further suspicion. DOM: 1.3.pages.csv
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK Joe Sandbox AI: Score: 9 Reasons: The URL '2025_notificationx1invoice_review.fmhjhctk.ru' does not match the legitimate domain 'microsoft.com'., The domain 'fmhjhctk.ru' is unrelated to Microsoft and uses a Russian domain extension, which is unusual for Microsoft., The URL contains suspicious elements such as 'notificationx1invoice_review', which are not typical for Microsoft., The use of a subdomain and unusual domain extension suggests a phishing attempt., The brand 'Microsoft' is well-known and typically associated with 'microsoft.com'. DOM: 1.4.pages.csv
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK# Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is a well-known global technology company., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL '2025_notificationx1invoice_review.fmhjhctk.ru' does not match the legitimate domain for Microsoft., The URL contains suspicious elements such as a long subdomain and an unusual domain extension '.ru', which is not typically associated with Microsoft., The presence of a Russian domain extension '.ru' is unusual for a Microsoft-related site, especially given the context of an invoice review., The URL structure suggests a phishing attempt, as it includes misleading terms like 'notification' and 'invoice_review' which are commonly used in phishing schemes. DOM: 2.5.pages.csv
Yara detected HtmlPhish10
Source: Yara match File source: 1.3.pages.csv, type: HTML
Source: Yara match File source: 2.5.pages.csv, type: HTML
Source: Yara match File source: 1.4.pages.csv, type: HTML
Yara detected HtmlPhish44
Source: Yara match File source: dropped/chromecache_191, type: DROPPED
Yara detected Invisible JS
Source: Yara match File source: 0.1.d.script.csv, type: HTML
Source: Yara match File source: 3.23.d.script.csv, type: HTML
Source: Yara match File source: 3.6.pages.csv, type: HTML
Source: Yara match File source: 0.0.pages.csv, type: HTML
Source: Yara match File source: 0.1.pages.csv, type: HTML
Yara detected Obfuscation Via HangulCharacter
Source: Yara match File source: 0.1.d.script.csv, type: HTML
Source: Yara match File source: 3.23.d.script.csv, type: HTML
Source: Yara match File source: 1.20..script.csv, type: HTML
Source: Yara match File source: 3.6.pages.csv, type: HTML
Source: Yara match File source: 0.1.pages.csv, type: HTML
Source: Yara match File source: 0.0.pages.csv, type: HTML
Source: Yara match File source: dropped/chromecache_204, type: DROPPED
Yara detected Tycoon 2FA PaaS
Source: Yara match File source: 1.16.d.script.csv, type: HTML
Source: Yara match File source: 0.9.d.script.csv, type: HTML
Source: Yara match File source: 3.26..script.csv, type: HTML
Source: Yara match File source: 3.25.d.script.csv, type: HTML
Source: Yara match File source: 0.6..script.csv, type: HTML
Source: Yara match File source: 1.11..script.csv, type: HTML
Source: Yara match File source: 1.12..script.csv, type: HTML
Source: Yara match File source: 0.0.d.script.csv, type: HTML
Source: Yara match File source: 3.6.pages.csv, type: HTML
Source: Yara match File source: 0.0.pages.csv, type: HTML
Source: Yara match File source: 0.1.pages.csv, type: HTML
Source: Yara match File source: 1.3.pages.csv, type: HTML
Source: Yara match File source: 2.5.pages.csv, type: HTML
Source: Yara match File source: 1.4.pages.csv, type: HTML
AI detected landing page (webpage, office document or email)
Source: PDF document Joe Sandbox AI: PDF document contains QR code
AI detected suspicious Javascript
Source: 0.0.d.script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates several high-risk behaviors, including detecting the presence of web automation tools, disabling common keyboard shortcuts, preventing right-click context menus, and redirecting the user to an unrelated website. These behaviors are highly suspicious and indicate potential malicious intent, such as preventing the user from interacting with the page or redirecting them to a phishing site.
Source: 1.11..script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: https://2025_notificationx1invoice_review.fmhjhctk... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and aggressive DOM manipulation. It checks for the presence of web automation tools, blocks keyboard shortcuts, disables right-click context menus, and redirects the user to an external website. These behaviors are highly suspicious and indicate potential malicious intent.
Source: 0.9.d.script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates several high-risk behaviors, including detecting the presence of web automation tools, disabling common keyboard shortcuts, preventing right-click context menus, and using a debugger-based technique to redirect the user to an external website. These behaviors are highly suspicious and indicate potential malicious intent, such as preventing user interaction and redirecting to a potentially malicious domain.
Source: 0.8..script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: https://2025_notificationx1invoice_review.fmhjhctk... This script demonstrates several high-risk behaviors, including dynamic code execution, potential data exfiltration, and suspicious redirection. The use of obfuscated code and the presence of a debugger statement further increase the risk. Overall, this script exhibits a high level of malicious intent and should be considered a significant security threat.
Source: 0.2..script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: https://2025_notificationx1invoice_review.fmhjhctk... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob` and `decodeURIComponent` to decode and execute remote code is a clear indicator of malicious intent. Additionally, the script appears to be interacting with an untrusted domain, further increasing the risk. Overall, this script exhibits a high level of suspicion and should be treated as a potential security threat.
Source: 1.12..script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: https://2025_notificationx1invoice_review.fmhjhctk... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. It checks for the presence of web automation tools, redirects to a suspicious domain, and implements keylogging functionality to intercept user input. These behaviors are highly indicative of malicious intent, warranting a high-risk score.
Source: 0.1.d.script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates high-risk behaviors, including dynamic code execution through the use of `eval()` and obfuscated code. The script appears to be attempting to execute remote or malicious code, which poses a significant security risk. This should be considered a high-risk script that requires immediate investigation and remediation.
AI detected suspicious elements in Email content
Source: Email Joe Sandbox AI: Detected potential phishing email: Sender email domain (cup.ocn.ne.jp) doesn't match the claimed business domain (edcodistributing.com). Generic sender name 'e-Invoice_Overdue_Confirmation126' is suspicious and follows common phishing patterns. Creates urgency with immediate payment deadline and threat of late fees
AI detected suspicious elements in Email header
Source: Email Joe Sandbox AI: Detected suspicious elements in Email header: High SCL (Spam Confidence Level) of 8 in x-forefront-antispam-report. Suspicious routing with localhost [127.0.0.1] connection from unknown IP. Japanese IP and infrastructure (OCN) sending English content (language mismatch). CAT:HPHISH in antispam report indicates high-confidence phishing detection. Suspicious IP hop from 149.88.97.195 doesn't match the claimed sending infrastructure. Multiple spam filter triggers indicated in SFS values. Extremely long and suspicious x-microsoft-antispam-message-info header, possibly attempting to evade detection
Detected use of open redirect vulnerability
Source: C:\Program Files\Google\Chrome\Application\chrome.exe HTTP traffic: Proxy from: adclick.g.doubleclick.net/pcs/click?ref={{random_string}}&id=y41515n2435ymx419snvo7695-2024-mcwan324scan&adurl=https://2025_notificationx1invoice_review.fmhjhctk.ru/anateadinodo/ to https://2025_notificationx1invoice_review.fmhjhctk.ru/anateadinodo/
HTML body contains low number of good links
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK HTTP Parser: Number of links: 0
HTML body contains password input but no form action
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK HTTP Parser: <input type="password" .../> found but no <form action="...
HTML page contains hidden javascript code
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/#Yjohng@edcodistributing.com HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>AI UI Template</title> <style> body { font-family: 'Segoe UI', Tahoma, Geneva,...
HTML title does not match URL
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK HTTP Parser: Title: Profile Access Sign-In does not match URL
Invalid T&C link found
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK HTTP Parser: Invalid link: Terms of use
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK HTTP Parser: Invalid link: Privacy & cookies
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK HTTP Parser: Invalid link: Terms of use
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK HTTP Parser: Invalid link: Privacy & cookies
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/ HTTP Parser: function yzpcwimejl(){tdoewleybg = atob("pcfet0nuwvbfigh0bww+cjxodg1sigxhbmc9imvuij4kpghlywq+ciagica8bwv0ysbjagfyc2v0psjvveytoci+ciagica8bwv0ysbuyw1lpsj2awv3cg9ydcigy29udgvudd0id2lkdgg9zgv2awnllxdpzhrolcbpbml0awfslxnjywxlpteumci+ciagica8dgl0bgu+qukgvukgvgvtcgxhdgu8l3rpdgxlpgogicagphn0ewxlpgogicagicagigjvzhkgewogicagicagicagicbmb250lwzhbwlsetogj1nlz29lifvjjywgvgfob21hlcbhzw5ldmesifzlcmrhbmesihnhbnmtc2vyawy7ciagicagicagicagigjhy2tncm91bmqty29sb3i6icmxytfhmwe7ciagicagicagicagignvbg9yoiajztblmguwowogicagicagicagicbtyxjnaw46ida7ciagicagicagicagihbhzgrpbmc6ida7ciagicagicagicagigxpbmutagvpz2h0oiaxljy7ciagicagicagfqogicagicagighlywrlcib7ciagicagicagicagigjhy2tncm91bmqty29sb3i6icmwzdq3yte7ciagicagicagicagihbhzgrpbmc6idiwchg7ciagicagicagicagihrlehqtywxpz246ignlbnrlcjskicagicagicagicagym9yzgvylwjvdhrvbtogmnb4ihnvbglkicm2ngi1zjy7ciagicagicagfqogicagicagighlywrlcibomsb7ciagicagicagicagig1hcmdpbjogmdskicagicagicagicagzm9udc1zaxploiazmnb4owogicagicagicagicbjb2xvcjogi2zmzmzmzjskicagicagicb9ciagicagicagbmf2ihskicagicagicagi...
Source: anonymous function HTTP Parser: var otherweburl = "";var websitenames = ["godaddy", "okta"];var bes = ["apple.com","netflix.com"];var pes = ["https:\/\/t.me\/","https:\/\/t.com\/","t.me\/","https:\/\/t.me.com\/","t.me.com\/","t.me@","https:\/\/t.me@","https:\/\/t.me","https:\/\/t.com","t.me","https:\/\/t.me.com","t.me.com","t.me\/@","https:\/\/t.me\/@","https:\/\/t.me@\/","t.me@\/","https:\/\/www.telegram.me\/","https:\/\/www.telegram.me"];var capnum = 1;var appnum = 1;var pvn = 0;var view = "";var pagelinkval = "ot1xvd";var emailcheck = "johng@edcodistributing.com";var webname = "rtrim(/web8/, '/')";var urlo = "/qxq4haedwuhosbvq1dw6hqvlqzgiwgjj7hg4hajk0df36blvjcv9mhx";var gdf = "/gh3sunqus1lhxx3kwhngna9jr95uvqtgllkelcdzleycd114";var odf = "/ghgtbgtz39qnfg3w0wxocyh8pe9rmfxoze8uhcd650";var twa = 0;var currentreq = null;var requestsent = false;var pagedata = "";var redirecturl = "";var useragent = navigator.useragent;var browsername;var userip;var usercountry;var errorcodeexecuted = false;if(u...
Source: Email Classification: Invoice Scam
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK HTTP Parser: <input type="password" .../> found
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK HTTP Parser: No favicon
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK HTTP Parser: No favicon
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK HTTP Parser: No <meta name="author".. found
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK HTTP Parser: No <meta name="author".. found
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK HTTP Parser: No <meta name="copyright".. found
Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: unknown HTTPS traffic detected: 142.250.185.162:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.185.162:443 -> 192.168.2.17:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.17:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.2.189:443 -> 192.168.2.17:49732 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.5.189:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.180.46:443 -> 192.168.2.17:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.180.46:443 -> 192.168.2.17:49743 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.17:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.17:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.17:49761 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.17:49763 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.17:49762 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.17:49765 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.17:49781 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.17:49784 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.17:49790 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.0.100:443 -> 192.168.2.17:49795 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.49.96:443 -> 192.168.2.17:49797 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.0.100:443 -> 192.168.2.17:49796 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.49.96:443 -> 192.168.2.17:49798 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49812 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49809 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49810 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49811 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49808 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.16.132:443 -> 192.168.2.17:49817 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.17:49822 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.17:49834 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.17:49832 version: TLS 1.2
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.17:49827 -> 1.1.1.1:53
Detected suspicious crossdomain redirect
Source: C:\Program Files\Google\Chrome\Application\chrome.exe HTTP traffic: Redirect from: adclick.g.doubleclick.net to https://2025_notificationx1invoice_review.fmhjhctk.ru/anateadinodo/
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 13.33.187.14 13.33.187.14
Source: Joe Sandbox View IP Address: 104.16.5.189 104.16.5.189
Source: Joe Sandbox View IP Address: 104.21.80.1 104.21.80.1
Source: Joe Sandbox View IP Address: 104.21.80.1 104.21.80.1
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: global traffic HTTP traffic detected: GET /pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&token={{RANDOM_STRING}}&adurl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fref%3D{{RANDOM_STRING}}%26id%3DY41515N2435yMX419snVO7695-2024-McWAN324SCAN%26adurl%3Dhttps%3A%2F%2F2025_Notificationx1Invoice_Review.fmhjhctk.ru%2FaNAtEaDInodo%2F%23Yjohng@edcodistributing.com HTTP/1.1Host: adclick.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&adurl=https://2025_Notificationx1Invoice_Review.fmhjhctk.ru/aNAtEaDInodo/ HTTP/1.1Host: adclick.g.doubleclick.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "134.0.6998.36"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmwPyE9NNHfXIFRvrboyi66lXX3F2TC05ppn8r5dZgArqmIcxJtOVsHHe-M
Source: global traffic HTTP traffic detected: GET /aNAtEaDInodo/ HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=6D1OqZqOk90p2FhVbY2uvjws2yqvfcYrLJOX6hJhS7k-1742245029-1.0.1.1-o6K.NzptcjyPwRwmM5r8YuPkSTusR2vCJSQO6i9hYsYHiIALUmvofSaiXsBOn9JlFu.OeQZ2RYKq3AQoix1kdA9CIqNWYy2IQcDLdK3Ulo8
Source: global traffic HTTP traffic detected: GET /loray$vfuz4e HTTP/1.1Host: zy03ki.qakaco.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: https://2025_notificationx1invoice_review.fmhjhctk.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /loray$vfuz4e HTTP/1.1Host: zy03ki.qakaco.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /aNAtEaDInodo/ HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkgrNjVscFFPN1U3clpSR3pKQjhiTlE9PSIsInZhbHVlIjoiQ3VWWng1V3lJNmZOaXhwS25qMzZTVzVVRW1VUzRMbW5FNXFBWmtRaUVFZHgvV09yZktKeGpSMUVnZmtBMTBCVldPY0xSN09sRnJ5cHVDWHlpMW1SNnFvMjV6cE9Lenk5Z2t0NFRUVWxZOXVEZTZzbFBpaUsxbGNwMTk4TnJsU3UiLCJtYWMiOiI2NWIxODE1YTAyOTFjYTM1ZjlmMzEyODA0YjA5ZWU4NDNlNGRmYTkxOWQ0ZjQ4ZDFlZTc4ZjNiNTYyYzAxNDYzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhBamkvT25rd3pYNk0yTnZLR1dva0E9PSIsInZhbHVlIjoiTEZxK1V1RlUzN1RRbEhqbkJ3VkVWRmpjWlV4RjRuSFRFNGF4SzN1bmtFTFhvVkxOMGFaQktQMko4bFMrWnZZZW1yUFcrQWFrREdQYkFGLzJLMWJJQkpFTU9YZE1mc2pMY2RHM0RQejYrNVJjSFlOZ0VHVnNjNGRKSmVnLzlOeFgiLCJtYWMiOiJmNWMxODU2NzM4NjVkYjVlYzJlMWVkMTNlYjg3NDlhZWQyNjZlNTQ5Mjg2MTczYjI1NjhmNTc3ZjRlNTQzNzRlIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ve47VQocLux8bJ296yn6GsK0qKDjDkaqz7v HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkgrNjVscFFPN1U3clpSR3pKQjhiTlE9PSIsInZhbHVlIjoiQ3VWWng1V3lJNmZOaXhwS25qMzZTVzVVRW1VUzRMbW5FNXFBWmtRaUVFZHgvV09yZktKeGpSMUVnZmtBMTBCVldPY0xSN09sRnJ5cHVDWHlpMW1SNnFvMjV6cE9Lenk5Z2t0NFRUVWxZOXVEZTZzbFBpaUsxbGNwMTk4TnJsU3UiLCJtYWMiOiI2NWIxODE1YTAyOTFjYTM1ZjlmMzEyODA0YjA5ZWU4NDNlNGRmYTkxOWQ0ZjQ4ZDFlZTc4ZjNiNTYyYzAxNDYzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhBamkvT25rd3pYNk0yTnZLR1dva0E9PSIsInZhbHVlIjoiTEZxK1V1RlUzN1RRbEhqbkJ3VkVWRmpjWlV4RjRuSFRFNGF4SzN1bmtFTFhvVkxOMGFaQktQMko4bFMrWnZZZW1yUFcrQWFrREdQYkFGLzJLMWJJQkpFTU9YZE1mc2pMY2RHM0RQejYrNVJjSFlOZ0VHVnNjNGRKSmVnLzlOeFgiLCJtYWMiOiJmNWMxODU2NzM4NjVkYjVlYzJlMWVkMTNlYjg3NDlhZWQyNjZlNTQ5Mjg2MTczYjI1NjhmNTc3ZjRlNTQzNzRlIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InpxVTd4OTBYQXBFRzZhaC9veW5YakE9PSIsInZhbHVlIjoiUFRjT25lNWo5RTNaQyttK2ZodXNCQXJNL0ZPaWVXek9mL1lHNGoxaWZJb0czT1Iya3BubWlYV092ZHp5QnFYekdxejNYTjFMbmpjWDJudTNsZ1Z0Y1ZJYVNsTVk5ZnVNV25HQzhxcTFiU2lsZ0dDRUxaTjVGaGdOSUFIU2dJS3giLCJtYWMiOiJkN2RiZjkzOWRkYmVjZDcyZGFlMTAwMDg0OTk1YjkyYTEyZWZjM2QxYTJmM2Y1MzBkOTM2ZDJhYzJjODgzZTEzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im05UzFKRVBIMGoySkN5Qk9sVmZoc1E9PSIsInZhbHVlIjoieFZUbFB2dmtneTZ2VFNFbW1kQnF4WGNSb2hBcm9DWms2clhzZDl0VkpIWkNOUzN3M2lZakI1c3h0RHVTbnhGNk9mbUdxdEN4ZkVnZXlJS2l5cjVXREhmMU5vcnlYZUVTcU5ldUlxR2R0SHZwcFpicENZcXpVM2xtVzRSNTJ1VHAiLCJtYWMiOiJmMTQ2NDcxOWZjYTcwMzNkOTdmOTIzOWY2NDMwYjE1MWJlMTEyOThiOTNkMzczYmQ2M2ZjOTcxMjEzMjMwNmRlIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /kfQGTJxyJYyA40vgITtDB0PwqPDDJNVk7exSUpKdygy HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkEzZjNOWXNBdW9qeU51alJhWXJrdFE9PSIsInZhbHVlIjoiRThjMERLWmdFV0tOdmRtVDkvYWlnbmxMOFBDN3JYQVpWS3dsQ3IrdEppYTNEdysyL3JhV1pkWHhTSUFaUFZGMUswZ2JKajVveG1yeTlPZG1LVWZxb0NTRkhpZlJsVUJ5QXNia25jNVhnOS9uYkZSSVVsdzVrQUhyUWZnSzJXRnUiLCJtYWMiOiI2MDkyY2VmMjIzMzc1YWI3YmJlZTJjM2VjMmRkMTNmZGNiNmRhNTVlYzhhMzhkYmU2NTUwYjkzN2Q0NGU0MjBhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Imp5T2ttbW0ya01pTVREZ1M0RkJwQUE9PSIsInZhbHVlIjoiNUx4c1c0bk9BalpzMVJOVUJYRUQ5aUMvTC9pNmhLNXMrUDFQL1o1bTJYSkxJUmlMMC93V1Jicks5ODIxdnJwRVY5N0swN3I3ejZxdEZ3STNUQzIrV0lNM2xhamUwMitUSk5aN3FMUm04dERYM2tGOCtlS3dQQmp5SFFINCtLUzkiLCJtYWMiOiIxYjM5NGYxZGIyODFiY2NmNTM1MjI1ZWNjMjEzMGQ0MzRlNzVjMjIzMTQ5YjNiN2UwMWZiZWMzNzQ3YWIyYWQ1IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkEzZjNOWXNBdW9qeU51alJhWXJrdFE9PSIsInZhbHVlIjoiRThjMERLWmdFV0tOdmRtVDkvYWlnbmxMOFBDN3JYQVpWS3dsQ3IrdEppYTNEdysyL3JhV1pkWHhTSUFaUFZGMUswZ2JKajVveG1yeTlPZG1LVWZxb0NTRkhpZlJsVUJ5QXNia25jNVhnOS9uYkZSSVVsdzVrQUhyUWZnSzJXRnUiLCJtYWMiOiI2MDkyY2VmMjIzMzc1YWI3YmJlZTJjM2VjMmRkMTNmZGNiNmRhNTVlYzhhMzhkYmU2NTUwYjkzN2Q0NGU0MjBhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Imp5T2ttbW0ya01pTVREZ1M0RkJwQUE9PSIsInZhbHVlIjoiNUx4c1c0bk9BalpzMVJOVUJYRUQ5aUMvTC9pNmhLNXMrUDFQL1o1bTJYSkxJUmlMMC93V1Jicks5ODIxdnJwRVY5N0swN3I3ejZxdEZ3STNUQzIrV0lNM2xhamUwMitUSk5aN3FMUm04dERYM2tGOCtlS3dQQmp5SFFINCtLUzkiLCJtYWMiOiIxYjM5NGYxZGIyODFiY2NmNTM1MjI1ZWNjMjEzMGQ0MzRlNzVjMjIzMTQ5YjNiN2UwMWZiZWMzNzQ3YWIyYWQ1IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /12EsS6v4KGIxyn856713 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /xyEc4pKtKNGKpq6cd30 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /GDSherpa-bold.woff2 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveOrigin: https://2025_notificationx1invoice_review.fmhjhctk.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /GDSherpa-bold.woff HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveOrigin: https://2025_notificationx1invoice_review.fmhjhctk.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /GDSherpa-regular.woff2 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveOrigin: https://2025_notificationx1invoice_review.fmhjhctk.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /GDSherpa-regular.woff HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveOrigin: https://2025_notificationx1invoice_review.fmhjhctk.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /GDSherpa-vf.woff2 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveOrigin: https://2025_notificationx1invoice_review.fmhjhctk.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250317%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250317T205513Z&X-Amz-Expires=300&X-Amz-Signature=e616e7388ad102e9cb0d3ae02f97cd7c71b53bb553c2889c097375ffd2fede86&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /GDSherpa-vf2.woff2 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveOrigin: https://2025_notificationx1invoice_review.fmhjhctk.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /34WyyfLCF60WyWJTghhC89MW03f9FF67110 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /klQ2Of4c6LA3qOVx1jLq0IKv1BfNb563yNbAtqnsmiChZNDrOoVJ0r9kvS36F5wx211 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ijSWB6XDt2x23vPWFuGmlisfdPo0Mn2Fqr4oBXq1n5NrfcM46mk9Zmyz230 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /uveXL7lccWo3VQL1AQNrNkqrY0gg6oIq92t2l012130 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /oppCC2yff12YyfUIa0hvdyqmnO1npn8eKKiH67140 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /klQ2Of4c6LA3qOVx1jLq0IKv1BfNb563yNbAtqnsmiChZNDrOoVJ0r9kvS36F5wx211 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /qxQ4HAEDWuhosbVQ1dW6HqvLQzGIwgJj7Hg4HAJk0Df36BLVjCV9Mhx HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /efFrs1BHOKLi9ZMJGcklORTeAzVJNu5QdrBIkKhzcI5a90150 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /klqxZQ7i49HVQDFkT2K9BPiyyzFXOnXx5i81oj42ckX3Ue56169 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ijSWB6XDt2x23vPWFuGmlisfdPo0Mn2Fqr4oBXq1n5NrfcM46mk9Zmyz230 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /yziOkKzJZKPnEqui42UNe02Trs1vH0s5elZ6Hr1mNBwuab180 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /op328rcsbOGBUSeGtzq25hcrvpTsZOfghsLFQq1ELO8tMocL4jZef199 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /uveXL7lccWo3VQL1AQNrNkqrY0gg6oIq92t2l012130 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /oppCC2yff12YyfUIa0hvdyqmnO1npn8eKKiH67140 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ijeLyVUGNsKP7COU4jZjq9x7klsBCi5YH6sFBErcQVzoldipaq9Ref210 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /klqxZQ7i49HVQDFkT2K9BPiyyzFXOnXx5i81oj42ckX3Ue56169 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /efFrs1BHOKLi9ZMJGcklORTeAzVJNu5QdrBIkKhzcI5a90150 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /yziOkKzJZKPnEqui42UNe02Trs1vH0s5elZ6Hr1mNBwuab180 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /qr347VQocLux8bJ296y3sGsK0qKDjDkaqzGUesuvjEQdpuQn0RocxGsyZziUJj4ef240 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /uvtEwEyzMAhf6EpnunDLNl1fXrnAsov2mnPpoo2EjamMRPOTqFQN1a7tgWlOFf9HWC0Fgh260 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /op328rcsbOGBUSeGtzq25hcrvpTsZOfghsLFQq1ELO8tMocL4jZef199 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /qr347VQocLux8bJ296y3sGsK0qKDjDkaqzGUesuvjEQdpuQn0RocxGsyZziUJj4ef240 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ijeLyVUGNsKP7COU4jZjq9x7klsBCi5YH6sFBErcQVzoldipaq9Ref210 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /uvtEwEyzMAhf6EpnunDLNl1fXrnAsov2mnPpoo2EjamMRPOTqFQN1a7tgWlOFf9HWC0Fgh260 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /v1/ip/geo.json HTTP/1.1Host: get.geojs.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://2025_notificationx1invoice_review.fmhjhctk.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v1/ip/geo.json HTTP/1.1Host: get.geojs.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ylboqnupqfnuawqfsjesfkocbclIQzYGUEIIWPSNKSDXNYLKVQSYSBBZXDZMJXXPTrsIqrLA8B802U3m12HZGwx40 HTTP/1.1Host: mdvdrzasmwqth3qml8y9wfk13vbyxtc66szdgcmvnowenilgvs1vtfskk3t.amayaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ylboqnupqfnuawqfsjesfkocbclIQzYGUEIIWPSNKSDXNYLKVQSYSBBZXDZMJXXPTrsJ1JGm4Ep8qArRqlzryzP9Vewx39 HTTP/1.1Host: mdvdrzasmwqth3qml8y9wfk13vbyxtc66szdgcmvnowenilgvs1vtfskk3t.amayaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ylboqnupqfnuawqfsjesfkocbclIQzYGUEIIWPSNKSDXNYLKVQSYSBBZXDZMJXXPTpqKeZdnM34o6uv40 HTTP/1.1Host: mdvdrzasmwqth3qml8y9wfk13vbyxtc66szdgcmvnowenilgvs1vtfskk3t.amayaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ylboqnupqfnuawqfsjesfkocbclIQzYGUEIIWPSNKSDXNYLKVQSYSBBZXDZMJXXPTrs5QynVpB912sptTbRwx40 HTTP/1.1Host: mdvdrzasmwqth3qml8y9wfk13vbyxtc66szdgcmvnowenilgvs1vtfskk3t.amayaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ylboqnupqfnuawqfsjesfkocbclIQzYGUEIIWPSNKSDXNYLKVQSYSBBZXDZMJXXPTpqPCdpkF34Gr7Ywx40 HTTP/1.1Host: mdvdrzasmwqth3qml8y9wfk13vbyxtc66szdgcmvnowenilgvs1vtfskk3t.amayaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic HTTP traffic detected: GET /ylboqnupqfnuawqfsjesfkocbclIQzYGUEIIWPSNKSDXNYLKVQSYSBBZXDZMJXXPTpqnQf3AGd12TQpKuJluv35 HTTP/1.1Host: mdvdrzasmwqth3qml8y9wfk13vbyxtc66szdgcmvnowenilgvs1vtfskk3t.amayaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /aNAtEaDInodo/ HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN6TGFTQkNvc1JXUVZLVGZwdjZNVEE9PSIsInZhbHVlIjoiQ3FVNjR6UFFFZXRLM0RHMDZkY1VSaHFqMGJVbnY4RUlBc1NqMUNEenVtekM4YzRlS3QyaUFIT3E5RzdmUnBiQndQdHAvc1phYUdKaXdoSXh0LzI1SytBMzNJTEszamZZdUlOZ3cvYnV3Zy9VRWtSUWt5Ui9EYVZkckhwbWR2MGMiLCJtYWMiOiJlNjhkMDZmNzM5MDFlYWU5OTk0ODlmOTgxYzY4MjVlNzAwZDA3MzU2MTQ3YzgwMzY5YmU4NzdmMTJiNzI4ZWJhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjR2NDVjSlpqMWdKRHVkV1gzdnRDWUE9PSIsInZhbHVlIjoiRGFqSFNLWlB6NHB3SUJsQ00wNXIwUllDZE44elY1d0FndXhidStXTlp4N2t3cTRGZFhFdHlFenNEYk16UDdHVmVadDl3ZHpyRmZjOTBGRXJzSlY4NVRoeUVYY2ZEUXVBT3dzRFJoOVErbjhZNmF3amRhRFErWVN1N0x3MTArWUciLCJtYWMiOiIyN2IwNWNmM2UwZTc1NmNiY2U0NWI0NDhmZmFhZjZkMDlkN2Y5MzllOTNiZTY1MWRmZmQxNmM3YmU4MzVlYTRjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=6D1OqZqOk90p2FhVbY2uvjws2yqvfcYrLJOX6hJhS7k-1742245029-1.0.1.1-o6K.NzptcjyPwRwmM5r8YuPkSTusR2vCJSQO6i9hYsYHiIALUmvofSaiXsBOn9JlFu.OeQZ2RYKq3AQoix1kdA9CIqNWYy2IQcDLdK3Ulo8If-None-Match: "6be7ff94b6151f8cfbf08b53a17e2ac1"
Source: global traffic HTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=6D1OqZqOk90p2FhVbY2uvjws2yqvfcYrLJOX6hJhS7k-1742245029-1.0.1.1-o6K.NzptcjyPwRwmM5r8YuPkSTusR2vCJSQO6i9hYsYHiIALUmvofSaiXsBOn9JlFu.OeQZ2RYKq3AQoix1kdA9CIqNWYy2IQcDLdK3Ulo8If-None-Match: "6be7ff94b6151f8cfbf08b53a17e2ac1"
Source: global traffic HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic DNS traffic detected: DNS query: adclick.g.doubleclick.net
Source: global traffic DNS traffic detected: DNS query: 2025_notificationx1invoice_review.fmhjhctk.ru
Source: global traffic DNS traffic detected: DNS query: code.jquery.com
Source: global traffic DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: developers.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: zy03ki.qakaco.ru
Source: global traffic DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: github.com
Source: global traffic DNS traffic detected: DNS query: ok4static.oktacdn.com
Source: global traffic DNS traffic detected: DNS query: objects.githubusercontent.com
Source: global traffic DNS traffic detected: DNS query: get.geojs.io
Source: global traffic DNS traffic detected: DNS query: mdvdrzasmwqth3qml8y9wfk13vbyxtc66szdgcmvnowenilgvs1vtfskk3t.amayaxw.es
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /ve47VQocLux8bJ296yn6GsK0qKDjDkaqz7v HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveContent-Length: 775sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryQAh9vEIyBPJXSCXBsec-ch-ua-mobile: ?0Accept: */*Origin: https://2025_notificationx1invoice_review.fmhjhctk.ruSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InZSSjQ3YWQrUThmcFppczNPSU5qK2c9PSIsInZhbHVlIjoiZ205YVRMdWRyMjBFMFoxekJyd25xdmM1RVpOS04vQ2I1ME5BL3hKZW9oTWJndk01NTlrMzVMYUlYMmFRcTFZUExWZ3pHNXU3cjBKNTVSdGNESjVNZXpjNlJaaEtLcGs0a2l3bjZvS3FlUjg0VlZ2SXJsQ1dLbytBQmpaa2hscFgiLCJtYWMiOiI2OTAwODMyNjdkYTY2Y2NhNWY4NWJiZDkzMTM2MTU4ZDgzZmI4ZjU4YjUyZjFjODFjMTM3ZjFjYTQ1NzhlNGFlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklTczZwZ0NUUEsxakhzT2FvcVZlbHc9PSIsInZhbHVlIjoiMjk4MVpsdm03UXkyL1lKV3liOHZjLzQ1VjZJR0RXUVpRQVBZQlkrQ2RGdkhWUXgzNTdVUTZUTk9aREFJcnd2VC9RdDAwRldURUhoRFptMkx2K1RVYzdJblRNcUdYUFpsaFdWVEpPNStQMnBaajdESUlFczhjb2FBSGtaWEIydnoiLCJtYWMiOiJiN2E4NjViMTk4OTgyMTgyNDFmNDk3YWE3OWQzMmJjYWFmZTg1ZDQzMWQ3ZWQzZWU3Y2MzZjMyMmQxNWI2OTk2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 20:57:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g2nNpGMYBa77YWP4pp43vkEbY7cJyANS2DG%2Fuxtd%2FMFfeM68cDAKs2DIETqvjtW6nDX%2FrP%2BEJUV2jhPpfWnszOsFQhnKS92yX9be5s%2FV%2BCA6SfFMKVdPAZsIaQuu"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=1067&min_rtt=1052&rtt_var=323&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2072&delivery_rate=3604278&cwnd=253&unsent_bytes=0&cid=0069aba64dfa472d&ts=252&x=0"Server: cloudflareCF-RAY: 921f66e9a824134a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2034&min_rtt=2029&rtt_var=771&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1739&delivery_rate=1409946&cwnd=91&unsent_bytes=0&cid=2b99c77b1406e897&ts=555&x=0"
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 20:57:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UFUFRtiPCxS72L2xH1FbMKhdKsciotrnKGZTXLOYHsPbNKTb6z78%2BUa2cz8QTjIHkX37G5IuKpvjtqaGaYzhiyfe2x8n07eaHK3PtEpNZqXBQvV6NDhw1lKTnyfL"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingserver-timing: cfL4;desc="?proto=TCP&rtt=1015&min_rtt=1006&rtt_var=300&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2296&delivery_rate=3847764&cwnd=253&unsent_bytes=0&cid=99168aa2290f539b&ts=415&x=0"Cache-Control: max-age=14400CF-Cache-Status: EXPIREDServer: cloudflareCF-RAY: 921f66f0396f847d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1762&min_rtt=1675&rtt_var=690&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=1961&delivery_rate=1743283&cwnd=114&unsent_bytes=0&cid=9e5611371c9c2ebb&ts=731&x=0"
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 20:57:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sndl5AoVHEUA121nCMs96N4eq1Ym27q6GuWcCKzJdagYMVxHuEakHgGosoMYjYRUS0u6g2VyVUX8pMy0egLX%2FhZ7T5Lj3pTzg3v%2B1L6gfBCBA5ChY9nR2FQPcQI5"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=895&min_rtt=887&rtt_var=265&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2081&delivery_rate=4279365&cwnd=252&unsent_bytes=0&cid=974f7bd32e44755b&ts=238&x=0"Server: cloudflareCF-RAY: 921f66f36c3c659d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1699&min_rtt=1696&rtt_var=638&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1747&delivery_rate=1721698&cwnd=131&unsent_bytes=0&cid=7df4f0bf63322d9b&ts=543&x=0"
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 20:57:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oW4gvdo6lzrqzxYZ57Q9%2FtBDtzFxJGX4RkBOdbWlJ0q5GGBIueEXCYpTSofRAabvTgKi8twAEI8BYcjFSz%2B16d0etvWeikokJTeTyhVA2Q1cSmBXbyjOib1pdPZJ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=888&min_rtt=839&rtt_var=267&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2093&delivery_rate=4627002&cwnd=253&unsent_bytes=0&cid=53f2a5fdb7bed747&ts=270&x=0"Server: cloudflareCF-RAY: 921f6710efac8c96-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=10288&min_rtt=1991&rtt_var=5854&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2825&recv_bytes=1759&delivery_rate=1466599&cwnd=190&unsent_bytes=0&cid=4a865e4fb76df224&ts=587&x=0"
Source: chromecache_196.9.dr String found in binary or memory: http://github.com/fent/randexp.js/raw/master/LICENSE
Source: chromecache_196.9.dr String found in binary or memory: https://github.com/fent)
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49682 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown HTTPS traffic detected: 142.250.185.162:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.185.162:443 -> 192.168.2.17:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.17:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.2.189:443 -> 192.168.2.17:49732 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.5.189:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.180.46:443 -> 192.168.2.17:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.180.46:443 -> 192.168.2.17:49743 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.17:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.17:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.17:49761 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.17:49763 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.17:49762 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.17:49765 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.17:49781 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.17:49784 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.17:49790 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.0.100:443 -> 192.168.2.17:49795 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.49.96:443 -> 192.168.2.17:49797 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.0.100:443 -> 192.168.2.17:49796 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.49.96:443 -> 192.168.2.17:49798 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49812 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49809 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49810 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49811 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49808 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.16.132:443 -> 192.168.2.17:49817 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.17:49822 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.17:49834 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.17:49832 version: TLS 1.2
Creates files inside the system directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\scoped_dir7156_822129401 Jump to behavior
Deletes files inside the Windows folder
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File deleted: C:\Windows\SystemTemp\scoped_dir7156_822129401 Jump to behavior
Source: classification engine Classification label: mal100.phis.evad.winEML@39/132@46/20
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250317T1656500495-7128.etl Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A8B1DF91-FAA1-4626-8EBB-BE10763A7B74" "55A4E9CA-0F78-426E-87F2-28A0B4618F5B" "7128" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\H60H1VPO\Due-Invoice-edcodistributing.com.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1616 --field-trial-handle=1372,i,14397360767861381032,14619791995666054004,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://adclick.g.doubleclick.net/pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&token={{RANDOM_STRING}}&adurl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fref%3D{{RANDOM_STRING}}%26id%3DY41515N2435yMX419snVO7695-2024-McWAN324SCAN%26adurl%3Dhttps%3A%2F%2F2025_Notificationx1Invoice_Review.fmhjhctk.ru%2FaNAtEaDInodo%2F%23Yjohng@edcodistributing.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2076,i,15469999777749754854,18021194746910479268,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2108 /prefetch:3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A8B1DF91-FAA1-4626-8EBB-BE10763A7B74" "55A4E9CA-0F78-426E-87F2-28A0B4618F5B" "7128" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\H60H1VPO\Due-Invoice-edcodistributing.com.pdf" Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1616 --field-trial-handle=1372,i,14397360767861381032,14619791995666054004,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2076,i,15469999777749754854,18021194746910479268,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2108 /prefetch:3 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: c2r64.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32 Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Window found: window name: SysTabControl32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Stores large binary data to the registry
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935} DeviceTicket Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiDebug via timestamp check
Source: Yara match File source: 3.25.d.script.csv, type: HTML
Source: Yara match File source: 1.11..script.csv, type: HTML
Source: Yara match File source: 0.0.d.script.csv, type: HTML
Source: Yara match File source: 1.12..script.csv, type: HTML
Source: Yara match File source: 1.3.pages.csv, type: HTML
Source: Yara match File source: 2.5.pages.csv, type: HTML
Source: Yara match File source: 1.4.pages.csv, type: HTML
Source: 437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.eml Binary or memory string: eS1VQ1MgZGVmCi9DTWFwVHlwZSAyIGRlZgoxIGJlZ2luY29kZXNwYWNlcmFuZ2UKPDAwMDA+IDxG
Source: 437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.eml Binary or memory string: L09yZGVyaW5nIChVQ1MpIC9TdXBwbGVtZW50IDAgPj4gZGVmCi9DTWFwTmFtZSAvQWRvYmUtSWRl
Source: 437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.eml Binary or memory string: IDAgPj4gZGVmCi9DTWFwTmFtZSAvQWRvYmUtSWRlbnRpdHktVUNTIGRlZgovQ01hcFR5cGUgMiBk
Source: 437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.eml Binary or memory string: 75VnQzhybQJHEkAjGgWQCXI7RRvVW2/EresP4xjhOEGnATTgcQAFfOw94Ug0Na9vMCIzXMm2Zq39
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information queried: ProcessInformation Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1640942 Sample: 437cb98f-02e6-3095-7a14-f6e... Startdate: 17/03/2025 Architecture: WINDOWS Score: 100 37 Found malware configuration 2->37 39 AI detected phishing page 2->39 41 Yara detected AntiDebug via timestamp check 2->41 43 10 other signatures 2->43 8 OUTLOOK.EXE 514 84 2->8         started        11 chrome.exe 5 2->11         started        process3 dnsIp4 25 C:\...\~Outlook Data File - NoEmail.pst.tmp, data 8->25 dropped 27 C:\Users\...\Outlook Data File - NoEmail.pst, Microsoft 8->27 dropped 14 Acrobat.exe 73 8->14         started        16 ai.exe 8->16         started        35 192.168.2.17, 138, 443, 49173 unknown unknown 11->35 18 chrome.exe 11->18         started        file5 process6 dnsIp7 21 AcroCEF.exe 128 14->21         started        29 adclick.g.doubleclick.net 142.250.185.162, 443, 49713, 49717 GOOGLEUS United States 18->29 31 www.google.com 172.217.16.132, 443, 49817 GOOGLEUS United States 18->31 33 18 other IPs or domains 18->33 process8 process9 23 AcroCEF.exe 2 21->23         started       
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.67.180.46
 zy03ki.qakaco.ru United States
13335 CLOUDFLARENETUS false
13.33.187.14
 unknown United States
16509 AMAZON-02US false
104.16.5.189
 unknown United States
13335 CLOUDFLARENETUS false
104.21.49.96
 mdvdrzasmwqth3qml8y9wfk13vbyxtc66szdgcmvnowenilgvs1vtfskk3t.amayaxw.es United States
13335 CLOUDFLARENETUS false
104.21.80.1
 unknown United States
13335 CLOUDFLARENETUS false
151.101.130.137
 code.jquery.com United States
54113 FASTLYUS false
185.199.109.133
 objects.githubusercontent.com Netherlands
54113 FASTLYUS false
142.250.185.162
 adclick.g.doubleclick.net United States
15169 GOOGLEUS false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
104.16.2.189
 developers.cloudflare.com United States
13335 CLOUDFLARENETUS false
104.21.16.1
 2025_notificationx1invoice_review.fmhjhctk.ru United States
13335 CLOUDFLARENETUS false
13.33.187.120
 d19d360lklgih4.cloudfront.net United States
16509 AMAZON-02US false
13.33.187.68
 unknown United States
16509 AMAZON-02US false
104.18.95.41
 challenges.cloudflare.com United States
13335 CLOUDFLARENETUS false
140.82.121.4
 github.com United States
36459 GITHUBUS false
151.101.2.137
 unknown United States
54113 FASTLYUS false
104.17.25.14
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
172.217.16.132
 www.google.com United States
15169 GOOGLEUS false
104.26.0.100
 get.geojs.io United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.17

Contacted Domains

Name IP Active
adclick.g.doubleclick.net 142.250.185.162 true
a.nel.cloudflare.com 35.190.80.1 true
2025_notificationx1invoice_review.fmhjhctk.ru 104.21.16.1 true
developers.cloudflare.com 104.16.2.189 true
github.com 140.82.121.4 true
zy03ki.qakaco.ru 172.67.180.46 true
mdvdrzasmwqth3qml8y9wfk13vbyxtc66szdgcmvnowenilgvs1vtfskk3t.amayaxw.es 104.21.49.96 true
code.jquery.com 151.101.130.137 true
cdnjs.cloudflare.com 104.17.25.14 true
challenges.cloudflare.com 104.18.95.41 true
get.geojs.io 104.26.0.100 true
www.google.com 172.217.16.132 true
s-0005.dual-s-msedge.net 52.123.129.14 true
d19d360lklgih4.cloudfront.net 13.33.187.120 true
objects.githubusercontent.com 185.199.109.133 true
ok4static.oktacdn.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/ false
    		unknown
    https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-bold.woff false
    • Avira URL Cloud: safe
    		 unknown
    https://2025_notificationx1invoice_review.fmhjhctk.ru/ijSWB6XDt2x23vPWFuGmlisfdPo0Mn2Fqr4oBXq1n5NrfcM46mk9Zmyz230 false
    • Avira URL Cloud: safe
    		 unknown
    https://ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 false
      		high
      https://a.nel.cloudflare.com/report/v4?s=Ju%2FeqZEAdF4RfZt88da0Ye4U4Y8DkKNL92cHBVSYNzii%2BLsPPFgTOTvtPw0z4qVb2nsFz%2F%2FiUWq0egloLQIhs7rhKiBDh2jreEkQBjnWFO0KcriuPF6Ubl5A3jV0 false
        		high
        https://otelrules.svc.static.microsoft/rules/rule120639v0s19.xml false
          		high
          https://code.jquery.com/jquery-3.6.0.min.js false
            		high
            https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js false
              		high
              https://2025_notificationx1invoice_review.fmhjhctk.ru/kfQGTJxyJYyA40vgITtDB0PwqPDDJNVk7exSUpKdygy false
              • Avira URL Cloud: safe
              		 unknown
              https://2025_notificationx1invoice_review.fmhjhctk.ru/qxQ4HAEDWuhosbVQ1dW6HqvLQzGIwgJj7Hg4HAJk0Df36BLVjCV9Mhx false
              • Avira URL Cloud: safe
              		 unknown
              https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css false
                		high
                https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-vf.woff2 false
                • Avira URL Cloud: safe
                		 unknown
                https://adclick.g.doubleclick.net/pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&token={{RANDOM_STRING}}&adurl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fref%3D{{RANDOM_STRING}}%26id%3DY41515N2435yMX419snVO7695-2024-McWAN324SCAN%26adurl%3Dhttps%3A%2F%2F2025_Notificationx1Invoice_Review.fmhjhctk.ru%2FaNAtEaDInodo%2F%23Yjohng@edcodistributing.com false
                  		high
                  https://2025_notificationx1invoice_review.fmhjhctk.ru/uveXL7lccWo3VQL1AQNrNkqrY0gg6oIq92t2l012130 false
                  • Avira URL Cloud: safe
                  		 unknown
                  https://2025_notificationx1invoice_review.fmhjhctk.ru/yziOkKzJZKPnEqui42UNe02Trs1vH0s5elZ6Hr1mNBwuab180 false
                  • Avira URL Cloud: safe
                  		 unknown
                  https://2025_notificationx1invoice_review.fmhjhctk.ru/12EsS6v4KGIxyn856713 false
                  • Avira URL Cloud: safe
                  		 unknown
                  https://2025_notificationx1invoice_review.fmhjhctk.ru/qr347VQocLux8bJ296y3sGsK0qKDjDkaqzGUesuvjEQdpuQn0RocxGsyZziUJj4ef240 false
                  • Avira URL Cloud: safe
                  		 unknown
                  https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback false
                    		high
                    https://2025_notificationx1invoice_review.fmhjhctk.ru/klQ2Of4c6LA3qOVx1jLq0IKv1BfNb563yNbAtqnsmiChZNDrOoVJ0r9kvS36F5wx211 false
                    • Avira URL Cloud: safe
                    		 unknown
                    https://2025_notificationx1invoice_review.fmhjhctk.ru/op328rcsbOGBUSeGtzq25hcrvpTsZOfghsLFQq1ELO8tMocL4jZef199 false
                    • Avira URL Cloud: safe
                    		 unknown
                    https://2025_notificationx1invoice_review.fmhjhctk.ru/ve47VQocLux8bJ296yn6GsK0qKDjDkaqz7v false
                    • Avira URL Cloud: safe
                    		 unknown
                    https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/#Yjohng@edcodistributing.com false
                      		unknown
                      https://ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css false
                        		high
                        https://2025_notificationx1invoice_review.fmhjhctk.ru/oppCC2yff12YyfUIa0hvdyqmnO1npn8eKKiH67140 false
                        • Avira URL Cloud: safe
                        		 unknown
                        https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK true
                          		unknown
                          https://2025_notificationx1invoice_review.fmhjhctk.ru/favicon.ico false
                          • Avira URL Cloud: safe
                          		 unknown
                          https://developers.cloudflare.com/favicon.png false
                            		high
                            https://otelrules.svc.static.microsoft/rules/rule120638v0s19.xml false
                              		high
                              https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js false
                                		high
                                https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK# true
                                  		unknown
                                  https://a.nel.cloudflare.com/report/v4?s=g2nNpGMYBa77YWP4pp43vkEbY7cJyANS2DG%2Fuxtd%2FMFfeM68cDAKs2DIETqvjtW6nDX%2FrP%2BEJUV2jhPpfWnszOsFQhnKS92yX9be5s%2FV%2BCA6SfFMKVdPAZsIaQuu false
                                    		high
                                    https://otelrules.svc.static.microsoft/rules/rule120640v0s19.xml false
                                      		high
                                      https://otelrules.svc.static.microsoft/rules/rule120637v0s19.xml false
                                        		high
                                        https://otelrules.svc.static.microsoft/rules/rule120641v0s19.xml false
                                          		high
                                          https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-bold.woff2 false
                                          • Avira URL Cloud: safe
                                          		 unknown
                                          https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-vf2.woff2 false
                                          • Avira URL Cloud: safe
                                          		 unknown
                                          https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-regular.woff false
                                          • Avira URL Cloud: safe
                                          		 unknown
                                          https://get.geojs.io/v1/ip/geo.json false
                                            		high
                                            https://2025_notificationx1invoice_review.fmhjhctk.ru/efFrs1BHOKLi9ZMJGcklORTeAzVJNu5QdrBIkKhzcI5a90150 false
                                            • Avira URL Cloud: safe
                                            		 unknown
                                            https://zy03ki.qakaco.ru/loray$vfuz4e false
                                            • Avira URL Cloud: safe
                                            		 unknown
                                            https://2025_notificationx1invoice_review.fmhjhctk.ru/uvtEwEyzMAhf6EpnunDLNl1fXrnAsov2mnPpoo2EjamMRPOTqFQN1a7tgWlOFf9HWC0Fgh260 false
                                            • Avira URL Cloud: safe
                                            		 unknown
                                            https://2025_notificationx1invoice_review.fmhjhctk.ru/ijeLyVUGNsKP7COU4jZjq9x7klsBCi5YH6sFBErcQVzoldipaq9Ref210 false
                                            • Avira URL Cloud: safe
                                            		 unknown
                                            https://2025_notificationx1invoice_review.fmhjhctk.ru/34WyyfLCF60WyWJTghhC89MW03f9FF67110 false
                                            • Avira URL Cloud: safe
                                            		 unknown
                                            https://2025_notificationx1invoice_review.fmhjhctk.ru/klqxZQ7i49HVQDFkT2K9BPiyyzFXOnXx5i81oj42ckX3Ue56169 false
                                            • Avira URL Cloud: safe
                                            		 unknown
                                            https://adclick.g.doubleclick.net/pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&adurl=https://2025_Notificationx1Invoice_Review.fmhjhctk.ru/aNAtEaDInodo/ false
                                              		high
                                              https://2025_notificationx1invoice_review.fmhjhctk.ru/xyEc4pKtKNGKpq6cd30 false
                                              • Avira URL Cloud: safe
                                              		 unknown
                                              https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-regular.woff2 false
                                              • Avira URL Cloud: safe
                                              		 unknown