Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
http://www.pdf-fast.com

Overview

General Information

Sample URL:http://www.pdf-fast.com
Analysis ID:1671090
Infos:

Detection

Score:56
Range:0 - 100
Confidence:100%

Signatures

System process connects to network (likely due to code injection or exploit)
AI detected landing page (webpage, office document or email)
Installs Task Scheduler Managed Wrapper
Checks for available system drives (often done to infect USB drives)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6256 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 2164 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1900,i,14890991142083231350,10258843025430194688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6308 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=1900,i,14890991142083231350,10258843025430194688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=3924 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • PDFast.exe (PID: 3876 cmdline: "C:\Users\user\Downloads\PDFast.exe" MD5: 1E995EEF7DEBA589543F502C4B14DA47)
      • msiexec.exe (PID: 2512 cmdline: "C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\PDFast\PDFast 1.0.0\install\CA604DA\PDFast.msi" AI_SETUPEXEPATH=C:\Users\user\Downloads\PDFast.exe SETUPEXEDIR=C:\Users\user\Downloads\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1745330493 " AI_EUIMSI="" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • chrome.exe (PID: 2272 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.pdf-fast.com" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • msiexec.exe (PID: 2072 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 4844 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 5E149591A00CB4130018CF892D3ED038 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 4432 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding B75D37BFEDC5A4A32827FDDE95C30B89 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • rundll32.exe (PID: 4268 cmdline: rundll32.exe "C:\Windows\Installer\MSI7DDD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4095562 2 RequestSender!RequestSender.CustomActions.Start MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 6972 cmdline: rundll32.exe "C:\Windows\Installer\MSI81ED.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4096515 60 RequestSender!RequestSender.CustomActions.CreateScheduledTask MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 7680 cmdline: rundll32.exe "C:\Windows\Installer\MSI8895.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4098218 64 RequestSender!RequestSender.CustomActions.OpenUrl MD5: 889B99C52A60DD49227C5E485A016679)
        • chrome.exe (PID: 4524 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" https://pdf-fast.com/thankyou.html MD5: E81F54E6C1129887AEA47E7D092680BF)
      • rundll32.exe (PID: 7104 cmdline: rundll32.exe "C:\Windows\Installer\MSI8BF1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4099062 68 RequestSender!RequestSender.CustomActions.Finish MD5: 889B99C52A60DD49227C5E485A016679)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Spreading
  • Software Vulnerabilities
  • Networking
  • System Summary
  • Persistence and Installation Behavior
  • Boot Survival
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • HIPS / PFW / Operating System Protection Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: https://www.pdf-fast.com/Joe Sandbox AI: Page contains button: 'Accept & Download' Source: '0.0.pages.csv'
Source: https://www.pdf-fast.com/Joe Sandbox AI: Page contains button: 'Accept & Download' Source: '0.2.pages.csv'
Source: https://www.pdf-fast.com/HTTP Parser: No favicon
Source: https://www.pdf-fast.com/HTTP Parser: No favicon
Source: https://pdf-fast.com/thankyou.htmlHTTP Parser: No favicon
Source: https://pdf-fast.com/thankyou.htmlHTTP Parser: No favicon
Source: https://pdf-fast.com/thankyou.htmlHTTP Parser: No favicon
Source: https://pdf-fast.com/thankyou.htmlHTTP Parser: No favicon
Source: https://pdf-fast.com/thankyou.htmlHTTP Parser: No favicon
Source: https://pdf-fast.com/thankyou.htmlHTTP Parser: No favicon
Source: https://pdf-fast.com/thankyou.htmlHTTP Parser: No favicon
Source: https://pdf-fast.com/thankyou.htmlHTTP Parser: No favicon
Source: https://pdf-fast.com/thankyou.htmlHTTP Parser: No favicon
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PDFast 1.0.0
Source: unknownHTTPS traffic detected: 38.32.110.58:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 38.32.110.58:443 -> 192.168.2.17:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.71:443 -> 192.168.2.17:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 38.32.110.58:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 38.32.110.58:443 -> 192.168.2.17:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 38.32.110.58:443 -> 192.168.2.17:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.68.226:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.178.49.194:443 -> 192.168.2.17:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.96.60:443 -> 192.168.2.17:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.54.30.30:443 -> 192.168.2.17:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.178.49.164:443 -> 192.168.2.17:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.17:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.57.85.160:443 -> 192.168.2.17:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.125.62.241:443 -> 192.168.2.17:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.125.62.241:443 -> 192.168.2.17:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.71:443 -> 192.168.2.17:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.244.50.84:443 -> 192.168.2.17:50028 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.244.49.177:443 -> 192.168.2.17:50035 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.244.49.177:443 -> 192.168.2.17:50038 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.244.50.84:443 -> 192.168.2.17:50042 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.244.50.84:443 -> 192.168.2.17:50044 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.244.50.84:443 -> 192.168.2.17:50043 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.244.50.84:443 -> 192.168.2.17:50069 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.244.50.84:443 -> 192.168.2.17:50070 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.244.50.84:443 -> 192.168.2.17:50074 version: TLS 1.2
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: z:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: x:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: v:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: t:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: r:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: p:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: n:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: l:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: j:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: h:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: f:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: b:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: y:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: w:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: u:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: s:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: q:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: o:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: m:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: k:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: i:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: g:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: e:
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: c:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: a:
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\Downloads\PDFast.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\PDFast.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\PDFast.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\Downloads\PDFast.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\Downloads\PDFast.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\Downloads\PDFast.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\PDFast.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\PDFast.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\Downloads\PDFast.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\Downloads\PDFast.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\Downloads\PDFast.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\Downloads\PDFast.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\Downloads\PDFast.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\PDFast.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\Downloads\PDFast.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\PDFast.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\PDFast.exeFile opened: C:\Users\user\AppData\Roaming\PDFast\PDFast 1.0.0\
Source: C:\Users\user\Downloads\PDFast.exeFile opened: C:\Users\user\AppData\Roaming\PDFast\PDFast 1.0.0\install\CA604DA\
Source: C:\Users\user\Downloads\PDFast.exeFile opened: C:\Users\user\AppData\
Source: C:\Users\user\Downloads\PDFast.exeFile opened: C:\Users\user\
Source: C:\Users\user\Downloads\PDFast.exeFile opened: C:\Users\user\AppData\Roaming\PDFast\PDFast 1.0.0\install\
Source: C:\Users\user\Downloads\PDFast.exeFile opened: C:\Users\user\AppData\Roaming\
Source: chrome.exeMemory has grown: Private usage: 7MB later: 42MB

Networking

barindex
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.49.177 443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.pdf-fast.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /css/default.css HTTP/1.1Host: www.pdf-fast.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /css/site.css HTTP/1.1Host: www.pdf-fast.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/623b1cf28e68360ae9ee63aa7a59f61df2d1bf7c-77x80.svg HTTP/1.1Host: www.pdf-fast.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/pdffast-logo.png HTTP/1.1Host: www.pdf-fast.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /media/file_arrow.mp3 HTTP/1.1Host: www.pdf-fast.comConnection: keep-alivesec-ch-ua-platform: "Windows"Accept-Encoding: identity;q=1, *;q=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://www.pdf-fast.com/Accept-Language: en-US,en;q=0.9Range: bytes=0-
Source: global trafficHTTP traffic detected: GET /images/623b1cf28e68360ae9ee63aa7a59f61df2d1bf7c-77x80.svg HTTP/1.1Host: www.pdf-fast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tag/oye40w4bq1 HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://www.pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /css/Inter-SemiBold.Ctx7G98q.woff2?v=3.19 HTTP/1.1Host: www.pdf-fast.comConnection: keep-aliveOrigin: https://www.pdf-fast.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.pdf-fast.com/css/default.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /css/Inter-Regular.CKDp9E3C.woff2?v=3.19 HTTP/1.1Host: www.pdf-fast.comConnection: keep-aliveOrigin: https://www.pdf-fast.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.pdf-fast.com/css/default.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/pdffast-logo.png HTTP/1.1Host: www.pdf-fast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /td/rul/16714313352?random=1745330602229&cv=11&fst=1745330602229&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be54i1v9213662826za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.pdf-fast.com%2F&hn=www.googleadservices.com&frm=0&tiba=PDFast%20-%20PDF&npa=0&pscdl=noapi&auid=1513428296.1745330602&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://www.pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /css/Inter-SemiBold.BHlX_6qk.woff?v=3.19 HTTP/1.1Host: www.pdf-fast.comConnection: keep-aliveOrigin: https://www.pdf-fast.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.pdf-fast.com/css/default.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1513428296.1745330602
Source: global trafficHTTP traffic detected: GET /css/Inter-Regular.DJOZHnwz.woff?v=3.19 HTTP/1.1Host: www.pdf-fast.comConnection: keep-aliveOrigin: https://www.pdf-fast.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.pdf-fast.com/css/default.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1513428296.1745330602
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/16714313352/?random=1745330602229&cv=11&fst=1745330602229&bg=ffffff&guid=ON&async=1&gtm=45be54i1v9213662826za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.pdf-fast.com%2F&hn=www.googleadservices.com&frm=0&tiba=PDFast%20-%20PDF&npa=0&pscdl=noapi&auid=1513428296.1745330602&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://www.pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /s/0.8.1/clarity.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://www.pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: CLID=bdcb6837efcf43a9add4b92d421dadd9.20250422.20260422
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/16714313352/?random=1745330602229&cv=11&fst=1745330400000&bg=ffffff&guid=ON&async=1&gtm=45be54i1v9213662826za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.pdf-fast.com%2F&hn=www.googleadservices.com&frm=0&tiba=PDFast%20-%20PDF&npa=0&pscdl=noapi&auid=1513428296.1745330602&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDZpuyzLGm95J_F0KI-WrZrJoqe1SEqFQVZkA&random=2501544916&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://www.pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /.well-known/protected-auction/v1/public-keys HTTP/1.1Host: publickeyservice.pa.aws.privacysandboxservices.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /.well-known/protected-auction/v1/public-keys HTTP/1.1Host: publickeyservice.pa.gcp.privacysandboxservices.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/16714313352/?random=1745330602229&cv=11&fst=1745330400000&bg=ffffff&guid=ON&async=1&gtm=45be54i1v9213662826za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.pdf-fast.com%2F&hn=www.googleadservices.com&frm=0&tiba=PDFast%20-%20PDF&npa=0&pscdl=noapi&auid=1513428296.1745330602&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDZpuyzLGm95J_F0KI-WrZrJoqe1SEqFQVZkA&random=2501544916&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c.gif HTTP/1.1Host: c.clarity.msConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://www.pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=BC5C30DCA5B649AB8EBC0F620DC947AC&MUID=302EF7B9E47A67C2011FE26FE50566A1 HTTP/1.1Host: c.clarity.msConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://www.pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: SM=T; MUID=1A4642242DCE6ED821F957F229CE6026
Source: global trafficHTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=BC5C30DCA5B649AB8EBC0F620DC947AC&MUID=302EF7B9E47A67C2011FE26FE50566A1 HTTP/1.1Host: c.clarity.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: SM=C; MUID=302EF7B9E47A67C2011FE26FE50566A1; MR=0; ANONCHK=0
Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120600v5s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /PDFast%20Installer.exe/first HTTP/1.1Host: www.pdf-fast.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://www.pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1513428296.1745330602; _clck=16wk2a8%7C2%7Cfva%7C0%7C1938; _clsk=lsafei%7C1745330605012%7C1%7C1%7Ce.clarity.ms%2Fcollect
Source: global trafficHTTP traffic detected: GET /media/file_arrow.mp3 HTTP/1.1Host: www.pdf-fast.comConnection: keep-alivesec-ch-ua-platform: "Windows"Accept-Encoding: identity;q=1, *;q=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://www.pdf-fast.com/Accept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1513428296.1745330602; _clck=16wk2a8%7C2%7Cfva%7C0%7C1938; _clsk=lsafei%7C1745330605012%7C1%7C1%7Ce.clarity.ms%2FcollectRange: bytes=98304-101804If-Range: Mon, 24 Mar 2025 16:06:41 GMT
Source: global trafficHTTP traffic detected: GET /downloads/PDFast.exe HTTP/1.1Host: pdf-fast.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1513428296.1745330602; _clck=16wk2a8%7C2%7Cfva%7C0%7C1938; _clsk=lsafei%7C1745330605012%7C1%7C1%7Ce.clarity.ms%2Fcollect
Source: global trafficHTTP traffic detected: GET //start HTTP/1.1User-Agent: pdf-ize/1.0.0/b2454c9aac570ae3ac06d646d67a5d9723ea5199Host: b.pdf-fast.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /thankyou.html HTTP/1.1Host: pdf-fast.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1513428296.1745330602; _clck=16wk2a8%7C2%7Cfva%7C0%7C1938; _clsk=lsafei%7C1745330605012%7C1%7C1%7Ce.clarity.ms%2Fcollect
Source: global trafficHTTP traffic detected: GET /css/home.css HTTP/1.1Host: pdf-fast.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pdf-fast.com/thankyou.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1513428296.1745330602; _clck=16wk2a8%7C2%7Cfva%7C0%7C1938; _clsk=lsafei%7C1745330605012%7C1%7C1%7Ce.clarity.ms%2Fcollect
Source: global trafficHTTP traffic detected: GET //finish HTTP/1.1User-Agent: pdf-ize/1.0.0/b2454c9aac570ae3ac06d646d67a5d9723ea5199Host: b.pdf-fast.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img/check-circle-grey.png HTTP/1.1Host: pdf-fast.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pdf-fast.com/css/home.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1513428296.1745330602; _clck=16wk2a8%7C2%7Cfva%7C0%7C1938; _clsk=lsafei%7C1745330605012%7C1%7C1%7Ce.clarity.ms%2Fcollect
Source: global trafficHTTP traffic detected: GET /img/pdffast-bg.jpg HTTP/1.1Host: pdf-fast.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pdf-fast.com/css/home.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1513428296.1745330602; _clck=16wk2a8%7C2%7Cfva%7C0%7C1938; _clsk=lsafei%7C1745330605012%7C1%7C1%7Ce.clarity.ms%2Fcollect
Source: global trafficHTTP traffic detected: GET /img/pdffast-logo.png HTTP/1.1Host: pdf-fast.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pdf-fast.com/css/home.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1513428296.1745330602; _clck=16wk2a8%7C2%7Cfva%7C0%7C1938; _clsk=lsafei%7C1745330605012%7C1%7C1%7Ce.clarity.ms%2Fcollect
Source: global trafficHTTP traffic detected: GET /tag/oye40w4bq1 HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: CLID=bdcb6837efcf43a9add4b92d421dadd9.20250422.20260422; MUID=302EF7B9E47A67C2011FE26FE50566A1
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/16714313352/?random=1745330711463&cv=11&fst=1745330400000&bg=ffffff&guid=ON&async=1&gtm=45be54i1v9213662826za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&u_w=1280&u_h=1024&url=https%3A%2F%2Fpdf-fast.com%2Fthankyou.html&hn=www.googleadservices.com&frm=0&tiba=PDFAST&npa=0&pscdl=noapi&auid=1513428296.1745330602&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDZpuyzUvs9KdnFl025sxpcdB1VQA3U5ZPT7tuQUr2OidqyT33GR8Tv&random=3097332063&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /img/check-circle-grey.png HTTP/1.1Host: pdf-fast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1513428296.1745330602; _clck=16wk2a8%7C2%7Cfva%7C0%7C1938; _clsk=lsafei%7C1745330605012%7C1%7C1%7Ce.clarity.ms%2Fcollect
Source: global trafficHTTP traffic detected: GET /img/pdffast-logo.png HTTP/1.1Host: pdf-fast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1513428296.1745330602; _clck=16wk2a8%7C2%7Cfva%7C0%7C1938; _clsk=lsafei%7C1745330605012%7C1%7C1%7Ce.clarity.ms%2Fcollect
Source: global trafficHTTP traffic detected: GET /img/pdffast-bg.jpg HTTP/1.1Host: pdf-fast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1513428296.1745330602; _clck=16wk2a8%7C2%7Cfva%7C0%7C1938; _clsk=lsafei%7C1745330605012%7C1%7C1%7Ce.clarity.ms%2Fcollect
Source: global trafficHTTP traffic detected: GET /pagead/1p-conversion/16714313352/?random=1620051592&cv=11&fst=1745330711490&bg=ffffff&guid=ON&async=1&gcl_ctr=5&gtm=45be54i1v9213662826za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&u_w=1280&u_h=1024&url=https%3A%2F%2Fpdf-fast.com%2Fthankyou.html&label=diSuCNvMyNgZEIjdgKI-&hn=www.googleadservices.com&frm=0&tiba=PDFAST&gtm_ee=1&npa=0&pscdl=noapi&auid=1513428296.1745330602&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CPLOsQIIscGxAgiwwbECCLHDsQIIisWxAgjCybECCJDJsQII08WxAgjrzLECCM_OsQII_s6xAgjWz7ECIgEBOAFAAUonZXZlbnQtc291cmNlLCB0cmlnZ2VyO25hdmlnYXRpb24tc291cmNlWgMKAQFiBAoCAgM&pscrd=CPGG9sCLquvkOSITCMOAjcnn64wDFZ2sOgUd-fgauDIMCANiCAgAEAAYACAAMgwIBGIICAAQABgAIAAyDAgHYggIABAAGAAgADIMCAhiCAgAEAAYACAAMgwICWIICAAQABgAIAAyDAgKYggIABAAGAAgADIMCAJiCAgAEAAYACAAMgwIC2IICAAQABgAIAAyDAgVYggIABAAGAAgADIMCB9iCAgAEAAYACAAMgwIE2IICAAQABgAIAAyDAgSYggIABAAGAAgADoVaHR0cHM6Ly9wZGYtZmFzdC5jb20vQlZDaEFJOFB5Y3dBWVFncmFDMnNYbjlQa3RFaXdBODFxak1sT1ZDazU4b3JWcWZhbG42c3VKLXRJMUI5S2g3MFpoUXZ1Z0VETHJ5T3hycEp0YnRWQWE5QQ&is_vtc=1&cid=CAQSKQDZpuyziwA82qCngArEEUOXG51JrsFcfRgcHeSDBGXriRSnsjtwHedF&random=3889675274 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-conversion/16714313352/?random=152757236&cv=11&fst=1745330711477&bg=ffffff&guid=ON&async=1&gcl_ctr=1&gtm=45be54i1v9213662826za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&u_w=1280&u_h=1024&url=https%3A%2F%2Fpdf-fast.com%2Fthankyou.html&label=diSuCNvMyNgZEIjdgKI-&hn=www.googleadservices.com&frm=0&tiba=PDFAST&gtm_ee=1&npa=0&pscdl=noapi&auid=1513428296.1745330602&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CPLOsQIIscGxAgiwwbECCLHDsQIIisWxAgjCybECCJDJsQII08WxAgjrzLECCM_OsQII_s6xAgj_zrECIgEBOAFAAUosbm90LW5hdmlnYXRpb24tc291cmNlLCB0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=CN2Ewu-D26bSBiITCLjijMnn64wDFZ1hCAQd-bgauDIMCANiCAgAEAAYACAAMgwIBGIICAAQABgAIAAyDAgHYggIABAAGAAgADIMCAhiCAgAEAAYACAAMgwICWIICAAQABgAIAAyDAgKYggIABAAGAAgADIMCAJiCAgAEAAYACAAMgwIC2IICAAQABgAIAAyDAgVYggIABAAGAAgADIMCB9iCAgAEAAYACAAMgwIE2IICAAQABgAIAAyDAgSYggIABAAGAAgADoVaHR0cHM6Ly9wZGYtZmFzdC5jb20vQlZDaEFJOFB5Y3dBWVFncmFDMnNYbjlQa3RFaXdBODFxak12RFlGcmZDTXpRQ1VwdVZsWWp2SXJSME94cWJoa3R4MkNKS0RlSGJyaUVwSmNxd3I1OVVkUQ&is_vtc=1&cid=CAQSKQDZpuyzQELyr4LyWQds9YEMhGTU1KEJbPla6V8M3eCf0SzGe60rdqqY&random=771274765 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/16714313352/?random=1745330711463&cv=11&fst=1745330400000&bg=ffffff&guid=ON&async=1&gtm=45be54i1v9213662826za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&u_w=1280&u_h=1024&url=https%3A%2F%2Fpdf-fast.com%2Fthankyou.html&hn=www.googleadservices.com&frm=0&tiba=PDFAST&npa=0&pscdl=noapi&auid=1513428296.1745330602&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDZpuyzUvs9KdnFl025sxpcdB1VQA3U5ZPT7tuQUr2OidqyT33GR8Tv&random=3097332063&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-conversion/16714313352/?random=618949073&cv=11&fst=1745330711488&bg=ffffff&guid=ON&async=1&gcl_ctr=4&gtm=45be54i1v9213662826za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&u_w=1280&u_h=1024&url=https%3A%2F%2Fpdf-fast.com%2Fthankyou.html&label=diSuCNvMyNgZEIjdgKI-&hn=www.googleadservices.com&frm=0&tiba=PDFAST&gtm_ee=1&npa=0&pscdl=noapi&auid=1513428296.1745330602&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CPLOsQIIscGxAgiwwbECCLHDsQIIisWxAgjCybECCJDJsQII08WxAgjrzLECCM_OsQII_s6xAgj_zrECCNXPsQIiAQE4AUABSid0cmlnZ2VyPW5hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=CJejqt3twLbrLSITCMn7jMnn64wDFXdiCAQdQtoT5jIMCANiCAgAEAAYACAAMgwIBGIICAAQABgAIAAyDAgHYggIABAAGAAgADIMCAhiCAgAEAAYACAAMgwICWIICAAQABgAIAAyDAgKYggIABAAGAAgADIMCAJiCAgAEAAYACAAMgwIC2IICAAQABgAIAAyDAgVYggIABAAGAAgADIMCB9iCAgAEAAYACAAMgwIE2IICAAQABgAIAAyDAgSYggIABAAGAAgADoVaHR0cHM6Ly9wZGYtZmFzdC5jb20vQlZDaEFJOFB5Y3dBWVFncmFDMnNYbjlQa3RFaXdBODFxak1qQTVfTEU3U1BSS2JCakxrSmY0b01qRTdfcUFlT0J4QWJDQ2RaQ3cwU09QMGExMFRadW1rZw&is_vtc=1&cid=CAQSKQDZpuyzUZ6JoueIzCLgnMm0fh0tp_GIpECh4zPzB3D-774Ys51PsPjT&random=1782327238 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-conversion/16714313352/?random=733987195&cv=11&fst=1745330711482&bg=ffffff&guid=ON&async=1&gcl_ctr=2&gtm=45be54i1v9213662826za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&u_w=1280&u_h=1024&url=https%3A%2F%2Fpdf-fast.com%2Fthankyou.html&label=diSuCNvMyNgZEIjdgKI-&hn=www.googleadservices.com&frm=0&tiba=PDFAST&gtm_ee=1&npa=0&pscdl=noapi&auid=1513428296.1745330602&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CPLOsQIIorixAgixwbECCLDBsQIIscOxAgiKxbECCMLJsQIIkMmxAgjTxbECCOvMsQIIz86xAgj-zrECIgEBOAFAAUoVZXZlbnQtc291cmNlLCB0cmlnZ2VyWgMKAQFiBAoCAgM&pscrd=CIr4tLywl93m4QEiEwjF6IzJ5-uMAxUnYAgEHe4fMjkyDAgDYggIABAAGAAgADIMCARiCAgAEAAYACAAMgwIB2IICAAQABgAIAAyDAgIYggIABAAGAAgADIMCAliCAgAEAAYACAAMgwICmIICAAQABgAIAAyDAgCYggIABAAGAAgADIMCAtiCAgAEAAYACAAMgwIFWIICAAQABgAIAAyDAgfYggIABAAGAAgADIMCBNiCAgAEAAYACAAMgwIEmIICAAQABgAIAA6FWh0dHBzOi8vcGRmLWZhc3QuY29tL0JWQ2hBSThQeWN3QVlRZ3JhQzJzWG45UGt0RWl3QTgxcWpNdFBjSGZXVXYyNW9HSWR1aHBpcW80LVpNeUprNGxNRWRHaVpNaGpMU3Y2X3lwRjZRaHNUV2c&is_vtc=1&cid=CAQSKQDZpuyz9LV_ScUFm3VQMGgS_hTNGyq6Us4itAmTlV-skNTmf6YyubM0&random=3439054076 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-conversion/16714313352/?random=1988831847&cv=11&fst=1745330711486&bg=ffffff&guid=ON&async=1&gcl_ctr=3&gtm=45be54i1v9213662826za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&u_w=1280&u_h=1024&url=https%3A%2F%2Fpdf-fast.com%2Fthankyou.html&label=diSuCNvMyNgZEIjdgKI-&hn=www.googleadservices.com&frm=0&tiba=PDFAST&gtm_ee=1&npa=0&pscdl=noapi&auid=1513428296.1745330602&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CPLOsQIIscGxAgiwwbECCLHDsQIIisWxAgjCybECCJDJsQII08WxAgjrzLECCM_OsQII_s6xAgj_zrECCNXPsQIiAQE4AUABSidldmVudC1zb3VyY2U7bmF2aWdhdGlvbi1zb3VyY2UsIHRyaWdnZXJaAwoBAWIECgICAw&pscrd=CP3_x7PY17CEdiITCMjvjMnn64wDFf9lCAQdjnogITIMCANiCAgAEAAYACAAMgwIBGIICAAQABgAIAAyDAgHYggIABAAGAAgADIMCAhiCAgAEAAYACAAMgwICWIICAAQABgAIAAyDAgKYggIABAAGAAgADIMCAJiCAgAEAAYACAAMgwIC2IICAAQABgAIAAyDAgVYggIABAAGAAgADIMCB9iCAgAEAAYACAAMgwIE2IICAAQABgAIAAyDAgSYggIABAAGAAgADoVaHR0cHM6Ly9wZGYtZmFzdC5jb20vQlZDaEFJOFB5Y3dBWVFncmFDMnNYbjlQa3RFaXdBODFxak1rSTdGLTdjS2dJUEEwWC1tdzhCb2hnZXV1M3AyeXVaZW5RUUFWV1hRdjM5VUU0MkNJMk1CUQ&is_vtc=1&cid=CAQSKQDZpuyzjC8FA1MdA5kZ8cGKIzCg6u9vguoD8likCf-3Q98i9P80xG-y&random=2263668277 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-conversion/16714313352/?random=1620051592&cv=11&fst=1745330711490&bg=ffffff&guid=ON&async=1&gcl_ctr=5&gtm=45be54i1v9213662826za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&u_w=1280&u_h=1024&url=https%3A%2F%2Fpdf-fast.com%2Fthankyou.html&label=diSuCNvMyNgZEIjdgKI-&hn=www.googleadservices.com&frm=0&tiba=PDFAST&gtm_ee=1&npa=0&pscdl=noapi&auid=1513428296.1745330602&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CPLOsQIIscGxAgiwwbECCLHDsQIIisWxAgjCybECCJDJsQII08WxAgjrzLECCM_OsQII_s6xAgjWz7ECIgEBOAFAAUonZXZlbnQtc291cmNlLCB0cmlnZ2VyO25hdmlnYXRpb24tc291cmNlWgMKAQFiBAoCAgM&pscrd=CPGG9sCLquvkOSITCMOAjcnn64wDFZ2sOgUd-fgauDIMCANiCAgAEAAYACAAMgwIBGIICAAQABgAIAAyDAgHYggIABAAGAAgADIMCAhiCAgAEAAYACAAMgwICWIICAAQABgAIAAyDAgKYggIABAAGAAgADIMCAJiCAgAEAAYACAAMgwIC2IICAAQABgAIAAyDAgVYggIABAAGAAgADIMCB9iCAgAEAAYACAAMgwIE2IICAAQABgAIAAyDAgSYggIABAAGAAgADoVaHR0cHM6Ly9wZGYtZmFzdC5jb20vQlZDaEFJOFB5Y3dBWVFncmFDMnNYbjlQa3RFaXdBODFxak1sT1ZDazU4b3JWcWZhbG42c3VKLXRJMUI5S2g3MFpoUXZ1Z0VETHJ5T3hycEp0YnRWQWE5QQ&is_vtc=1&cid=CAQSKQDZpuyziwA82qCngArEEUOXG51JrsFcfRgcHeSDBGXriRSnsjtwHedF&random=3889675274 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-conversion/16714313352/?random=152757236&cv=11&fst=1745330711477&bg=ffffff&guid=ON&async=1&gcl_ctr=1&gtm=45be54i1v9213662826za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&u_w=1280&u_h=1024&url=https%3A%2F%2Fpdf-fast.com%2Fthankyou.html&label=diSuCNvMyNgZEIjdgKI-&hn=www.googleadservices.com&frm=0&tiba=PDFAST&gtm_ee=1&npa=0&pscdl=noapi&auid=1513428296.1745330602&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CPLOsQIIscGxAgiwwbECCLHDsQIIisWxAgjCybECCJDJsQII08WxAgjrzLECCM_OsQII_s6xAgj_zrECIgEBOAFAAUosbm90LW5hdmlnYXRpb24tc291cmNlLCB0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=CN2Ewu-D26bSBiITCLjijMnn64wDFZ1hCAQd-bgauDIMCANiCAgAEAAYACAAMgwIBGIICAAQABgAIAAyDAgHYggIABAAGAAgADIMCAhiCAgAEAAYACAAMgwICWIICAAQABgAIAAyDAgKYggIABAAGAAgADIMCAJiCAgAEAAYACAAMgwIC2IICAAQABgAIAAyDAgVYggIABAAGAAgADIMCB9iCAgAEAAYACAAMgwIE2IICAAQABgAIAAyDAgSYggIABAAGAAgADoVaHR0cHM6Ly9wZGYtZmFzdC5jb20vQlZDaEFJOFB5Y3dBWVFncmFDMnNYbjlQa3RFaXdBODFxak12RFlGcmZDTXpRQ1VwdVZsWWp2SXJSME94cWJoa3R4MkNKS0RlSGJyaUVwSmNxd3I1OVVkUQ&is_vtc=1&cid=CAQSKQDZpuyzQELyr4LyWQds9YEMhGTU1KEJbPla6V8M3eCf0SzGe60rdqqY&random=771274765 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-conversion/16714313352/?random=618949073&cv=11&fst=1745330711488&bg=ffffff&guid=ON&async=1&gcl_ctr=4&gtm=45be54i1v9213662826za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&u_w=1280&u_h=1024&url=https%3A%2F%2Fpdf-fast.com%2Fthankyou.html&label=diSuCNvMyNgZEIjdgKI-&hn=www.googleadservices.com&frm=0&tiba=PDFAST&gtm_ee=1&npa=0&pscdl=noapi&auid=1513428296.1745330602&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CPLOsQIIscGxAgiwwbECCLHDsQIIisWxAgjCybECCJDJsQII08WxAgjrzLECCM_OsQII_s6xAgj_zrECCNXPsQIiAQE4AUABSid0cmlnZ2VyPW5hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=CJejqt3twLbrLSITCMn7jMnn64wDFXdiCAQdQtoT5jIMCANiCAgAEAAYACAAMgwIBGIICAAQABgAIAAyDAgHYggIABAAGAAgADIMCAhiCAgAEAAYACAAMgwICWIICAAQABgAIAAyDAgKYggIABAAGAAgADIMCAJiCAgAEAAYACAAMgwIC2IICAAQABgAIAAyDAgVYggIABAAGAAgADIMCB9iCAgAEAAYACAAMgwIE2IICAAQABgAIAAyDAgSYggIABAAGAAgADoVaHR0cHM6Ly9wZGYtZmFzdC5jb20vQlZDaEFJOFB5Y3dBWVFncmFDMnNYbjlQa3RFaXdBODFxak1qQTVfTEU3U1BSS2JCakxrSmY0b01qRTdfcUFlT0J4QWJDQ2RaQ3cwU09QMGExMFRadW1rZw&is_vtc=1&cid=CAQSKQDZpuyzUZ6JoueIzCLgnMm0fh0tp_GIpECh4zPzB3D-774Ys51PsPjT&random=1782327238 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-conversion/16714313352/?random=733987195&cv=11&fst=1745330711482&bg=ffffff&guid=ON&async=1&gcl_ctr=2&gtm=45be54i1v9213662826za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&u_w=1280&u_h=1024&url=https%3A%2F%2Fpdf-fast.com%2Fthankyou.html&label=diSuCNvMyNgZEIjdgKI-&hn=www.googleadservices.com&frm=0&tiba=PDFAST&gtm_ee=1&npa=0&pscdl=noapi&auid=1513428296.1745330602&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CPLOsQIIorixAgixwbECCLDBsQIIscOxAgiKxbECCMLJsQIIkMmxAgjTxbECCOvMsQIIz86xAgj-zrECIgEBOAFAAUoVZXZlbnQtc291cmNlLCB0cmlnZ2VyWgMKAQFiBAoCAgM&pscrd=CIr4tLywl93m4QEiEwjF6IzJ5-uMAxUnYAgEHe4fMjkyDAgDYggIABAAGAAgADIMCARiCAgAEAAYACAAMgwIB2IICAAQABgAIAAyDAgIYggIABAAGAAgADIMCAliCAgAEAAYACAAMgwICmIICAAQABgAIAAyDAgCYggIABAAGAAgADIMCAtiCAgAEAAYACAAMgwIFWIICAAQABgAIAAyDAgfYggIABAAGAAgADIMCBNiCAgAEAAYACAAMgwIEmIICAAQABgAIAA6FWh0dHBzOi8vcGRmLWZhc3QuY29tL0JWQ2hBSThQeWN3QVlRZ3JhQzJzWG45UGt0RWl3QTgxcWpNdFBjSGZXVXYyNW9HSWR1aHBpcW80LVpNeUprNGxNRWRHaVpNaGpMU3Y2X3lwRjZRaHNUV2c&is_vtc=1&cid=CAQSKQDZpuyz9LV_ScUFm3VQMGgS_hTNGyq6Us4itAmTlV-skNTmf6YyubM0&random=3439054076 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-conversion/16714313352/?random=1988831847&cv=11&fst=1745330711486&bg=ffffff&guid=ON&async=1&gcl_ctr=3&gtm=45be54i1v9213662826za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&u_w=1280&u_h=1024&url=https%3A%2F%2Fpdf-fast.com%2Fthankyou.html&label=diSuCNvMyNgZEIjdgKI-&hn=www.googleadservices.com&frm=0&tiba=PDFAST&gtm_ee=1&npa=0&pscdl=noapi&auid=1513428296.1745330602&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CPLOsQIIscGxAgiwwbECCLHDsQIIisWxAgjCybECCJDJsQII08WxAgjrzLECCM_OsQII_s6xAgj_zrECCNXPsQIiAQE4AUABSidldmVudC1zb3VyY2U7bmF2aWdhdGlvbi1zb3VyY2UsIHRyaWdnZXJaAwoBAWIECgICAw&pscrd=CP3_x7PY17CEdiITCMjvjMnn64wDFf9lCAQdjnogITIMCANiCAgAEAAYACAAMgwIBGIICAAQABgAIAAyDAgHYggIABAAGAAgADIMCAhiCAgAEAAYACAAMgwICWIICAAQABgAIAAyDAgKYggIABAAGAAgADIMCAJiCAgAEAAYACAAMgwIC2IICAAQABgAIAAyDAgVYggIABAAGAAgADIMCB9iCAgAEAAYACAAMgwIE2IICAAQABgAIAAyDAgSYggIABAAGAAgADoVaHR0cHM6Ly9wZGYtZmFzdC5jb20vQlZDaEFJOFB5Y3dBWVFncmFDMnNYbjlQa3RFaXdBODFxak1rSTdGLTdjS2dJUEEwWC1tdzhCb2hnZXV1M3AyeXVaZW5RUUFWV1hRdjM5VUU0MkNJMk1CUQ&is_vtc=1&cid=CAQSKQDZpuyzjC8FA1MdA5kZ8cGKIzCg6u9vguoD8likCf-3Q98i9P80xG-y&random=2263668277 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-conversion/16714313352/?random=127817994&cv=11&fst=1745330711625&bg=ffffff&guid=ON&async=1&gcl_ctr=6&gtm=45be54i1v9213662826z89209188353za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&u_w=1280&u_h=1024&url=https%3A%2F%2Fpdf-fast.com%2Fthankyou.html&label=zz-kCIWR_q4aEIjdgKI-&hn=www.googleadservices.com&frm=0&tiba=PDFAST&value=0&npa=0&pscdl=noapi&auid=1513428296.1745330602&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&fledge=1&capi=1&_tu=Cg&em=tv.1&fmt=3&ct_cookie_present=false&crd=CPLOsQIIorixAgixwbECCLDBsQIIscOxAgiKxbECCMLJsQIIkMmxAgjTxbECCOvMsQIIz86xAgj-zrECCP_OsQIiAQE4AUABSixldmVudC1zb3VyY2UsIHRyaWdnZXIsIG5vdC1uYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=CI70sZmg5MKMPiITCKWqwMnn64wDFQy6OgUdhq8E1DIMCANiCAgAEAAYACAAMgwIBGIICAAQABgAIAAyDAgHYggIABAAGAAgADIMCAhiCAgAEAAYACAAMgwICWIICAAQABgAIAAyDAgKYggIABAAGAAgADIMCAJiCAgAEAAYACAAMgwIC2IICAAQABgAIAAyDAgVYggIABAAGAAgADIMCB9iCAgAEAAYACAAMgwIE2IICAAQABgAIAAyDAgSYggIABAAGAAgADoVaHR0cHM6Ly9wZGYtZmFzdC5jb20vQlZDaEFJOFB5Y3dBWVFncmFDMnNYbjlQa3RFaXdBODFxak1oanp2V1VvQ2Zaakgwa21FQWVXa0IxVG0teklMTzI1b0k3R3pWMjNNcXZRazRQRVpZSG9jQQ&is_vtc=1&cid=CAQSKQDZpuyznA5wbtseeSi7LHFlJoqFjYImAWho_UsieVhXrwtYxX33OJNA&eitems=ChAI8PycwAYQkoWv0KOF181NEh0AZroACCCExvRXrL83yAO6IHcGYTWIcfcVHChNrQ&random=2042444412 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pdf-fast.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pdf-fast.com/thankyou.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1513428296.1745330602; _clck=16wk2a8%7C2%7Cfva%7C0%7C1938; _clsk=lsafei%7C1745330714106%7C2%7C1%7Ce.clarity.ms%2Fcollect
Source: global trafficHTTP traffic detected: GET /pagead/1p-conversion/16714313352/?random=127817994&cv=11&fst=1745330711625&bg=ffffff&guid=ON&async=1&gcl_ctr=6&gtm=45be54i1v9213662826z89209188353za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&u_w=1280&u_h=1024&url=https%3A%2F%2Fpdf-fast.com%2Fthankyou.html&label=zz-kCIWR_q4aEIjdgKI-&hn=www.googleadservices.com&frm=0&tiba=PDFAST&value=0&npa=0&pscdl=noapi&auid=1513428296.1745330602&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&fledge=1&capi=1&_tu=Cg&em=tv.1&fmt=3&ct_cookie_present=false&crd=CPLOsQIIorixAgixwbECCLDBsQIIscOxAgiKxbECCMLJsQIIkMmxAgjTxbECCOvMsQIIz86xAgj-zrECCP_OsQIiAQE4AUABSixldmVudC1zb3VyY2UsIHRyaWdnZXIsIG5vdC1uYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=CI70sZmg5MKMPiITCKWqwMnn64wDFQy6OgUdhq8E1DIMCANiCAgAEAAYACAAMgwIBGIICAAQABgAIAAyDAgHYggIABAAGAAgADIMCAhiCAgAEAAYACAAMgwICWIICAAQABgAIAAyDAgKYggIABAAGAAgADIMCAJiCAgAEAAYACAAMgwIC2IICAAQABgAIAAyDAgVYggIABAAGAAgADIMCB9iCAgAEAAYACAAMgwIE2IICAAQABgAIAAyDAgSYggIABAAGAAgADoVaHR0cHM6Ly9wZGYtZmFzdC5jb20vQlZDaEFJOFB5Y3dBWVFncmFDMnNYbjlQa3RFaXdBODFxak1oanp2V1VvQ2Zaakgwa21FQWVXa0IxVG0teklMTzI1b0k3R3pWMjNNcXZRazRQRVpZSG9jQQ&is_vtc=1&cid=CAQSKQDZpuyznA5wbtseeSi7LHFlJoqFjYImAWho_UsieVhXrwtYxX33OJNA&eitems=ChAI8PycwAYQkoWv0KOF181NEh0AZroACCCExvRXrL83yAO6IHcGYTWIcfcVHChNrQ&random=2042444412 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.pdf-fast.com
Source: global trafficDNS traffic detected: DNS query: www.clarity.ms
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: td.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: publickeyservice.pa.gcp.privacysandboxservices.com
Source: global trafficDNS traffic detected: DNS query: publickeyservice.pa.aws.privacysandboxservices.com
Source: global trafficDNS traffic detected: DNS query: e.clarity.ms
Source: global trafficDNS traffic detected: DNS query: c.clarity.ms
Source: global trafficDNS traffic detected: DNS query: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
Source: global trafficDNS traffic detected: DNS query: pdf-fast.com
Source: global trafficDNS traffic detected: DNS query: beacons2.gvt2.com
Source: global trafficDNS traffic detected: DNS query: b.pdf-fast.com
Source: global trafficDNS traffic detected: DNS query: beacons3.gvt2.com
Source: unknownHTTP traffic detected: POST /ccm/collect?tid=AW-16714313352&en=page_view&dl=https%3A%2F%2Fwww.pdf-fast.com%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=655749842.1745330602&dt=PDFast%20-%20PDF&auid=1513428296.1745330602&navt=n&npa=0&gtm=45be54i1v9213662826za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316&tft=1745330602237&tfd=2526&apve=1 HTTP/1.1Host: www.google.comConnection: keep-aliveContent-Length: 0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: https://www.pdf-fast.comX-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://www.pdf-fast.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Apr 2025 14:03:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingServer: BunnyCDN-PHX1-1155CDN-PullZone: 3012278CDN-Uid: 37f62a43-5eda-453a-ae48-3e4dd3eadbc7CDN-RequestCountryCode: USAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-MatchAccess-Control-Expose-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-MatchCache-Control: no-cacheCDN-StorageBalancer: LA-1053CDN-StorageServer: DE-382CDN-ProxyVer: 1.23CDN-RequestPullSuccess: TrueCDN-RequestPullCode: 404CDN-CachedAt: 04/22/2025 14:03:22CDN-EdgeStorageId: 1155CDN-RequestId: b9d53fcdd440b8c652b2e4acc7cfc115CDN-Cache: MISSCDN-Status: 404CDN-RequestTime: 3
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Apr 2025 14:03:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingServer: BunnyCDN-PHX1-1155CDN-PullZone: 3012278CDN-Uid: 37f62a43-5eda-453a-ae48-3e4dd3eadbc7CDN-RequestCountryCode: USAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-MatchAccess-Control-Expose-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-MatchCache-Control: no-cacheCDN-StorageBalancer: LA-1054CDN-StorageServer: DE-1022CDN-ProxyVer: 1.23CDN-RequestPullSuccess: TrueCDN-RequestPullCode: 404CDN-CachedAt: 04/22/2025 14:03:22CDN-EdgeStorageId: 1155CDN-RequestId: 582b018a3b00e91b72027a330ef81652CDN-Cache: MISSCDN-Status: 404CDN-RequestTime: 3
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Apr 2025 14:03:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingServer: BunnyCDN-PHX1-1155CDN-PullZone: 3012278CDN-Uid: 37f62a43-5eda-453a-ae48-3e4dd3eadbc7CDN-RequestCountryCode: USAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-MatchAccess-Control-Expose-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-MatchCache-Control: no-cacheCDN-StorageBalancer: LA-1051CDN-StorageServer: DE-1024CDN-ProxyVer: 1.23CDN-RequestPullSuccess: TrueCDN-RequestPullCode: 404CDN-CachedAt: 04/22/2025 14:03:23CDN-EdgeStorageId: 1155CDN-RequestId: a2e2165da0d130bc3c3248c46802832cCDN-Cache: MISSCDN-Status: 404CDN-RequestTime: 10
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Apr 2025 14:03:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingServer: BunnyCDN-PHX1-1155CDN-PullZone: 3012278CDN-Uid: 37f62a43-5eda-453a-ae48-3e4dd3eadbc7CDN-RequestCountryCode: USAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-MatchAccess-Control-Expose-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-MatchCache-Control: no-cacheCDN-StorageBalancer: LA-1052CDN-StorageServer: DE-637CDN-ProxyVer: 1.23CDN-RequestPullSuccess: TrueCDN-RequestPullCode: 404CDN-CachedAt: 04/22/2025 14:03:23CDN-EdgeStorageId: 1155CDN-RequestId: 262059695eb0030ae2ed4b4952d55928CDN-Cache: MISSCDN-Status: 404CDN-RequestTime: 0
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Apr 2025 14:05:16 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingServer: BunnyCDN-LA1-984CDN-PullZone: 3012278CDN-Uid: 37f62a43-5eda-453a-ae48-3e4dd3eadbc7CDN-RequestCountryCode: USCache-Control: no-cacheCDN-StorageBalancer: LA-1053CDN-StorageServer: DE-639CDN-ProxyVer: 1.23CDN-RequestPullSuccess: TrueCDN-RequestPullCode: 404CDN-CachedAt: 04/22/2025 14:05:16CDN-EdgeStorageId: 1109CDN-RequestId: 980a00e503bca2a35d48dadb7b8a107aCDN-Cache: MISSCDN-Status: 404CDN-RequestTime: 1
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
Source: unknownHTTPS traffic detected: 38.32.110.58:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 38.32.110.58:443 -> 192.168.2.17:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.71:443 -> 192.168.2.17:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 38.32.110.58:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 38.32.110.58:443 -> 192.168.2.17:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 38.32.110.58:443 -> 192.168.2.17:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.68.226:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.178.49.194:443 -> 192.168.2.17:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.96.60:443 -> 192.168.2.17:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.54.30.30:443 -> 192.168.2.17:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.178.49.164:443 -> 192.168.2.17:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.17:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.57.85.160:443 -> 192.168.2.17:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.125.62.241:443 -> 192.168.2.17:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.125.62.241:443 -> 192.168.2.17:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.71:443 -> 192.168.2.17:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.244.50.84:443 -> 192.168.2.17:50028 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.244.49.177:443 -> 192.168.2.17:50035 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.244.49.177:443 -> 192.168.2.17:50038 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.244.50.84:443 -> 192.168.2.17:50042 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.244.50.84:443 -> 192.168.2.17:50044 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.244.50.84:443 -> 192.168.2.17:50043 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.244.50.84:443 -> 192.168.2.17:50069 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.244.50.84:443 -> 192.168.2.17:50070 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.244.50.84:443 -> 192.168.2.17:50074 version: TLS 1.2
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3e7bd9.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7DDD.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7DFD.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7E3C.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7E6C.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7E8D.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7ECC.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7EFC.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI817E.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{EC0F9682-A741-4DAB-A3BA-44D06CA604DA}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI81BD.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI81ED.tmp
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\RequestSender.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\Microsoft.Win32.TaskScheduler.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\WixToolset.Dtf.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\Microsoft.Win32.TaskScheduler.resources.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\CustomAction.config
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4\RequestSender.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4\Microsoft.Win32.TaskScheduler.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4\WixToolset.Dtf.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4\Microsoft.Win32.TaskScheduler.resources.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4\CustomAction.config
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3e7bdc.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3e7bdc.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8895.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8BF1.tmp
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA866B05C1BA474468354B47784655ADAB
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA866B05C1BA474468354B47784655ADAB\RequestSender.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA866B05C1BA474468354B47784655ADAB\Microsoft.Win32.TaskScheduler.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA866B05C1BA474468354B47784655ADAB\WixToolset.Dtf.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA866B05C1BA474468354B47784655ADAB\Microsoft.Win32.TaskScheduler.resources.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA866B05C1BA474468354B47784655ADAB\CustomAction.config
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA6793A4A66D44AC79A433D001F298ACB8
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA6793A4A66D44AC79A433D001F298ACB8\RequestSender.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA6793A4A66D44AC79A433D001F298ACB8\Microsoft.Win32.TaskScheduler.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA6793A4A66D44AC79A433D001F298ACB8\WixToolset.Dtf.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA6793A4A66D44AC79A433D001F298ACB8\Microsoft.Win32.TaskScheduler.resources.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA6793A4A66D44AC79A433D001F298ACB8\CustomAction.config
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI7DFD.tmp
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI7E3C.tmp
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI7E6C.tmp
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI7E8D.tmp
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI7ECC.tmp
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI7EFC.tmp
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI817E.tmp
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI81ED.tmp
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\3e7bdc.msi
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI81BD.tmp
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI8895.tmp
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI8BF1.tmp
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\3e7bd9.msi
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\CustomAction.config
Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041
Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4\CustomAction.config
Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4\Microsoft.Win32.TaskScheduler.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4\Microsoft.Win32.TaskScheduler.resources.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4\RequestSender.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4
Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\Installer\SFXCA866B05C1BA474468354B47784655ADAB\CustomAction.config
Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\Installer\SFXCA866B05C1BA474468354B47784655ADAB\Microsoft.Win32.TaskScheduler.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\Installer\SFXCA866B05C1BA474468354B47784655ADAB\Microsoft.Win32.TaskScheduler.resources.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\Installer\SFXCA866B05C1BA474468354B47784655ADAB\RequestSender.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\Installer\SFXCA866B05C1BA474468354B47784655ADAB\WixToolset.Dtf.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\Installer\SFXCA866B05C1BA474468354B47784655ADAB
Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\Installer\SFXCA6793A4A66D44AC79A433D001F298ACB8\CustomAction.config
Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\Installer\SFXCA6793A4A66D44AC79A433D001F298ACB8
Source: classification engineClassification label: mal56.evad.win@49/16@76/206
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\418cfc77-9c7d-4dfd-a012-95eb1015fbdb.tmp
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: NULL
Source: C:\Users\user\Downloads\PDFast.exeFile created: C:\Users\user\AppData\Local\Temp\shi7997.tmp
Source: C:\Users\user\Downloads\PDFast.exeFile read: C:\Users\desktop.ini
Source: C:\Users\user\Downloads\PDFast.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI7DDD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4095562 2 RequestSender!RequestSender.CustomActions.Start
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1900,i,14890991142083231350,10258843025430194688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.pdf-fast.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1900,i,14890991142083231350,10258843025430194688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=1900,i,14890991142083231350,10258843025430194688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=3924 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=1900,i,14890991142083231350,10258843025430194688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=3924 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\PDFast.exe "C:\Users\user\Downloads\PDFast.exe"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 5E149591A00CB4130018CF892D3ED038 C
Source: C:\Users\user\Downloads\PDFast.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\PDFast\PDFast 1.0.0\install\CA604DA\PDFast.msi" AI_SETUPEXEPATH=C:\Users\user\Downloads\PDFast.exe SETUPEXEDIR=C:\Users\user\Downloads\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1745330493 " AI_EUIMSI=""
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B75D37BFEDC5A4A32827FDDE95C30B89
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI7DDD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4095562 2 RequestSender!RequestSender.CustomActions.Start
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI81ED.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4096515 60 RequestSender!RequestSender.CustomActions.CreateScheduledTask
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\PDFast.exe "C:\Users\user\Downloads\PDFast.exe"
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI8895.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4098218 64 RequestSender!RequestSender.CustomActions.OpenUrl
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://pdf-fast.com/thankyou.html
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI8BF1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4099062 68 RequestSender!RequestSender.CustomActions.Finish
Source: C:\Users\user\Downloads\PDFast.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\PDFast\PDFast 1.0.0\install\CA604DA\PDFast.msi" AI_SETUPEXEPATH=C:\Users\user\Downloads\PDFast.exe SETUPEXEDIR=C:\Users\user\Downloads\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1745330493 " AI_EUIMSI=""
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 5E149591A00CB4130018CF892D3ED038 C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B75D37BFEDC5A4A32827FDDE95C30B89
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI7DDD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4095562 2 RequestSender!RequestSender.CustomActions.Start
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI81ED.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4096515 60 RequestSender!RequestSender.CustomActions.CreateScheduledTask
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI8895.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4098218 64 RequestSender!RequestSender.CustomActions.OpenUrl
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI8BF1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4099062 68 RequestSender!RequestSender.CustomActions.Finish
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://pdf-fast.com/thankyou.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: msi.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: usp10.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: msls31.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: version.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: mpr.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: profapi.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: userenv.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: davhlpr.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: msimg32.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: dbghelp.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: wininet.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: urlmon.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: iertutil.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: srvcli.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: netutils.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: cabinet.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: propsys.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: rsaenh.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: apphelp.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: msasn1.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: lpk.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: msihnd.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: cryptsp.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: secur32.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: samcli.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: netapi32.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: wkscli.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: riched20.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: wldp.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: atlthunk.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: textshaping.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: sspicli.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: explorerframe.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: tsappcmp.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: msisip.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: gpapi.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: mscoree.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msisip.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mscoree.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: pcacli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dll
Source: C:\Users\user\Downloads\PDFast.exeSection loaded: taskschd.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: linkinfo.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntshrui.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cscapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dll
Source: C:\Users\user\Downloads\PDFast.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PDFast 1.0.0
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\RequestSender.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7EFC.tmpJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\418cfc77-9c7d-4dfd-a012-95eb1015fbdb.tmpJump to dropped file
Source: C:\Users\user\Downloads\PDFast.exeFile created: C:\Users\user\AppData\Local\Temp\shi7997.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7E6C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI81ED.tmpJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\Microsoft.Win32.TaskScheduler.dllJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\WixToolset.Dtf.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\RequestSender.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7EFC.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7E6C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI81ED.tmpJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\Microsoft.Win32.TaskScheduler.dllJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\WixToolset.Dtf.WindowsInstaller.dllJump to dropped file

Boot Survival

barindex
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\Microsoft.Win32.TaskScheduler.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4\Microsoft.Win32.TaskScheduler.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA866B05C1BA474468354B47784655ADAB\Microsoft.Win32.TaskScheduler.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\SFXCA6793A4A66D44AC79A433D001F298ACB8\Microsoft.Win32.TaskScheduler.dll
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDFast.lnk
Source: C:\Users\user\Downloads\PDFast.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\RequestSender.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI7EFC.tmpJump to dropped file
Source: C:\Users\user\Downloads\PDFast.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi7997.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI7E6C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI81ED.tmpJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\Microsoft.Win32.TaskScheduler.dllJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\WixToolset.Dtf.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe TID: 4776Thread sleep time: -30000s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 5800Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Downloads\PDFast.exeFile Volume queried: C:\Users\user\AppData\Roaming FullSizeInformation
Source: C:\Users\user\Downloads\PDFast.exeFile Volume queried: C:\Users\user\AppData\Roaming\PDFast\PDFast 1.0.0\install\CA604DA FullSizeInformation
Source: C:\Users\user\Downloads\PDFast.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Downloads\PDFast.exeFile Volume queried: C:\Users\user\AppData\Roaming\PDFast\PDFast 1.0.0\install\CA604DA FullSizeInformation
Source: C:\Users\user\Downloads\PDFast.exeFile Volume queried: C:\Users\user\AppData\Roaming\PDFast\PDFast 1.0.0\install\CA604DA FullSizeInformation
Source: C:\Users\user\Downloads\PDFast.exeFile Volume queried: C:\Users\user\AppData\Roaming\PDFast\PDFast 1.0.0\install\CA604DA FullSizeInformation
Source: C:\Users\user\Downloads\PDFast.exeFile Volume queried: C:\Users\user\AppData\Roaming\PDFast\PDFast 1.0.0\install\CA604DA FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Downloads\PDFast.exeFile opened: C:\Users\user\AppData\Roaming\PDFast\PDFast 1.0.0\
Source: C:\Users\user\Downloads\PDFast.exeFile opened: C:\Users\user\AppData\Roaming\PDFast\PDFast 1.0.0\install\CA604DA\
Source: C:\Users\user\Downloads\PDFast.exeFile opened: C:\Users\user\AppData\
Source: C:\Users\user\Downloads\PDFast.exeFile opened: C:\Users\user\
Source: C:\Users\user\Downloads\PDFast.exeFile opened: C:\Users\user\AppData\Roaming\PDFast\PDFast 1.0.0\install\
Source: C:\Users\user\Downloads\PDFast.exeFile opened: C:\Users\user\AppData\Roaming\
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformation
Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 143.244.49.177 443
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://pdf-fast.com/thankyou.html
Source: C:\Users\user\Downloads\PDFast.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "c:\windows\system32\msiexec.exe" /i "c:\users\user\appdata\roaming\pdfast\pdfast 1.0.0\install\ca604da\pdfast.msi" ai_setupexepath=c:\users\user\downloads\pdfast.exe setupexedir=c:\users\user\downloads\ exe_cmd_line="/exenoupdates /forcecleanup /wintime 1745330493 " ai_euimsi=""
Source: C:\Users\user\Downloads\PDFast.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "c:\windows\system32\msiexec.exe" /i "c:\users\user\appdata\roaming\pdfast\pdfast 1.0.0\install\ca604da\pdfast.msi" ai_setupexepath=c:\users\user\downloads\pdfast.exe setupexedir=c:\users\user\downloads\ exe_cmd_line="/exenoupdates /forcecleanup /wintime 1745330493 " ai_euimsi=""
Source: C:\Users\user\Downloads\PDFast.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\WixToolset.Dtf.WindowsInstaller.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\RequestSender.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4\WixToolset.Dtf.WindowsInstaller.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4\RequestSender.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4\Microsoft.Win32.TaskScheduler.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCA866B05C1BA474468354B47784655ADAB\WixToolset.Dtf.WindowsInstaller.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCA866B05C1BA474468354B47784655ADAB\RequestSender.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCA6793A4A66D44AC79A433D001F298ACB8\WixToolset.Dtf.WindowsInstaller.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCA6793A4A66D44AC79A433D001F298ACB8\RequestSender.dll VolumeInformation
Source: C:\Users\user\Downloads\PDFast.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		1
Command and Scripting Interpreter		1
Windows Service		1
Windows Service		21
Masquerading		OS Credential Dumping1
Virtualization/Sandbox Evasion		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts11
Scheduled Task/Job		1
Browser Extensions		111
Process Injection		1
Virtualization/Sandbox Evasion		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt11
Scheduled Task/Job		11
Scheduled Task/Job		1
Disable or Modify Tools		Security Account Manager11
Peripheral Device Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		111
Process Injection		NTDS2
File and Directory Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
DLL Side-Loading		1
DLL Side-Loading		1
Rundll32		LSA Secrets13
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
Extra Window Memory Injection		1
DLL Side-Loading		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
File Deletion		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Extra Window Memory Injection		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://www.pdf-fast.com0%Avira URL Cloudsafe

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\shi7997.tmp0%ReversingLabs
C:\Windows\Installer\MSI7E6C.tmp0%ReversingLabs
C:\Windows\Installer\MSI7EFC.tmp0%ReversingLabs
C:\Windows\Installer\MSI81ED.tmp0%ReversingLabs
C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\Microsoft.Win32.TaskScheduler.dll0%ReversingLabs
C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\RequestSender.dll0%ReversingLabs
C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\WixToolset.Dtf.WindowsInstaller.dll0%ReversingLabs
C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4\Microsoft.Win32.TaskScheduler.resources.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.pdf-fast.com/css/Inter-Regular.CKDp9E3C.woff2?v=3.190%Avira URL Cloudsafe
https://www.pdf-fast.com/css/site.css0%Avira URL Cloudsafe
https://www.pdf-fast.com/images/pdffast-logo.png0%Avira URL Cloudsafe
https://www.pdf-fast.com/css/Inter-SemiBold.Ctx7G98q.woff2?v=3.190%Avira URL Cloudsafe
https://www.pdf-fast.com/media/file_arrow.mp30%Avira URL Cloudsafe
https://www.pdf-fast.com/css/Inter-Regular.DJOZHnwz.woff?v=3.190%Avira URL Cloudsafe
https://www.pdf-fast.com/css/default.css0%Avira URL Cloudsafe
https://www.pdf-fast.com/images/623b1cf28e68360ae9ee63aa7a59f61df2d1bf7c-77x80.svg0%Avira URL Cloudsafe
https://www.pdf-fast.com/0%Avira URL Cloudsafe
https://www.pdf-fast.com/css/Inter-SemiBold.BHlX_6qk.woff?v=3.190%Avira URL Cloudsafe
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=BC5C30DCA5B649AB8EBC0F620DC947AC&MUID=302EF7B9E47A67C2011FE26FE50566A10%Avira URL Cloudsafe
https://pdf-fast.com/downloads/PDFast.exe0%Avira URL Cloudsafe
https://www.pdf-fast.com/PDFast%20Installer.exe/first0%Avira URL Cloudsafe
https://pdf-fast.com/css/home.css0%Avira URL Cloudsafe
https://pdf-fast.com/favicon.ico0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
beacons3.gvt2.com
192.178.49.163
truefalse
    		high
    vmss-clarity-ingest-eus2-b.eastus2.cloudapp.azure.com
    		20.57.85.160
    		truefalse
      		high
      beacons-handoff.gcp.gvt2.com
      		74.125.138.94
      		truefalse
        		high
        c-msn-pme.trafficmanager.net
        		20.125.62.241
        		truefalse
          		high
          pdf-fast-d.b-cdn.net
          		143.244.49.177
          		truetrue
            		unknown
            beacons2.gvt2.com
            		173.194.212.94
            		truefalse
              		high
              prod.globalsign.map.fastly.net
              		151.101.194.133
              		truefalse
                		unknown
                beacons.gvt2.com
                		142.250.113.94
                		truefalse
                  		high
                  ax-0001.ax-msedge.net
                  		150.171.27.10
                  		truefalse
                    		high
                    pki-goog.l.google.com
                    		142.250.68.227
                    		truefalse
                      		high
                      publickeyservice.pa-3.aws.privacysandboxservices.com
                      		18.238.96.60
                      		truefalse
                        		high
                        pdf-fast-website.b-cdn.net
                        		38.32.110.58
                        		truefalse
                          		high
                          bg.microsoft.map.fastly.net
                          		199.232.210.172
                          		truefalse
                            		high
                            googleads.g.doubleclick.net
                            		192.178.49.194
                            		truefalse
                              		high
                              publickeyservice-a.pa-3.gcp.privacysandboxservices.com
                              		34.54.30.30
                              		truefalse
                                		high
                                www.google.com
                                		142.250.69.4
                                		truefalse
                                  		high
                                  td.doubleclick.net
                                  		142.250.68.226
                                  		truefalse
                                    		high
                                    s-part-0043.t-0009.t-msedge.net
                                    		13.107.246.71
                                    		truefalse
                                      		high
                                      b.pdf-fast.com
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        www.clarity.ms
                                        		unknown
                                        		unknownfalse
                                          		high
                                          publickeyservice.pa.gcp.privacysandboxservices.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            beacons.gcp.gvt2.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              pdf-fast.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                publickeyservice.pa.aws.privacysandboxservices.com
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  www.pdf-fast.com
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    e.clarity.ms
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      c.clarity.ms
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        c.pki.goog
                                                        		unknown
                                                        		unknownfalse
                                                          		high

                                                          Contacted URLs

                                                          NameMaliciousAntivirus DetectionReputation
                                                          https://otelrules.svc.static.microsoft/rules/rule701151v1s19.xmlfalse
                                                            		high
                                                            https://otelrules.svc.static.microsoft/rules/rule704001v0s19.xmlfalse
                                                              		high
                                                              https://otelrules.svc.static.microsoft/rules/rule702151v1s19.xmlfalse
                                                                		high
                                                                https://otelrules.svc.static.microsoft/rules/rule700151v1s19.xmlfalse
                                                                  		high
                                                                  https://otelrules.svc.static.microsoft/rules/rule703151v1s19.xmlfalse
                                                                    		high
                                                                    https://otelrules.svc.static.microsoft/rules/rule120630v0s19.xmlfalse
                                                                      		high
                                                                      https://otelrules.svc.static.microsoft/rules/rule120645v0s19.xmlfalse
                                                                        		high
                                                                        https://otelrules.svc.static.microsoft/rules/rule700001v2s19.xmlfalse
                                                                          		high
                                                                          https://otelrules.svc.static.microsoft/rules/rule701751v1s19.xmlfalse
                                                                            		high
                                                                            https://otelrules.svc.static.microsoft/rules/rule120663v0s19.xmlfalse
                                                                              		high
                                                                              https://otelrules.svc.static.microsoft/rules/rule701301v1s19.xmlfalse
                                                                                		high
                                                                                https://otelrules.svc.static.microsoft/rules/rule702751v1s19.xmlfalse
                                                                                  		high
                                                                                  https://otelrules.svc.static.microsoft/rules/rule702301v1s19.xmlfalse
                                                                                    		high
                                                                                    https://pdf-fast.com/downloads/PDFast.exefalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://otelrules.svc.static.microsoft/rules/rule120609v0s19.xmlfalse
                                                                                      		high
                                                                                      https://otelrules.svc.static.microsoft/rules/rule120627v0s19.xmlfalse
                                                                                        		high
                                                                                        https://otelrules.svc.static.microsoft/rules/rule703601v0s19.xmlfalse
                                                                                          		high
                                                                                          https://otelrules.svc.static.microsoft/rules/rule700751v1s19.xmlfalse
                                                                                            		high
                                                                                            https://otelrules.svc.static.microsoft/rules/rule700301v1s19.xmlfalse
                                                                                              		high
                                                                                              https://otelrules.svc.static.microsoft/rules/rule701550v1s19.xmlfalse
                                                                                                		high
                                                                                                https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=BC5C30DCA5B649AB8EBC0F620DC947AC&MUID=302EF7B9E47A67C2011FE26FE50566A1false
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://otelrules.svc.static.microsoft/rules/rule700100v1s19.xmlfalse
                                                                                                  		high
                                                                                                  https://otelrules.svc.static.microsoft/rules/rule702550v1s19.xmlfalse
                                                                                                    		high
                                                                                                    https://otelrules.svc.static.microsoft/rules/rule700550v1s19.xmlfalse
                                                                                                      		high
                                                                                                      https://otelrules.svc.static.microsoft/rules/rule703400v0s19.xmlfalse
                                                                                                        		high
                                                                                                        https://otelrules.svc.static.microsoft/rules/rule700901v1s19.xmlfalse
                                                                                                          		high
                                                                                                          https://otelrules.svc.static.microsoft/rules/rule701100v1s19.xmlfalse
                                                                                                            		high
                                                                                                            https://otelrules.svc.static.microsoft/rules/rule700400v2s19.xmlfalse
                                                                                                              		high
                                                                                                              https://otelrules.svc.static.microsoft/rules/rule701901v1s19.xmlfalse
                                                                                                                		high
                                                                                                                https://otelrules.svc.static.microsoft/rules/rule120635v0s19.xmlfalse
                                                                                                                  		high
                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule703850v0s19.xmlfalse
                                                                                                                    		high
                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule702901v1s19.xmlfalse
                                                                                                                      		high
                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule120612v0s19.xmlfalse
                                                                                                                        		high
                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule703000v1s19.xmlfalse
                                                                                                                          		high
                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule120681v0s19.xmlfalse
                                                                                                                            		high
                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule120640v0s19.xmlfalse
                                                                                                                              		high
                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule703450v1s19.xmlfalse
                                                                                                                                		high
                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule700700v1s19.xmlfalse
                                                                                                                                  		high
                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule702000v1s19.xmlfalse
                                                                                                                                    		high
                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule702450v1s19.xmlfalse
                                                                                                                                      		high
                                                                                                                                      https://www.pdf-fast.com/true
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule120617v0s19.xmlfalse
                                                                                                                                        		high
                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule703750v0s19.xmlfalse
                                                                                                                                          		high
                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule703300v0s19.xmlfalse
                                                                                                                                            		high
                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule700450v1s19.xmlfalse
                                                                                                                                              		high
                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule701700v1s19.xmlfalse
                                                                                                                                                		high
                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule702700v1s19.xmlfalse
                                                                                                                                                  		high
                                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule700851v1s19.xmlfalse
                                                                                                                                                    		high
                                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule703701v0s19.xmlfalse
                                                                                                                                                      		high
                                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule701851v1s19.xmlfalse
                                                                                                                                                        		high
                                                                                                                                                        https://pdf-fast.com/favicon.icofalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://www.pdf-fast.com/images/623b1cf28e68360ae9ee63aa7a59f61df2d1bf7c-77x80.svgtrue
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule702851v1s19.xmlfalse
                                                                                                                                                          		high
                                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule120619v0s19.xmlfalse
                                                                                                                                                            		high
                                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule700600v1s19.xmlfalse
                                                                                                                                                              		high
                                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule120625v0s19.xmlfalse
                                                                                                                                                                		high
                                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule120622v0s19.xmlfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule120653v0s19.xmlfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule702600v1s19.xmlfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule120647v0s19.xmlfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule224900v0s19.xmlfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule703100v1s19.xmlfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule120668v0s19.xmlfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule702100v1s19.xmlfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://www.pdf-fast.com/images/pdffast-logo.pngtrue
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule120620v0s19.xmlfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule703351v0s19.xmlfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule120128v0s19.xmlfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://pdf-fast.com/css/home.cssfalse
                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule120650v0s19.xmlfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://www.clarity.ms/tag/oye40w4bq1false
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule703551v0s19.xmlfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule703051v3s19.xmlfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule120661v0s19.xmlfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule120655v0s19.xmlfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule120614v0s19.xmlfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://otelrules.svc.static.microsoft/rules/other-Win32-v19.bundlefalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule702350v1s19.xmlfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://www.pdf-fast.com/PDFast%20Installer.exe/firsttrue
                                                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule120639v0s19.xmlfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule701050v1s19.xmlfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule704200v0s19.xmlfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule702200v1s19.xmlfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule704050v0s19.xmlfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule700350v1s19.xmlfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule120648v0s19.xmlfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule120657v0s19.xmlfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule702500v1s19.xmlfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule120660v0s19.xmlfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule703500v0s19.xmlfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule703950v0s19.xmlfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule700200v1s19.xmlfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule700500v1s19.xmlfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule701650v1s19.xmlfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule224902v2s19.xmlfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule700950v1s19.xmlfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule120651v0s19.xmlfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule120402v21s19.xmlfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule120642v0s19.xmlfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule702950v1s19.xmlfalse
                                                                                                                                                                                                                                                  		high

                                                                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                  34.54.30.30
                                                                                                                                                                                                                                                  		publickeyservice-a.pa-3.gcp.privacysandboxservices.comUnited States
                                                                                                                                                                                                                                                  		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                  142.250.68.232
                                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                  142.250.69.4
                                                                                                                                                                                                                                                  		www.google.comUnited States
                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                  18.238.96.60
                                                                                                                                                                                                                                                  		publickeyservice.pa-3.aws.privacysandboxservices.comUnited States
                                                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                  192.178.49.194
                                                                                                                                                                                                                                                  		googleads.g.doubleclick.netUnited States
                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                  1.1.1.1
                                                                                                                                                                                                                                                  		unknownAustralia
                                                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                  192.178.49.164
                                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                  20.125.62.241
                                                                                                                                                                                                                                                  		c-msn-pme.trafficmanager.netUnited States
                                                                                                                                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                  192.178.49.195
                                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                  169.150.249.162
                                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                                  		2711SPIRITTEL-ASUSfalse
                                                                                                                                                                                                                                                  142.251.2.84
                                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                  13.107.246.71
                                                                                                                                                                                                                                                  		s-part-0043.t-0009.t-msedge.netUnited States
                                                                                                                                                                                                                                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                  142.250.68.227
                                                                                                                                                                                                                                                  		pki-goog.l.google.comUnited States
                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                  142.250.68.238
                                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                  142.250.68.226
                                                                                                                                                                                                                                                  		td.doubleclick.netUnited States
                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                  142.250.69.2
                                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                  150.171.27.10
                                                                                                                                                                                                                                                  		ax-0001.ax-msedge.netUnited States
                                                                                                                                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                  20.57.85.160
                                                                                                                                                                                                                                                  		vmss-clarity-ingest-eus2-b.eastus2.cloudapp.azure.comUnited States
                                                                                                                                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                  38.32.110.58
                                                                                                                                                                                                                                                  		pdf-fast-website.b-cdn.netUnited States
                                                                                                                                                                                                                                                  		174COGENT-174USfalse
                                                                                                                                                                                                                                                  23.220.73.6
                                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                                  		13489EPMTelecomunicacionesSAESPCOfalse
                                                                                                                                                                                                                                                  143.244.49.177
                                                                                                                                                                                                                                                  		pdf-fast-d.b-cdn.netUnited States
                                                                                                                                                                                                                                                  		174COGENT-174UStrue
                                                                                                                                                                                                                                                  151.101.194.133
                                                                                                                                                                                                                                                  		prod.globalsign.map.fastly.netUnited States
                                                                                                                                                                                                                                                  		54113FASTLYUSfalse
                                                                                                                                                                                                                                                  143.244.50.84
                                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                                  		174COGENT-174USfalse

                                                                                                                                                                                                                                                  Private

                                                                                                                                                                                                                                                  IP
                                                                                                                                                                                                                                                  192.168.2.17

                                                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                                                  Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                                                  Analysis ID:1671090
                                                                                                                                                                                                                                                  Start date and time:2025-04-22 16:02:48 +02:00
                                                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                  Overall analysis duration:
                                                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                                                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                                                                                  Sample URL:http://www.pdf-fast.com
                                                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                  Number of analysed new started processes analysed:28
                                                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                                                  Analysis Mode:stream
                                                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                                                  Classification:mal56.evad.win@49/16@76/206
                                                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): svchost.exe
                                                                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 142.250.68.238, 142.250.68.227, 142.251.2.84, 142.250.69.14, 142.250.68.232
                                                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, www.googletagmanager.com, clientservices.googleapis.com, clients.l.google.com
                                                                                                                                                                                                                                                  • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                  • VT rate limit hit for: http://www.pdf-fast.com

                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:Certificate, Version=3
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1398
                                                                                                                                                                                                                                                  Entropy (8bit):7.676048742462893
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:E94FB54871208C00DF70F708AC47085B
                                                                                                                                                                                                                                                  SHA1:4EFC31460C619ECAE59C1BCE2C008036D94C84B8
                                                                                                                                                                                                                                                  SHA-256:7B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF86
                                                                                                                                                                                                                                                  SHA-512:2E15B76E16264ABB9F5EF417752A1CBB75F29C11F96AC7D73793172BD0864DB65F2D2B7BE0F16BBBE686068F0C368815525F1E39DB5A0D6CA3AB18BE6923B898
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:0..r0..Z.......vS..uFH....JH:N.0...*.H........0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R450...200318000000Z..450318000000Z0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R450.."0...*.H.............0.........-.0.z.=.r.:K..a....g.7..~.....C..E..cW]....%..h.K..K.J...j..a'..D...?".O.....(..].Y.......,.3$.P:A..{.M.X8.........,..C...t...{.3..Yk....Z.{..U......L...u.o.a.tD....t..h.l&>.......0....|U..p\$x %.gg...N4.kp..8...........;.gC....t./.....7=gl.E\.a.A.....w.FGs.....+....X.W..Z..%....r=....;D.&.........E.......Bng~B.qb...`.d....!N+.mh...tsg1z...yn|..~FoM..+."D...7..aW...$..1s..5WG~.:E.-.Q.....7.e...k.w....?.0.o1..@........PvtY..m.2...~...u..J.,....+B..j6..L.............:.c...$d.......B0@0...U...........0...U.......0....0...U.........F...x9...C.VP..;0...*.H.............^+.t.4D_vH(@....n..%.{...=..v...0 ..`.....x.+.2..$.RR......9n....CA}..[.]...&..tr&....=;jR.<../.{.3.E.....

                                                                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):330
                                                                                                                                                                                                                                                  Entropy (8bit):3.580669861458326
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:6D1227E8469C1EB641032573066D9D1F
                                                                                                                                                                                                                                                  SHA1:D9146E88128C33038CEDEA39FD1A830E615963D7
                                                                                                                                                                                                                                                  SHA-256:D97B235D8562B7A9A304D133D2125D21C3057E04F78A36010488031333DB7701
                                                                                                                                                                                                                                                  SHA-512:CB658E2773C8441E4E9122A40BE7610ABD511BBFBA86F6C6BF2D97535F0B6654972AD95627633F783B558234EB68E07A6A3C2B49783F28CA4F962CB58AA91B9B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:p...... ..........].....(...............................................t...U_.. ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

                                                                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C5C8CC0A7FE31816B4641D0465402560

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):264
                                                                                                                                                                                                                                                  Entropy (8bit):3.1580880771941966
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:891B30F2E718A32B09DAE851ACFE45D7
                                                                                                                                                                                                                                                  SHA1:B51F37E5E8E900EFEDF7E23FB71A1F1D8334E76F
                                                                                                                                                                                                                                                  SHA-256:E5C0DD298A10CC6AAB950E8A365C195F45C9C57DC459EFC1C1381D5C428D4488
                                                                                                                                                                                                                                                  SHA-512:47728E6B183251E7A1FFCBEF3A4AC864B74FB25A2792997426C59738FD9300203B2E0B348234719EBE5CD8BC204A0AAD3DA2C054989E46A6AC30656A9D85B349
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:p...... ....v....T......(....................................................... ...............................v...h.t.t.p.:././.s.e.c.u.r.e...g.l.o.b.a.l.s.i.g.n...c.o.m./.c.a.c.e.r.t./.c.o.d.e.s.i.g.n.i.n.g.r.o.o.t.r.4.5...c.r.t...".6.2.f.a.3.3.e.5.-.5.7.6."...

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\shi7997.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Downloads\PDFast.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5038592
                                                                                                                                                                                                                                                  Entropy (8bit):6.043058205786219
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:11F7419009AF2874C4B0E4505D185D79
                                                                                                                                                                                                                                                  SHA1:451D8D0470CEDB268619BA1E7AE78ADAE0EBA692
                                                                                                                                                                                                                                                  SHA-256:AC24CCE72F82C3EBBE9E7E9B80004163B9EED54D30467ECE6157EE4061BEAC95
                                                                                                                                                                                                                                                  SHA-512:1EABBBFDF579A93BBB055B973AA3321FC8DC8DA1A36FDE2BA9A4D58E5751DC106A4A1BBC4AD1F425C082702D6FBB821AA1078BC5ADC6B2AD1B5CE12A68058805
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.D!...!...!...(.V.C...5..."...5...&...5...)...!......5...:...5... ...5...R...5.:. ...5... ...Rich!...................PE..d...p............." .........D...............................................`M.....'.M...`A........................................@.H.L&....I......@K.H.....I..............@M.....`J:.p.......................(....%..............@.......$.H......................text...4B.......D.................. ..`.wpp_sf.....`.......H.............. ..`.rdata...L*......N*.................@..@.data...hD...PI......*I.............@....pdata........I......2I.............@..@.didat.......0K.......J.............@....rsrc...H....@K.......J.............@..@.reloc.......@M.. ....L.............@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\PDFast\PDFast 1.0.0\install\holder0.aiph

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Downloads\PDFast.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3267562
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:9D14DB0A481FC2E4FDE4706B5E475410
                                                                                                                                                                                                                                                  SHA1:7C0F0B1A72A440CE5790F45CB8741C481AE6CC20
                                                                                                                                                                                                                                                  SHA-256:2F35C842455706BCA40332DC7D5F7FE6BB58A00041CFB861164A2DD1695221C6
                                                                                                                                                                                                                                                  SHA-512:F080666E8FF34213299E06103D720AD073502D1E8B5520DF323795CF717A0E012F6E5DA1BEFF8F1432EA12A3D7E3370C29DA6FE2166110FB562B6852E2022628
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\Downloads\418cfc77-9c7d-4dfd-a012-95eb1015fbdb.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4344
                                                                                                                                                                                                                                                  Entropy (8bit):5.4655973283240495
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:454B63850EB3BC76CED8897E380EE9CB
                                                                                                                                                                                                                                                  SHA1:0341DF403A76040DE3ED635E664135DBDDEB0AC9
                                                                                                                                                                                                                                                  SHA-256:C4C01685D662839B6E68F9F892F627ECECEB32B374A32C9005B4B0CAE7C9C233
                                                                                                                                                                                                                                                  SHA-512:6E4AF1B056B1CE9FB83059BC8E7CD548498A43FD7996664253AE7D888CA68234212B5C8F2AFED0BB454FC8CC8058BA45CAC14F2A41CB33F21EA8D3FB0EBBFD1F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........."2..La..La..La".O`..La".I`J.La".J`..LaU.H`..LaU.O`..LaU.I`..La".H`..La".M`..La".K`..La..Ma..La.E`..La.a..La...a..La.N`..LaRich..La........PE..L....9.d.........."....$..&.........b.........&...@..........................06.......m...@.................................T./.(.....0..............{l. +....3.......).p...................@.).....`.&.@.............&......w/......................text.....&.......&................. ..`.rdata..Z.....&.......&.............@..@.data...@...../..<..../.............@....rsrc.........0......./.............@..@.reloc........3.......2.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\Downloads\PDFast.exe (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):0
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:454B63850EB3BC76CED8897E380EE9CB
                                                                                                                                                                                                                                                  SHA1:0341DF403A76040DE3ED635E664135DBDDEB0AC9
                                                                                                                                                                                                                                                  SHA-256:C4C01685D662839B6E68F9F892F627ECECEB32B374A32C9005B4B0CAE7C9C233
                                                                                                                                                                                                                                                  SHA-512:6E4AF1B056B1CE9FB83059BC8E7CD548498A43FD7996664253AE7D888CA68234212B5C8F2AFED0BB454FC8CC8058BA45CAC14F2A41CB33F21EA8D3FB0EBBFD1F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........."2..La..La..La".O`..La".I`J.La".J`..LaU.H`..LaU.O`..LaU.I`..La".H`..La".M`..La".K`..La..Ma..La.E`..La.a..La...a..La.N`..LaRich..La........PE..L....9.d.........."....$..&.........b.........&...@..........................06.......m...@.................................T./.(.....0..............{l. +....3.......).p...................@.).....`.&.@.............&......w/......................text.....&.......&................. ..`.rdata..Z.....&.......&.............@..@.data...@...../..<..../.............@....rsrc.........0......./.............@..@.reloc........3.......2.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\Downloads\Unconfirmed 540853.crdownload (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):0
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:454B63850EB3BC76CED8897E380EE9CB
                                                                                                                                                                                                                                                  SHA1:0341DF403A76040DE3ED635E664135DBDDEB0AC9
                                                                                                                                                                                                                                                  SHA-256:C4C01685D662839B6E68F9F892F627ECECEB32B374A32C9005B4B0CAE7C9C233
                                                                                                                                                                                                                                                  SHA-512:6E4AF1B056B1CE9FB83059BC8E7CD548498A43FD7996664253AE7D888CA68234212B5C8F2AFED0BB454FC8CC8058BA45CAC14F2A41CB33F21EA8D3FB0EBBFD1F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........."2..La..La..La".O`..La".I`J.La".J`..LaU.H`..LaU.O`..LaU.I`..La".H`..La".M`..La".K`..La..Ma..La.E`..La.a..La...a..La.N`..LaRich..La........PE..L....9.d.........."....$..&.........b.........&...@..........................06.......m...@.................................T./.(.....0..............{l. +....3.......).p...................@.).....`.&.@.............&......w/......................text.....&.......&................. ..`.rdata..Z.....&.......&.............@..@.data...@...../..<..../.............@....rsrc.........0......./.............@..@.reloc........3.......2.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Installer\3e7bd9.msi

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {3B4EEE73-0780-4E99-B493-BD8647D8C786}, Number of Words: 8, Subject: PDFast, Author: PDFast, Name of Creating Application: PDFast, Template: ;1033, Comments: This installer database contains the logic and data required to install PDFast., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Apr 8 16:25:14 2025, Number of Pages: 200
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2873344
                                                                                                                                                                                                                                                  Entropy (8bit):6.642262090272467
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:9193849BA75ECA3516FDA249D9149700
                                                                                                                                                                                                                                                  SHA1:D1018A263B0D17A02AC765BDFB3603E1CA32DF5D
                                                                                                                                                                                                                                                  SHA-256:D625019951CFD3FEEABE95307FC5C1D7E89D0749A5D8BE5FF62701A44206BAF4
                                                                                                                                                                                                                                                  SHA-512:FA7E3A012D6EA556D5BA1B949DAC27DDB6E019B64E452FFC5D70C6769D838BB4E6042D3BA147BC7333E8B6C5C48A00C463CB3642AF3B4B09E7D8D5FD867D8D5B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:......................>...................,...................................u.......`...a...b...c...d...e...f...g...h...i...!..."...#...$...%...&...l...............................................]...^..._...`...a...b...c...d...e...f...z...........................................................................................................................................................................................................................................................................................Q...............'...?........................................................................................... ...!..."...#...$...%...&...2...3...)...*...+...,...-......./...0...1.......5...4...<...6...7...8...9...:...;...@...=...>...F...J...A...B...C...D...E...H...G...I.......O...K...L...M...N.......P...R.......S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...........w...x...y...z...

                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI7E6C.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):602432
                                                                                                                                                                                                                                                  Entropy (8bit):6.469389454249605
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:B7A6A99CBE6E762C0A61A8621AD41706
                                                                                                                                                                                                                                                  SHA1:92F45DD3ED3AAEAAC8B488A84E160292FF86281E
                                                                                                                                                                                                                                                  SHA-256:39FD8D36F8E5D915AD571EA429DB3C3DE6E9C160DBEA7C3E137C9BA4B7FD301D
                                                                                                                                                                                                                                                  SHA-512:A17E4512D906599B7F004EBB2F19EE2566EE93C2C18114AC05B0A0115A8C481592788F6B97DA008795D5C31FB8D819AC82A5097B1792248319139C3FACE45642
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0.......4....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI7EFC.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):753984
                                                                                                                                                                                                                                                  Entropy (8bit):6.461872633696775
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:8DD026145833182777A182A646DF81F3
                                                                                                                                                                                                                                                  SHA1:4F5CB840193EEA97DF088C83A794FB6E8F67AB07
                                                                                                                                                                                                                                                  SHA-256:3071AF6BE43A2611DB45205F0D3F1F25ABA05ACF5F70992FCE2FFFD63EE9C85D
                                                                                                                                                                                                                                                  SHA-512:F6C860BF563A24C046A7D76A6BC1E2F6BBFC80A87AC4513DE331049F35198DCBBDBB5BE7F5D49100E1D1C8AB680ECF3EAAA4FDB8F744C9FD5479A1BA64079391
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......':r.c[.Tc[.Tc[.T.).Un[.T.).U.[.T.%.Ur[.T.%.U{[.T.).Uz[.T.%.U=[.T.).Ub[.T.).Ut[.Tc[.T.Z.Tz$.U([.Tz$.Ub[.Tz$.Tb[.Tc[.Tb[.Tz$.Ub[.TRichc[.T................PE..L....=.d.........."!...$.>..........+........P............................................@.........................`..................h............D..@=.......r.....p............................e..@............P..........@....................text....=.......>.................. ..`.rdata...q...P...r...B..............@..@.data...H(..........................@....rsrc...h...........................@..@.reloc...r.......t..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI81ED.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                  Size (bytes):428434
                                                                                                                                                                                                                                                  Entropy (8bit):7.104263591104176
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:71DE8487243FBCDAE48E9657A87319E3
                                                                                                                                                                                                                                                  SHA1:10EB07608E7E11D60E94F26694B237ED0BCFB987
                                                                                                                                                                                                                                                  SHA-256:28CE884A08083F655BD24E8529D351408F38EAD6972A47E5199A56CBEF9EE9AE
                                                                                                                                                                                                                                                  SHA-512:8276522ABC788178EA7CFE8D016C88A5372A72BF9041DF144B9DD2A04DECECAE5AA0CD65624CED732EF7517770FCA2F8AE940A0ED3CF5BB52F4270A593DF9F62
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y.?...l...l...l.`.m...l.`.m>..l...m...l...m...l...m...l.`.m...l.`.m...l...l...l...m...l...m...l..{l...l...l...l...m...lRich...l........................PE..L....a.g...........!...).............V.......................................P............@A........................ ....*........... .......................0.........T...............................@............................................text.............................. ..`.rdata..t_.......`..................@..@.data...$...........................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\CustomAction.config

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):959
                                                                                                                                                                                                                                                  Entropy (8bit):4.847324835573595
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:EE9A8381338B060D86C58E2415F481F3
                                                                                                                                                                                                                                                  SHA1:200F3ED7C773F50C80644F3976E09E876F45993F
                                                                                                                                                                                                                                                  SHA-256:7E1096D6F39EBE04D6E38BC714983AF05ED92CC2BB4D3365ED4C85E733CB145C
                                                                                                                                                                                                                                                  SHA-512:26B9108B9522574E08560BC45A6470F85CA149317BD763F3A357040E0F0E743FD7BFC05E0CE2D9FB52BF89E22C61D221DDF8A7163F5143848717CA3D56847EF1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what WixToolset.Dtf.CustomAction.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... For more information https://learn.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/startup/startup-element.. -->.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />.. </startup>..</configuration>..

                                                                                                                                                                                                                                                  C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\Microsoft.Win32.TaskScheduler.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):332800
                                                                                                                                                                                                                                                  Entropy (8bit):6.0966953677547275
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:0616EA42B68A8F5F2F01BCD985BDCBC7
                                                                                                                                                                                                                                                  SHA1:88D6AAE1F17B00F4391E0E7B17E98C494BE73BA1
                                                                                                                                                                                                                                                  SHA-256:EA27C65491119EEE5C8E87CE3D470783580DB8FC5BD141C496768D7D0CCE779A
                                                                                                                                                                                                                                                  SHA-512:CE4657908615C4837084C75D806C083B8F7E63965A2E7866B8C96DE7C0278A0857235B74CD9443769968165DB250EBA042A5B05927FEBFF5BB70BEBB7DCBD814
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............)... ...@....... ..............................o.....`.................................2)..O....@.......................`......,(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................f)......H.......<...0U..........l...@....'........................................{....*..{....*V.(......}......}....*...0..A........u2.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ..<. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q5....5...-.&.+...5...o.....%..{.......%q6....6...-.&.+...6...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*..0..Y........u7.......L.,G(.....{.....{....o....,/(.....{.....{....o....

                                                                                                                                                                                                                                                  C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\RequestSender.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                                                                                  Entropy (8bit):5.260574912471526
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:19F78AA7A17C75B9D9CB9B3F83A01C31
                                                                                                                                                                                                                                                  SHA1:F60E338AE6370D78D57E88E2BFAFA1BA6DB9A272
                                                                                                                                                                                                                                                  SHA-256:BBB5032BFE5039862B057B5706BCB89C56E60CBF2C128AB8122878AE16F2331B
                                                                                                                                                                                                                                                  SHA-512:0931CA0A9EB0BC86616A39814E1F87E65CF64E710FD96324BDBD56BD7C5FF7AD1F21F1598A5D7E8DDED6788DC0B7C21A940D19403B1995275ABE34926B7437CC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V ............" ..0..8...........W... ...`....... ....................................`..................................V..O....`...............................V............................................... ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............>..............@..B.................V......H.......`...@(..........................................................2.r...p(....*r..r...po....r-..p(....(....*. .'..(......r...po....rM..p.r_..po....(....(....*...r...po....r...p.r_..po....(....(....*...r...po....r...p.r_..po....(....(....*2.r...p(....*2.r...p(....*r..r...po....r...p(....(....*r..r...po....r...p(....(....*r..r...po....r#..p(....(....*r..r...po....rM..p(....(....*r..r...po....r...p(....(....*r..r...po....r...p(....(....*r..r...po....r...p(....(....*r..r...

                                                                                                                                                                                                                                                  C:\Windows\Installer\SFXCA91A192A47F4D8FAAADD511277724A041\WixToolset.Dtf.WindowsInstaller.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):198416
                                                                                                                                                                                                                                                  Entropy (8bit):6.572189329266532
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:EF8D5785AC8669F5FD54E22F52770E6B
                                                                                                                                                                                                                                                  SHA1:4C94AE7EF233BE33A56C0A5D9B8E2211D5D5792C
                                                                                                                                                                                                                                                  SHA-256:A614884EA627DA1925131EBF41E8AE202CAEAC0FE543B86384F5EB2BFAF1AA75
                                                                                                                                                                                                                                                  SHA-512:AB3B140BD6531F22E994606820E6511442C23D9015B1E1A38AAED43AA42BA29A996511151D0B3A383C05C2B11F670E52CDD7F507AD1A1AD8CEBEA57FB22ADE5A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z............." ..0.............:.... ........... .......................@......".....@.....................................O......................../... ......d...p............................................ ............... ..H............text...@.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........@H...............z...........................................(;....-.r...ps<...z..s=...}....*..(;....-.r...ps<...z..(....}....*2.{....o>...*..*...2...{....o>.../..{.....o?...*r...ps@...z..0..[........(A...,.r3..ps<...z.{....oB....+..oC.....o.....(D...,......o....-....,..o.....r3..ps@...z.*.........%D.......sE...z.sE...z:..(..........*6..o....(....*..0..F........(A...,.r3..ps<...z..+..{.....o?...o.....(D...,..*......{....o>...2..*r.-.rI..ps<...z.{......oF...*.sE..

                                                                                                                                                                                                                                                  C:\Windows\Installer\SFXCAB51F47AADB4C85BAF5D11DEB56E7E3E4\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9728
                                                                                                                                                                                                                                                  Entropy (8bit):4.5545266828490805
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:C9B4EAED07EF72E5ED0F9ECB3E9FFB66
                                                                                                                                                                                                                                                  SHA1:154BF2E5EEC4C08E8954B229439E03A1FB5CD0E8
                                                                                                                                                                                                                                                  SHA-256:B2996E6B102FE829B5683936DD7197F26F375EA16499CC4E6AF88E78538B9FF1
                                                                                                                                                                                                                                                  SHA-512:0482B7328C0C5E82E82ABA033BA6DD5F1800BA0FCEF1522A4CEDF3C212156796738C8C4AB580375B77D90C7CEBC4723D35518F990B836AA64F5CE173D1195FE5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>2f...........!.................9... ...@....... ...................................@..................................9..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................9......H........4............... ......P ......................................A~h....r}.......x...._...^xi(e|..A.+{0.38S'3..X..cw.gd..j=<.)Q~>yP0..7r.0.%A(..g..].& .a..@..=.....e.....U.O2.h.}.<..B.`................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):403156
                                                                                                                                                                                                                                                  Entropy (8bit):5.359645758536729
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:1F21DB043BA35C02EEACBEC0A093A738
                                                                                                                                                                                                                                                  SHA1:F2AD7B1F8E744BDE756C27FD8CB3CF438B6293C2
                                                                                                                                                                                                                                                  SHA-256:F41DE01D0BA9D077801F03F65BC0C5267159F43AD4F28143D81A072598F0EAF2
                                                                                                                                                                                                                                                  SHA-512:5143CDD25E7F5F506AE895A10D50730EFD1DDF494E2854E2027B8E61DBD32189615EB594429440B93803340790901CE493A063B6D8EA4CE4E4CAB197FBC7F7A8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                  No static file info