Windows Analysis Report
CuteWriter.exe

Overview

General Information

Sample name: CuteWriter.exe
Analysis ID: 1541126
MD5: 604fdaf426407abe31f9afdd0028059f
SHA1: fc5ba5fce060f5d987bcc234d7705826fd01a51e
SHA256: b8cab489c46b5a6bb978b90c3ef06cc0c454f53d5cde773734dcdce9514b79a1
Infos:

Detection

Score: 26
Range: 0 - 100
Whitelisted: false
Confidence: 20%

Compliance

Score: 35
Range: 0 - 100

Signatures

Suricata IDS alerts for network traffic
AI detected landing page (webpage, office document or email)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Downloads executable code via HTTP
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found dropped PE file which has not been started or loaded
HTML page contains hidden javascript code
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses insecure TLS / SSL version for HTTPS connection

Classification

HTML page contains hidden javascript code
Source: https://www.cutepdf-editor.com/support/writer.asp HTTP Parser: Base64 decoded: ai=Cl-vl6S8aZ-q7H-yTjuwP6N6c0ASolKqEe6C96eSzE9HJ35v4ARABINDf2h9gyQagAbPWy5UoyAECqAMBqgT0AU_Qy56WQ45RG0GvbURQR78-cGcxEM5_46u8-iweI6zZWOcksZCpWHimWzKWFPmOK7rK-UUoM52VgrGqYEStJ_0I_cxSZdqU9IWEF0R2cPQdbdaHjEPaQmgBjp4OZ-a91FF2iiDs8FyQ7N77N3UTu3JBc28Ori4B8nDIqzG...
Source: https://www.cutepdf-editor.com/support/writer.asp HTTP Parser: No favicon
Source: https://www.cutepdf-editor.com/support/writer.asp HTTP Parser: No favicon
Source: https://www.cutepdf-editor.com/support/writer.asp HTTP Parser: No favicon
Source: https://www.cutepdf-editor.com/support/writer.asp HTTP Parser: No favicon
Source: https://www.cutepdf-editor.com/support/writer.asp HTTP Parser: No favicon
Source: https://www.cutepdf-editor.com/support/writer.asp HTTP Parser: No favicon
Source: https://www.cutepdf-editor.com/support/writer.asp HTTP Parser: No favicon
Source: https://www.cutepdf-editor.com/support/writer.asp HTTP Parser: No favicon
Source: https://www.cutepdf-editor.com/support/writer.asp HTTP Parser: No favicon
Source: https://www.cutepdf-editor.com/support/writer.asp HTTP Parser: No favicon

Compliance
barindex
Uses 32bit PE files
Source: CuteWriter.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49766 version: TLS 1.0
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.CutePDF Writer Copyright by Acro Software Inc. All rights reserved.This license applies to the CutePDF Writer ("The Software"). CutePDF Writer is free software. By using copying transmitting distributing or installing CutePDF Writer you agree to all of the terms of this agreement ("License").Please read the license terms below. If you do not agree to any of the terms of this License then do not use copy transmit distribute or install The Software.Scope of LicenseThis is free software. Subject to the terms below you are hereby licensed by Acro Software Inc. ("ASI") to use The Software on computer or workstation without charge. Free CutePDF Writer is available for volume distribution beyond a single-user installation. Without making any payment to ASI: a) You may give exact copies of The Software personally to anyone. b) Corporations and organizations may distribute exact copies of The Software on a company intranet site or local network. c) Commercial vendors may bundle exact copies of The Software on physical media such as a CD or DVD or on OEM hardware such as computers. d) You may make as many exact copies of The Software as you wish for purposes of distribution as described in (a) (b) and (c) above.You are specifically prohibited from charging advertising or requesting donations for any copies however made and from distributing such copies with other products of any kind commercial or otherwise without prior written permission from ASI. ASI reserves the right to revoke the above distribution rights at any time for any or no reason.Except as otherwise pre-approved by ASI in writing you shall not distribute The Software from a Website other than an ASI Site.No Modification No Reverse usering. You shall not modify adapt translate or create derivative works based upon The Software in any way including without limitation removal of the installer program electronic end user license agreement or any copyright or other proprietary notice that appears in The Software. This software and all accompanying files data and materials are distributed "AS IS". ASI does not warrant that the operation of the Software will meet your requirements or operate free from error. ASI DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS EITHER EXPRESS OR IMPLIED INCLUDING THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. This disclaimer of warranty constitutes an essential part of the agreement. In no event shall ASI or its principals shareholders officers employees affiliates contractors subsidiaries or parent organizations be liable for any incidental consequential or punitive damages whatsoever relating to the use of The Software or your relationship with ASI.This License shall be go
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.CutePDF Writer Copyright by Acro Software Inc. All rights reserved.This license applies to the CutePDF Writer ("The Software"). CutePDF Writer is free software. By using copying transmitting distributing or installing CutePDF Writer you agree to all of the terms of this agreement ("License").Please read the license terms below. If you do not agree to any of the terms of this License then do not use copy transmit distribute or install The Software.Scope of LicenseThis is free software. Subject to the terms below you are hereby licensed by Acro Software Inc. ("ASI") to use The Software on computer or workstation without charge. Free CutePDF Writer is available for volume distribution beyond a single-user installation. Without making any payment to ASI: a) You may give exact copies of The Software personally to anyone. b) Corporations and organizations may distribute exact copies of The Software on a company intranet site or local network. c) Commercial vendors may bundle exact copies of The Software on physical media such as a CD or DVD or on OEM hardware such as computers. d) You may make as many exact copies of The Software as you wish for purposes of distribution as described in (a) (b) and (c) above.You are specifically prohibited from charging advertising or requesting donations for any copies however made and from distributing such copies with other products of any kind commercial or otherwise without prior written permission from ASI. ASI reserves the right to revoke the above distribution rights at any time for any or no reason.Except as otherwise pre-approved by ASI in writing you shall not distribute The Software from a Website other than an ASI Site.No Modification No Reverse usering. You shall not modify adapt translate or create derivative works based upon The Software in any way including without limitation removal of the installer program electronic end user license agreement or any copyright or other proprietary notice that appears in The Software. This software and all accompanying files data and materials are distributed "AS IS". ASI does not warrant that the operation of the Software will meet your requirements or operate free from error. ASI DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS EITHER EXPRESS OR IMPLIED INCLUDING THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. This disclaimer of warranty constitutes an essential part of the agreement. In no event shall ASI or its principals shareholders officers employees affiliates contractors subsidiaries or parent organizations be liable for any incidental consequential or punitive damages whatsoever relating to the use of The Software or your relationship with ASI.This License shall be go
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.CutePDF Writer Copyright by Acro Software Inc. All rights reserved.This license applies to the CutePDF Writer ("The Software"). CutePDF Writer is free software. By using copying transmitting distributing or installing CutePDF Writer you agree to all of the terms of this agreement ("License").Please read the license terms below. If you do not agree to any of the terms of this License then do not use copy transmit distribute or install The Software.Scope of LicenseThis is free software. Subject to the terms below you are hereby licensed by Acro Software Inc. ("ASI") to use The Software on computer or workstation without charge. Free CutePDF Writer is available for volume distribution beyond a single-user installation. Without making any payment to ASI: a) You may give exact copies of The Software personally to anyone. b) Corporations and organizations may distribute exact copies of The Software on a company intranet site or local network. c) Commercial vendors may bundle exact copies of The Software on physical media such as a CD or DVD or on OEM hardware such as computers. d) You may make as many exact copies of The Software as you wish for purposes of distribution as described in (a) (b) and (c) above.You are specifically prohibited from charging advertising or requesting donations for any copies however made and from distributing such copies with other products of any kind commercial or otherwise without prior written permission from ASI. ASI reserves the right to revoke the above distribution rights at any time for any or no reason.Except as otherwise pre-approved by ASI in writing you shall not distribute The Software from a Website other than an ASI Site.No Modification No Reverse usering. You shall not modify adapt translate or create derivative works based upon The Software in any way including without limitation removal of the installer program electronic end user license agreement or any copyright or other proprietary notice that appears in The Software. This software and all accompanying files data and materials are distributed "AS IS". ASI does not warrant that the operation of the Software will meet your requirements or operate free from error. ASI DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS EITHER EXPRESS OR IMPLIED INCLUDING THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. This disclaimer of warranty constitutes an essential part of the agreement. In no event shall ASI or its principals shareholders officers employees affiliates contractors subsidiaries or parent organizations be liable for any incidental consequential or punitive damages whatsoever relating to the use of The Software or your relationship with ASI.This License shall be go
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CutePDF Writer Installation Jump to behavior
Source: CuteWriter.exe Static PE information: certificate valid
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49776 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49828 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49913 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:50000 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:50009 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.6:50023 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50165 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50169 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50172 version: TLS 1.2
Source: CuteWriter.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: ps5ui.pdb source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp, is-58S3Q.tmp.2.dr, PS5UI.DLL.6.dr
Source: Binary string: ps5ui.pdbH source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp, PS5UI.DLL.6.dr
Source: Binary string: C:\CutePDFWriter4\Release\CutePDFWriter4.pdbn source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: pscript5.pdb source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\CutePDFWriter4\Release\CutePDFWriter4.pdb source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ps5ui.pdbX source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp, is-58S3Q.tmp.2.dr
Source: Binary string: pscript5.pdbH source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File opened: C:\Users\user\AppData\Local\Microsoft\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File opened: C:\Users\user\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File opened: C:\Users\user\AppData\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ Jump to behavior

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2812710 - Severity 1 - ETPRO MALWARE Linopid HTTP CnC Beacon : 192.168.2.6:49858 -> 64.34.201.145:80
Downloads executable code via HTTP
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Fri, 15 Apr 2016 13:27:04 GMTAccept-Ranges: bytesETag: "04d47f1a97d11:0"Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Thu, 24 Oct 2024 11:30:29 GMTContent-Length: 8108488Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d2 27 7e 53 96 46 10 00 96 46 10 00 96 46 10 00 96 46 10 00 1b 46 10 00 12 40 16 00 97 46 10 00 11 5a 12 00 97 46 10 00 52 69 63 68 96 46 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 81 1b 5b 3a 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 05 0a 00 56 00 00 00 2a 00 00 00 00 00 00 8f 3f 00 00 00 10 00 00 00 70 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 d0 7b 00 00 04 00 00 7e d3 7b 00 02 00 00 00 00 7d 00 00 00 10 00 00 00 7d 00 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 7b 00 00 32 00 00 00 ec 71 00 00 50 00 00 00 00 a0 00 00 08 05 00 00 00 00 00 00 00 00 00 00 00 9a 7b 00 c8 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 00 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 86 54 00 00 00 10 00 00 00 56 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d2 0b 00 00 00 70 00 00 00 0c 00 00 00 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 35 17 00 00 00 80 00 00 00 0e 00 00 00 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 08 05 00 00 00 a0 00 00 00 06 00 00 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 5f 77 69 6e 7a 69 70 5f 00 20 7b 00 00 b0 00 00 00 20 7b 00 00 7a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: COGECO-PEER1CA COGECO-PEER1CA
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49858 -> 64.34.201.145:80
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49766 version: TLS 1.0
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: global traffic HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CV45hYK1Zz79usC&MD=Bw2BcbZ1 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /support/writer.asp HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /include/main.css HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cutepdf-editor.com/support/writer.aspAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /images/background.jpg HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cutepdf-editor.com/include/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/companybg.jpg HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cutepdf-editor.com/include/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/headerbg.gif HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cutepdf-editor.com/support/writer.aspAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/htabs1.gif HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cutepdf-editor.com/include/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/htabs3.gif HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cutepdf-editor.com/include/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /Images/PDF_Editor.GIF HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cutepdf-editor.com/support/writer.aspAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /images/Print.gif HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cutepdf-editor.com/support/writer.aspAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /images/PrintDialogBox.gif HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cutepdf-editor.com/support/writer.aspAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/Save.png HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cutepdf-editor.com/support/writer.aspAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/DocProp.png HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cutepdf-editor.com/support/writer.aspAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/htabs1.gif HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/headerbg.gif HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/htabs3.gif HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/companybg.jpg HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /Images/space.gif HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cutepdf-editor.com/support/writer.aspAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/NEW.GIF HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cutepdf-editor.com/support/writer.aspAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /Images/PDF_Editor.GIF HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/background.jpg HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /images/Security.png HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cutepdf-editor.com/support/writer.aspAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /images/Print.gif HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/companybm.gif HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cutepdf-editor.com/support/writer.aspAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/footbg.gif HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cutepdf-editor.com/support/writer.aspAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/DocProp.png HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/Save.png HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/PrintDialogBox.gif HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /Images/space.gif HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/NEW.GIF HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /images/Security.png HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /images/companybm.gif HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP
Source: global traffic HTTP traffic detected: GET /images/footbg.gif HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP; _ga_XVM5E9PE4F=GS1.1.1729769445.1.0.1729769445.0.0.0; _ga=GA1.1.1884377809.1729769445
Source: global traffic HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /pagead/html/r20241022/r20190131/zrt_lookup_fy2021.html HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.cutepdf-editor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pagead/ads?client=ca-pub-6555658820068848&output=html&h=90&slotname=6092711011&adk=1854165047&adf=3987798746&pi=t.ma~as.6092711011&w=728&abgtt=9&lmt=1729769448&format=728x90&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1729769444531&bpp=5&bdt=2357&idt=3477&shv=r20241022&mjsv=m202410170101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=1252293065082&frm=20&pv=2&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=145&ady=144&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31088192%2C95342016%2C95344190%2C95345270%2C95345280%2C95344978&oid=2&pvsid=1819047191693950&tmod=229837596&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=3507 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.cutepdf-editor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pagead/ads?client=ca-pub-6555658820068848&output=html&h=600&slotname=8138180617&adk=373269726&adf=126291155&pi=t.ma~as.8138180617&w=160&abgtt=9&lmt=1729769448&format=160x600&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1729769444536&bpp=1&bdt=2361&idt=3515&shv=r20241022&mjsv=m202410170101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=728x90&correlator=1252293065082&frm=20&pv=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=744&ady=420&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31088192%2C95342016%2C95344190%2C95345270%2C95345280%2C95344978&oid=2&pvsid=1819047191693950&tmod=229837596&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=d%7C%7CoeE%7Cn&abl=XS&pfx=0&fu=0&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=3522 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.cutepdf-editor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pagead/ads?client=ca-pub-6555658820068848&output=html&h=280&slotname=4387574616&adk=1818151991&adf=1925678805&pi=t.ma~as.4387574616&w=336&abgtt=9&lmt=1729769448&format=336x280&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1729769444537&bpp=1&bdt=2363&idt=3531&shv=r20241022&mjsv=m202410170101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=728x90%2C160x600&correlator=1252293065082&frm=20&pv=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=341&ady=1814&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31088192%2C95342016%2C95344190%2C95345270%2C95345280%2C95344978&oid=2&pvsid=1819047191693950&tmod=229837596&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=3540 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.cutepdf-editor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pagead/ads?client=ca-pub-6555658820068848&output=html&adk=1812271804&adf=3025194257&abgtt=9&lmt=1729769448&plat=3%3A65536%2C4%3A65536%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&pra=7&wgl=1&aihb=0&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33&aifxl=29_18~30_19&aiixl=29_5~30_6&aslmct=0.7&asamct=0.7&aiict=1&aiapm=0.3221&aiapmi=0.33938&aiombap=1&aief=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1729769444538&bpp=5&bdt=2364&idt=3546&shv=r20241022&mjsv=m202410170101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=728x90%2C160x600%2C336x280&nras=1&correlator=1252293065082&frm=20&pv=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31088192%2C95342016%2C95344190%2C95345270%2C95345280%2C95344978&oid=2&pvsid=1819047191693950&tmod=229837596&uas=0&nvt=1&fsapi=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=4&uci=a!4&fsb=1&dtd=3558 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.cutepdf-editor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CV45hYK1Zz79usC&MD=Bw2BcbZ1 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /xbbe/pixel?d=CNazkvECEJ-FufYCGPWj7Z0CMAE&v=APEucNVTTguKp20X8dAunnm_TQf6VnYFFtc3ryUzj6GNKBIZzVUuDt8d7mdZplTaZ7RTtBHHqk_8xwj_-8RisEYgKVCiuxAXnA HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&h=280&slotname=4387574616&adk=1818151991&adf=1925678805&pi=t.ma~as.4387574616&w=336&abgtt=9&lmt=1729769448&format=336x280&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1729769444537&bpp=1&bdt=2363&idt=3531&shv=r20241022&mjsv=m202410170101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=728x90%2C160x600&correlator=1252293065082&frm=20&pv=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=341&ady=1814&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31088192%2C95342016%2C95344190%2C95345270%2C95345280%2C95344978&oid=2&pvsid=1819047191693950&tmod=229837596&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=3540Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic HTTP traffic detected: GET /xbbe/pixel?d=CNazkvECEJ-FufYCGNC28p0CMAE&v=APEucNWgFUHrD33z4Q7qDEX7cGEiwYatuDRk88lJea39IdXM_qbynOy7NERbDVMO5c7gjwOeDvPFLj9qUxuPKa1NEQt84qawXw HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&h=90&slotname=6092711011&adk=1854165047&adf=3987798746&pi=t.ma~as.6092711011&w=728&abgtt=9&lmt=1729769448&format=728x90&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1729769444531&bpp=5&bdt=2357&idt=3477&shv=r20241022&mjsv=m202410170101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=1252293065082&frm=20&pv=2&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=145&ady=144&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31088192%2C95342016%2C95344190%2C95345270%2C95345280%2C95344978&oid=2&pvsid=1819047191693950&tmod=229837596&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=3507Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /xbbe/pixel?d=CLLVmQIQ2riaAhj1-o3eATAB&v=APEucNU3JcGq3kKl_K7TWcE7OHlegV1VKBJ7kJQB_7DGw8rmFddxUHg6Sk8GvSChIeyqnqRrKvYJUyVWlYjeo7kJ8BBRH8L4gg HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&h=600&slotname=8138180617&adk=373269726&adf=126291155&pi=t.ma~as.8138180617&w=160&abgtt=9&lmt=1729769448&format=160x600&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1729769444536&bpp=1&bdt=2361&idt=3515&shv=r20241022&mjsv=m202410170101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=728x90&correlator=1252293065082&frm=20&pv=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=744&ady=420&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31088192%2C95342016%2C95344190%2C95345270%2C95345280%2C95344978&oid=2&pvsid=1819047191693950&tmod=229837596&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=d%7C%7CoeE%7Cn&abl=XS&pfx=0&fu=0&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=3522Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /pcs/view?xai=AKAOjsu8i23Pa_hcCjAEn29uF7Jsuxt-8JXIy2WFxEqoFCtHz57_2KQKKZj1IAPskzAsXl506OJ-_M9vfpJH2I8_ic_hlQobem8Cee99oE1zrQj6dBHS9RgRtZG_dc08OoVgKho_N1uy066UKG_M1z5h0kUwQd1oHeE1wEWFT0XaLNq3mE_Zbi4pL_YUzsGExh8tvj3XvBLM8pA62WLEjf4E5QY5PL97jb-sjis4oqytM6bRPVpf-gVlBcWEEcqWLp5uRoiRNyTQo-fQ36Ikhs4mqMJrXhw2Q2oMQKRvTbczqL6P9DGl0n5GmVEWlU2TvZUymLIx1QuOYvQuFc9OE1bbVcACTy3xaevCax1tvLjkqcNaIcT5CJVCX_2pIUyf6y3Xvi2QIjVR3BXT73OPRRvu8QSUQpBgF8CaELje5kVpaZGJwa-J10pkExGGIrz2VJSTQfiC9yXq-FFSknrAsbJr_Odw6rRY5LpTgeWpjsdsRTq4wPAJFpLctaEebdCmYpkjWr2KQRKkcUHoSpRSubrgjAD7x8PT_wtM6hXx5sMsae0uHbIvH3IDEmTBc9ZaSxF36CY7zxzk48x58lyLyak8Ia9--9WKhr7HSGT-9AXnylluXUEalvIpjV7Y2u9Zahbd28nMGvpiH4wlxeacFJx8TO_KL07FboYFBx3Zcg3qG-caRY0K8al9_KNIWgKeebDfg2ea6_kyhghBsLjeUJN12j_gHMYnmFG0UDmAYRV0DdBcUcfjvjtJQz0g6PX7m_B6H9hH_UIJcUYZ2CTigL8-fCXOcr9lfHF6FSH1IwefD0CLovk94cwC6F5wjHBmUUnlwcDmczT2mn4USA5iU6orzarGSiZfL0J2SbEb21XAFpI3Me6A_aZwD1vN9sCZXFj1-Av_uGNOjQHvp84Ky4r0IP3T4pBRIjpKqpUL_-D7z5nKnPmNJclLTIZFFGp3ZXfMdtWbSdnJmbow01Zg-1nKMs-ibq_3q8TlaeebZ2XpjnXTGOpdQmePoK_o9TUCggRcTjgZFtDmkfeX2wtTdoF_Fu_Ui7VSo2_ybYCJ2mGp4Iik9y3OUoEycxDg5c6xdawyaVbWJIZf3odfe6dW5FgAHE64VV-CxyQrLH9fVVKLXSHYAwcCys5Y-kkoF7EpvQaZYwj5Ma7D6I5NfdzTeskKcjtWG1I4D0pcTGNah5xo30joBCqYK5krCHKVjyEDT_OSAHqIYL4_R7bhspuqXclxVKeQ6nmnfBlLz4YjsbTrSRUNLEo2aJiqAhUm2me8SdtONjWlBRY-z22JQBkhDECNrgIOUdFB_6vrc5PfmRVCybbVgEFfq9imSg4xFJlH4_9YXPh9xeGVzfny8aNF7ZmagJbaCx2r52tFv2BPbLkKuIAq&sai=AMfl-YRIRufMBVphbL3jjX0cMDC_CI0hzL2FFjP0_XtwxFEsPZp3cvY6CSNR5x5xaSTVjK7J1DjOJ4AltkPh0ESdiAnkiEUc46z2WJUymCTwPvQdmatoykNkf8eLhSEYY2hOHguv-lkqy6t9JVV9wR2Ov2VlBQ7RbhsAyh0Njv2wdI8DsfK_5uXqCX97w4acWiEfvgpsBZeGyZYtpm3hJefN59IwNoGPm3wcyN-VBFdKYADq82aULQ0_Of_-LKzCVF-ct7QmceO2G0M1LpSWju6RSiLgZn7uPsLq9Em2yGrWWeTZzozSYZp8fGIFRLQ1a_Dr3nanEbteNpgsBXeNcWyrAW3PHpu72TifYYm2SVTaks0UxRRPjryk1lsalBjNdJArBiNDGKxDURvv7IZukVqNsb6xbmaw4Y77bAasNXhRGHbNTHZKO77cwlldbgVpwHMatkkFQiEthaLHYgDqD364fNGA13xvJXjQnPfkRs0e8w1ZSbZJRlLfZaZdAaW5EaoDHcxI8yeeqgk&sig=Cg0ArKJSzOJVokbZ0PYLEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9wZGZodWJ0b2RheS5jb20&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=5&cbvp=1&cstd=1&cisv=r20241022.43103&arae=1&ftch=1&adurl= HTTP/1.1Host: ad.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: not-trigger, event-sourceReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic HTTP traffic detected: GET /pcs/view?xai=AKAOjsscIms9HimZZMOy0LhK_O7_SLnbj6E4XcJzeIdk48TcZ4Lx38WyVjWrg-vwihqoGUW_EoQpr61sfMBuPby_XAs94BxLtDRrCQ4ZIV6ZNrQMeWpCRGI4ExcXDApa4CQQPQv1Eyk-zwuCW3Kmnh6ke8siL0vSAl5ilNk5W49RWYnKVJuwXZv8wfeaF8PJTB4VxC4v2LkydeEih5eJieDy6_hO4czTrdQjRc0BXpWyCYbRBcbQXowDvNsmuo9-BNaO5yPxcQaNsnnec_nYSAo7ui2trWe3YEEMhkctmhE30gAsujWtE25q0TOEsFF2g4AbNZ8dQASySJjsiXaWNrCUU-SiW0d2_4FECT3Oxb2U1xmsqL7WbTxXTsnB01zMN2UHcJNuugNXByYaFlhuofnV7xFfNtRVYbXehRo6LR7sVCkEGcJAMrNXnWRDNj-4iNRbdzhnsRVyKw-gnL7KYWsCLJvitziuFtJFV2nseRFTWxq-qMupvKARi25cfe7_cqSHfPE_BLEZHf-ltbgq96n479Zj_lwEjoNSeVOHv4VQWQvc70SQpnQ-3lGe6cwTvI-3VRyy10PBJuVCSGFjmwR3N7Ek7wREa-iFU0PDACBuGfONi7ONU8kH4xiKVcdbf6HlGse-SDKDpNYgsMG0ZKHB0MvJFNa3_gxTBANy4tUpS0SSb906foFUJ75eUzMscsNHX1kCiRzCzvsHcxRuxfMLcO1o3EhcAEHU68qclxcEPeOsACDg6-bnpUSUheh4UkoS-kP7h9i5Tc9AhZKJhSuNvQJQvqEpVwBp5CFZzF2ys66NJQ6P9jG9V2r6d9HJPvZLzYfS1K5CiGjPTw_tplmNUWHJ7wf7s4tqxqKNNELEd7kDW3yRm5UnaIVVFzrsWUioqtrs8CtrZux9dhNmOvNn3Y0GiyFwvSyCs7R2vhEFLMdRNqUAhDfmEO4qkiiCFgIZW2VfHZb6QObcKy4dRZdoVUUQJAS4NYShks5etM-zQt318yZOPkgj0NFno5fAJaSW3jlZ223FR8Hkq90cujpT0E4pyqyA32QcxPM45DtC9E-UqaQagJfUdLFt03ljpKeLe1fhzEsSYPXPebfviEXBZGmRu-oGRfNQAlABouHDfzAO6waywrh8DN7FClenHxt4c-ui-8UyMhAnyjisGhf1aJ38ua1f1OhaQPgVfuWmbx8UdA0s7ubxBhRAdZG-si9asGO-Pr23f8Nwz9WHcXUSHjUxLlacInwhfuJLB8BMt1R3RDxP9lwlKaAv1dGFVr3qTEcZZYiPv7TSrhGao77KXRUkPheHvxH7NLAKzCOk4Rowi9V7QfVoDLOYxnX2UMIzbeKoepgblJCWPwWOemZFDHbh67xsM4JvpoY&sai=AMfl-YS8fNvo0km5tVINWjm52gPno9O77gL-yGTigvtd7yQ2lvpQb5lBVMYmD7L33nDo4cEj2ZJ-rIkD_h6IWGEAQOmGl8pXCvOXvWrCUYAPllUciKMTQDECkS7Frux-FzGlzsx_wLBbSefILDQh5qZ0PYoFP3RTx2igpet58Dcvz38OI2WZjJy9x9DNmRwM3aeUDX_cqtt2kJLgjk2fDoxnh6WntdCPMXhsD_wpx-D48pbD9Q5pq5mBwBxP-3xlHY2zdTMPx0lckLhkq2UkAeInimkO6v-ca8zd0P95lMgQxous4kLdAFAdHOnhTb1D_4RiDG3UIQSrIMEWw82CmalxwIDTTHu2exZ4opAH20zc8rtY4F0PvYArbCkKVwySjKPwyQYt_hYEspLFh4FKo5ETIaqUkycM_6D4VN9_-yu-XYXqYdjt9o3pf08KF_Q7LO8CxmzX-VUkdVuJdVVCtzul9OG2ys3gQAXTDiICxNyNIDFM110ccqbhq_qceji6cNNkJZTx6ARRmAs&sig=Cg0ArKJSzKO8sP2fzwSUEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9wZGZodWJ0b2RheS5jb20&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=3&cbvp=1&cstd=0&cisv=r20241022.82858&arae=1&ftch=1&adurl= HTTP/1.1Host: ad.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: event-sourceReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic HTTP traffic detected: GET /simgad/2992038092943504460 HTTP/1.1Host: s0.2mdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /simgad/14090383124701222626 HTTP/1.1Host: s0.2mdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pcs/view?xai=AKAOjsvkf21Tb0lrB_-YtQeBEQ_DwCcyHRy3AkSOaJyKvqPFl40kvGWvqheAGAXO-snLEbAMBDSjTUKS6c6bNcvlbqERWV3olWAc9rvbjZ9XWgYbOImWEEJrdDQTIF31ibhxdf1JIHAWO2jzUWQVeMlxMjTYdTCI8otAJ0jaNmCrztV4xkeTd_gGCIBEN_q3N0Hz_YcDKLQ_kpi40tlXHeeEIsMTIio8tAqHjX05DNX-K43mepPklVL4dUIcmJUAplEMybV94NnIGuhDwSnCAv_XkSzvX-vBMfegZwBf9SN5ukFKb2W0WbAtv4IqZQSXErY3kCFmG8JpwBx9UZFkDrXiLHzHZsUwW38wbe274ZLPG0yej7ZBKQyGsQfEFDIIa7xHrmVsaRK07KeZibpBbuTGDYlheffZH1eMTDWi5ovpbE7hP8XyxDIGN-xZhsOqTtvScCX6h9TAyXoT0gfCXcotUo3w5SbrVZAKUyJSw2qslASwyKC8mLiaLihyEdBCI3ncr1kjDzz6ItEPXUH5DkxKn4jOShyJ6Xfj9_6VkwDaivRGvQJU-5drHjVmhVzQyRokmYZHzmKmRRDt7q3FmQtsyvF4t9E37LvBrZIhKEbert84KiPxUAu08nHFoLwNs086x_VoO0rLLBnXdM5INMc61NQJjZ9cJNjMQx31xbmmThggwKzIns1cODD2iWy9zGuG1tbR1oFk5J_scN-5u9HpdS8ukW6ponVd7WldL0T2KLjLc0_V646FXfegViE01PzC_ILZhGsVum41NlfZpJewOD_VN48yWUNKfk-ep24CAfGBWYatl7DKfenKUc1byK_0U7VXw0oLfTHR0smFHuBrcODLFA1J4oSj3gQTHTY-Gjxkgxrp63yj1CrMA3vqvUzbYcYMX-io--YnmDmMO8h0To23BYe6wnwHkLiSFEMXbq1Nkl06p_3UcePFdS6n_2-g_14ypfDB8ZDvByk_dBcA1nAhZQTp5m6Rpxu_N3K6f9pFwNV3hIn_lREabyPMRwV1K9L4BvvefyT-4A8NF3uzyru49BPSoKiN1ny9vGYkBOfX2R2mw21pI1RYB-0SNK90voiBgKRnlI6zeF3yIA1xmhHIlx6HvLkSrzP23WhyIXWzxxMO2Qn2GlNbMz7W_6IcIUSPr0Q-8wX1DVLBQTrXDyXr4blkrrLwX8Vft4Rn-S5Bm_s1B9RHxpoTCdHsvc_lxCAgGPKaHfiByTq1gfP2FC18Vj7lVq-PerrLrpneFUtSDtguupOdiEoQpXKzQfR1n2Q32-xxcVSFBy8oBzG2u2Bf2Bdfv8nwTKvt-Cxx9cK8_U0nxhT-xNG4SUtgKPOCT7IJACwyLoxe_5bDcETntbXEQI9diJU88VdSXbnfhRLeW-sBouTkb9yFvoRefpbpaU1mVCrSxQdr0rCHjhhq4AeXgbkVifFMghKGPaJUZRnssUfkj8XxGHMHEKZ6Rw-2NXGDLgrsegw_nQ&sai=AMfl-YQLaybqj00TS8-ALc9l9P9s3lwo0EIqg3A3ImdoMadly5duNHebDXtJr58BKCnQqdja7Yd_I83AjuWc4vDRc5snrFOx5V4cS89j5UBc_GYEXQgEMQvKpXA9mO5Risf5Rkd8kNcnuQw-XTa7Q_bxBeM4EPNa9wF-vKNRwHc8ZoAaS4uJUAUMHpHCxwTRiRzE5acdK8emG9UwaXXwyIJxnflqXhnep7Ku-a2LBibCCLyXBNmRtalOEsTPdObM4v1nJwJhyVQ5lDyXQQMqx4Sy9gayxwmJ1EzkxAeE0tmkiDUOl43Qo2pBBOfLRYOwVierlvhPijz9wNwyAcJJ6AlKAgQ1WmVh_TB1p1498Yd9Uuoj5JrVRaC274sr1OkuNCJglkxYKSRCyOLEitCQYrjcoc7-1oskWfPUt1aYGOpMyrnWPF6eEhqOTPMYx4IlSPnT2OAGJOvejOvhHp5rknK8HfDiFDFO3DRPDM1vG6ZiPzdxT01KQhcwWaYQr8g1wkKxeHDZSPuNMQ&sig=Cg0ArKJSzKWRXBMXYB7PEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9zZXBob3JhLmNvbQ&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20241022.97295&arae=1&ftch=1&adurl= HTTP/1.1Host: ad.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: event-source=navigation-sourceReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic HTTP traffic detected: GET /simgad/7027707479814622026 HTTP/1.1Host: s0.2mdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /i/ca-pub-6555658820068848?href=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&ers=2 HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cutepdf-editor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /adsense/search/async-ads.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cutepdf-editor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pcs/view?xai=AKAOjsvkf21Tb0lrB_-YtQeBEQ_DwCcyHRy3AkSOaJyKvqPFl40kvGWvqheAGAXO-snLEbAMBDSjTUKS6c6bNcvlbqERWV3olWAc9rvbjZ9XWgYbOImWEEJrdDQTIF31ibhxdf1JIHAWO2jzUWQVeMlxMjTYdTCI8otAJ0jaNmCrztV4xkeTd_gGCIBEN_q3N0Hz_YcDKLQ_kpi40tlXHeeEIsMTIio8tAqHjX05DNX-K43mepPklVL4dUIcmJUAplEMybV94NnIGuhDwSnCAv_XkSzvX-vBMfegZwBf9SN5ukFKb2W0WbAtv4IqZQSXErY3kCFmG8JpwBx9UZFkDrXiLHzHZsUwW38wbe274ZLPG0yej7ZBKQyGsQfEFDIIa7xHrmVsaRK07KeZibpBbuTGDYlheffZH1eMTDWi5ovpbE7hP8XyxDIGN-xZhsOqTtvScCX6h9TAyXoT0gfCXcotUo3w5SbrVZAKUyJSw2qslASwyKC8mLiaLihyEdBCI3ncr1kjDzz6ItEPXUH5DkxKn4jOShyJ6Xfj9_6VkwDaivRGvQJU-5drHjVmhVzQyRokmYZHzmKmRRDt7q3FmQtsyvF4t9E37LvBrZIhKEbert84KiPxUAu08nHFoLwNs086x_VoO0rLLBnXdM5INMc61NQJjZ9cJNjMQx31xbmmThggwKzIns1cODD2iWy9zGuG1tbR1oFk5J_scN-5u9HpdS8ukW6ponVd7WldL0T2KLjLc0_V646FXfegViE01PzC_ILZhGsVum41NlfZpJewOD_VN48yWUNKfk-ep24CAfGBWYatl7DKfenKUc1byK_0U7VXw0oLfTHR0smFHuBrcODLFA1J4oSj3gQTHTY-Gjxkgxrp63yj1CrMA3vqvUzbYcYMX-io--YnmDmMO8h0To23BYe6wnwHkLiSFEMXbq1Nkl06p_3UcePFdS6n_2-g_14ypfDB8ZDvByk_dBcA1nAhZQTp5m6Rpxu_N3K6f9pFwNV3hIn_lREabyPMRwV1K9L4BvvefyT-4A8NF3uzyru49BPSoKiN1ny9vGYkBOfX2R2mw21pI1RYB-0SNK90voiBgKRnlI6zeF3yIA1xmhHIlx6HvLkSrzP23WhyIXWzxxMO2Qn2GlNbMz7W_6IcIUSPr0Q-8wX1DVLBQTrXDyXr4blkrrLwX8Vft4Rn-S5Bm_s1B9RHxpoTCdHsvc_lxCAgGPKaHfiByTq1gfP2FC18Vj7lVq-PerrLrpneFUtSDtguupOdiEoQpXKzQfR1n2Q32-xxcVSFBy8oBzG2u2Bf2Bdfv8nwTKvt-Cxx9cK8_U0nxhT-xNG4SUtgKPOCT7IJACwyLoxe_5bDcETntbXEQI9diJU88VdSXbnfhRLeW-sBouTkb9yFvoRefpbpaU1mVCrSxQdr0rCHjhhq4AeXgbkVifFMghKGPaJUZRnssUfkj8XxGHMHEKZ6Rw-2NXGDLgrsegw_nQ&sai=AMfl-YQLaybqj00TS8-ALc9l9P9s3lwo0EIqg3A3ImdoMadly5duNHebDXtJr58BKCnQqdja7Yd_I83AjuWc4vDRc5snrFOx5V4cS89j5UBc_GYEXQgEMQvKpXA9mO5Risf5Rkd8kNcnuQw-XTa7Q_bxBeM4EPNa9wF-vKNRwHc8ZoAaS4uJUAUMHpHCxwTRiRzE5acdK8emG9UwaXXwyIJxnflqXhnep7Ku-a2LBibCCLyXBNmRtalOEsTPdObM4v1nJwJhyVQ5lDyXQQMqx4Sy9gayxwmJ1EzkxAeE0tmkiDUOl43Qo2pBBOfLRYOwVierlvhPijz9wNwyAcJJ6AlKAgQ1WmVh_TB1p1498Yd9Uuoj5JrVRaC274sr1OkuNCJglkxYKSRCyOLEitCQYrjcoc7-1oskWfPUt1aYGOpMyrnWPF6eEhqOTPMYx4IlSPnT2OAGJOvejOvhHp5rknK8HfDiFDFO3DRPDM1vG6ZiPzdxT01KQhcwWaYQr8g1wkKxeHDZSPuNMQ&sig=Cg0ArKJSzKWRXBMXYB7PEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9zZXBob3JhLmNvbQ&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1278&vt=11&dtpt=1277&dett=2&cstd=0&cisv=r20241022.97295&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&arae=1&ftch=1&adurl= HTTP/1.1Host: ad.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligi
Source: global traffic HTTP traffic detected: GET /pcs/view?xai=AKAOjsu8i23Pa_hcCjAEn29uF7Jsuxt-8JXIy2WFxEqoFCtHz57_2KQKKZj1IAPskzAsXl506OJ-_M9vfpJH2I8_ic_hlQobem8Cee99oE1zrQj6dBHS9RgRtZG_dc08OoVgKho_N1uy066UKG_M1z5h0kUwQd1oHeE1wEWFT0XaLNq3mE_Zbi4pL_YUzsGExh8tvj3XvBLM8pA62WLEjf4E5QY5PL97jb-sjis4oqytM6bRPVpf-gVlBcWEEcqWLp5uRoiRNyTQo-fQ36Ikhs4mqMJrXhw2Q2oMQKRvTbczqL6P9DGl0n5GmVEWlU2TvZUymLIx1QuOYvQuFc9OE1bbVcACTy3xaevCax1tvLjkqcNaIcT5CJVCX_2pIUyf6y3Xvi2QIjVR3BXT73OPRRvu8QSUQpBgF8CaELje5kVpaZGJwa-J10pkExGGIrz2VJSTQfiC9yXq-FFSknrAsbJr_Odw6rRY5LpTgeWpjsdsRTq4wPAJFpLctaEebdCmYpkjWr2KQRKkcUHoSpRSubrgjAD7x8PT_wtM6hXx5sMsae0uHbIvH3IDEmTBc9ZaSxF36CY7zxzk48x58lyLyak8Ia9--9WKhr7HSGT-9AXnylluXUEalvIpjV7Y2u9Zahbd28nMGvpiH4wlxeacFJx8TO_KL07FboYFBx3Zcg3qG-caRY0K8al9_KNIWgKeebDfg2ea6_kyhghBsLjeUJN12j_gHMYnmFG0UDmAYRV0DdBcUcfjvjtJQz0g6PX7m_B6H9hH_UIJcUYZ2CTigL8-fCXOcr9lfHF6FSH1IwefD0CLovk94cwC6F5wjHBmUUnlwcDmczT2mn4USA5iU6orzarGSiZfL0J2SbEb21XAFpI3Me6A_aZwD1vN9sCZXFj1-Av_uGNOjQHvp84Ky4r0IP3T4pBRIjpKqpUL_-D7z5nKnPmNJclLTIZFFGp3ZXfMdtWbSdnJmbow01Zg-1nKMs-ibq_3q8TlaeebZ2XpjnXTGOpdQmePoK_o9TUCggRcTjgZFtDmkfeX2wtTdoF_Fu_Ui7VSo2_ybYCJ2mGp4Iik9y3OUoEycxDg5c6xdawyaVbWJIZf3odfe6dW5FgAHE64VV-CxyQrLH9fVVKLXSHYAwcCys5Y-kkoF7EpvQaZYwj5Ma7D6I5NfdzTeskKcjtWG1I4D0pcTGNah5xo30joBCqYK5krCHKVjyEDT_OSAHqIYL4_R7bhspuqXclxVKeQ6nmnfBlLz4YjsbTrSRUNLEo2aJiqAhUm2me8SdtONjWlBRY-z22JQBkhDECNrgIOUdFB_6vrc5PfmRVCybbVgEFfq9imSg4xFJlH4_9YXPh9xeGVzfny8aNF7ZmagJbaCx2r52tFv2BPbLkKuIAq&sai=AMfl-YRIRufMBVphbL3jjX0cMDC_CI0hzL2FFjP0_XtwxFEsPZp3cvY6CSNR5x5xaSTVjK7J1DjOJ4AltkPh0ESdiAnkiEUc46z2WJUymCTwPvQdmatoykNkf8eLhSEYY2hOHguv-lkqy6t9JVV9wR2Ov2VlBQ7RbhsAyh0Njv2wdI8DsfK_5uXqCX97w4acWiEfvgpsBZeGyZYtpm3hJefN59IwNoGPm3wcyN-VBFdKYADq82aULQ0_Of_-LKzCVF-ct7QmceO2G0M1LpSWju6RSiLgZn7uPsLq9Em2yGrWWeTZzozSYZp8fGIFRLQ1a_Dr3nanEbteNpgsBXeNcWyrAW3PHpu72TifYYm2SVTaks0UxRRPjryk1lsalBjNdJArBiNDGKxDURvv7IZukVqNsb6xbmaw4Y77bAasNXhRGHbNTHZKO77cwlldbgVpwHMatkkFQiEthaLHYgDqD364fNGA13xvJXjQnPfkRs0e8w1ZSbZJRlLfZaZdAaW5EaoDHcxI8yeeqgk&sig=Cg0ArKJSzOJVokbZ0PYLEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9wZGZodWJ0b2RheS5jb20&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1433&vt=11&dtpt=1428&dett=2&cstd=1&cisv=r20241022.43103&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&arae=1&ftch=1&adurl= HTTP/1.1Host: ad.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: not-trigger, not-navigation-source, event-sourceReferer: https://googleads.g.doublecl
Source: global traffic HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /pcs/view?xai=AKAOjsscIms9HimZZMOy0LhK_O7_SLnbj6E4XcJzeIdk48TcZ4Lx38WyVjWrg-vwihqoGUW_EoQpr61sfMBuPby_XAs94BxLtDRrCQ4ZIV6ZNrQMeWpCRGI4ExcXDApa4CQQPQv1Eyk-zwuCW3Kmnh6ke8siL0vSAl5ilNk5W49RWYnKVJuwXZv8wfeaF8PJTB4VxC4v2LkydeEih5eJieDy6_hO4czTrdQjRc0BXpWyCYbRBcbQXowDvNsmuo9-BNaO5yPxcQaNsnnec_nYSAo7ui2trWe3YEEMhkctmhE30gAsujWtE25q0TOEsFF2g4AbNZ8dQASySJjsiXaWNrCUU-SiW0d2_4FECT3Oxb2U1xmsqL7WbTxXTsnB01zMN2UHcJNuugNXByYaFlhuofnV7xFfNtRVYbXehRo6LR7sVCkEGcJAMrNXnWRDNj-4iNRbdzhnsRVyKw-gnL7KYWsCLJvitziuFtJFV2nseRFTWxq-qMupvKARi25cfe7_cqSHfPE_BLEZHf-ltbgq96n479Zj_lwEjoNSeVOHv4VQWQvc70SQpnQ-3lGe6cwTvI-3VRyy10PBJuVCSGFjmwR3N7Ek7wREa-iFU0PDACBuGfONi7ONU8kH4xiKVcdbf6HlGse-SDKDpNYgsMG0ZKHB0MvJFNa3_gxTBANy4tUpS0SSb906foFUJ75eUzMscsNHX1kCiRzCzvsHcxRuxfMLcO1o3EhcAEHU68qclxcEPeOsACDg6-bnpUSUheh4UkoS-kP7h9i5Tc9AhZKJhSuNvQJQvqEpVwBp5CFZzF2ys66NJQ6P9jG9V2r6d9HJPvZLzYfS1K5CiGjPTw_tplmNUWHJ7wf7s4tqxqKNNELEd7kDW3yRm5UnaIVVFzrsWUioqtrs8CtrZux9dhNmOvNn3Y0GiyFwvSyCs7R2vhEFLMdRNqUAhDfmEO4qkiiCFgIZW2VfHZb6QObcKy4dRZdoVUUQJAS4NYShks5etM-zQt318yZOPkgj0NFno5fAJaSW3jlZ223FR8Hkq90cujpT0E4pyqyA32QcxPM45DtC9E-UqaQagJfUdLFt03ljpKeLe1fhzEsSYPXPebfviEXBZGmRu-oGRfNQAlABouHDfzAO6waywrh8DN7FClenHxt4c-ui-8UyMhAnyjisGhf1aJ38ua1f1OhaQPgVfuWmbx8UdA0s7ubxBhRAdZG-si9asGO-Pr23f8Nwz9WHcXUSHjUxLlacInwhfuJLB8BMt1R3RDxP9lwlKaAv1dGFVr3qTEcZZYiPv7TSrhGao77KXRUkPheHvxH7NLAKzCOk4Rowi9V7QfVoDLOYxnX2UMIzbeKoepgblJCWPwWOemZFDHbh67xsM4JvpoY&sai=AMfl-YS8fNvo0km5tVINWjm52gPno9O77gL-yGTigvtd7yQ2lvpQb5lBVMYmD7L33nDo4cEj2ZJ-rIkD_h6IWGEAQOmGl8pXCvOXvWrCUYAPllUciKMTQDECkS7Frux-FzGlzsx_wLBbSefILDQh5qZ0PYoFP3RTx2igpet58Dcvz38OI2WZjJy9x9DNmRwM3aeUDX_cqtt2kJLgjk2fDoxnh6WntdCPMXhsD_wpx-D48pbD9Q5pq5mBwBxP-3xlHY2zdTMPx0lckLhkq2UkAeInimkO6v-ca8zd0P95lMgQxous4kLdAFAdHOnhTb1D_4RiDG3UIQSrIMEWw82CmalxwIDTTHu2exZ4opAH20zc8rtY4F0PvYArbCkKVwySjKPwyQYt_hYEspLFh4FKo5ETIaqUkycM_6D4VN9_-yu-XYXqYdjt9o3pf08KF_Q7LO8CxmzX-VUkdVuJdVVCtzul9OG2ys3gQAXTDiICxNyNIDFM110ccqbhq_qceji6cNNkJZTx6ARRmAs&sig=Cg0ArKJSzKO8sP2fzwSUEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9wZGZodWJ0b2RheS5jb20&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=3&cbvp=1&cstd=0&cisv=r20241022.82858&arae=1&ftch=1&adurl= HTTP/1.1Host: ad.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ar_debug=1; IDE=AHWqTUnom_oBo3zgyzs6Aoj5RLXjuo3e6_6wZ2hoWw_qqLQymDvt9oTYaRyRwncACi8
Source: global traffic HTTP traffic detected: GET /pcs/view?xai=AKAOjsu8i23Pa_hcCjAEn29uF7Jsuxt-8JXIy2WFxEqoFCtHz57_2KQKKZj1IAPskzAsXl506OJ-_M9vfpJH2I8_ic_hlQobem8Cee99oE1zrQj6dBHS9RgRtZG_dc08OoVgKho_N1uy066UKG_M1z5h0kUwQd1oHeE1wEWFT0XaLNq3mE_Zbi4pL_YUzsGExh8tvj3XvBLM8pA62WLEjf4E5QY5PL97jb-sjis4oqytM6bRPVpf-gVlBcWEEcqWLp5uRoiRNyTQo-fQ36Ikhs4mqMJrXhw2Q2oMQKRvTbczqL6P9DGl0n5GmVEWlU2TvZUymLIx1QuOYvQuFc9OE1bbVcACTy3xaevCax1tvLjkqcNaIcT5CJVCX_2pIUyf6y3Xvi2QIjVR3BXT73OPRRvu8QSUQpBgF8CaELje5kVpaZGJwa-J10pkExGGIrz2VJSTQfiC9yXq-FFSknrAsbJr_Odw6rRY5LpTgeWpjsdsRTq4wPAJFpLctaEebdCmYpkjWr2KQRKkcUHoSpRSubrgjAD7x8PT_wtM6hXx5sMsae0uHbIvH3IDEmTBc9ZaSxF36CY7zxzk48x58lyLyak8Ia9--9WKhr7HSGT-9AXnylluXUEalvIpjV7Y2u9Zahbd28nMGvpiH4wlxeacFJx8TO_KL07FboYFBx3Zcg3qG-caRY0K8al9_KNIWgKeebDfg2ea6_kyhghBsLjeUJN12j_gHMYnmFG0UDmAYRV0DdBcUcfjvjtJQz0g6PX7m_B6H9hH_UIJcUYZ2CTigL8-fCXOcr9lfHF6FSH1IwefD0CLovk94cwC6F5wjHBmUUnlwcDmczT2mn4USA5iU6orzarGSiZfL0J2SbEb21XAFpI3Me6A_aZwD1vN9sCZXFj1-Av_uGNOjQHvp84Ky4r0IP3T4pBRIjpKqpUL_-D7z5nKnPmNJclLTIZFFGp3ZXfMdtWbSdnJmbow01Zg-1nKMs-ibq_3q8TlaeebZ2XpjnXTGOpdQmePoK_o9TUCggRcTjgZFtDmkfeX2wtTdoF_Fu_Ui7VSo2_ybYCJ2mGp4Iik9y3OUoEycxDg5c6xdawyaVbWJIZf3odfe6dW5FgAHE64VV-CxyQrLH9fVVKLXSHYAwcCys5Y-kkoF7EpvQaZYwj5Ma7D6I5NfdzTeskKcjtWG1I4D0pcTGNah5xo30joBCqYK5krCHKVjyEDT_OSAHqIYL4_R7bhspuqXclxVKeQ6nmnfBlLz4YjsbTrSRUNLEo2aJiqAhUm2me8SdtONjWlBRY-z22JQBkhDECNrgIOUdFB_6vrc5PfmRVCybbVgEFfq9imSg4xFJlH4_9YXPh9xeGVzfny8aNF7ZmagJbaCx2r52tFv2BPbLkKuIAq&sai=AMfl-YRIRufMBVphbL3jjX0cMDC_CI0hzL2FFjP0_XtwxFEsPZp3cvY6CSNR5x5xaSTVjK7J1DjOJ4AltkPh0ESdiAnkiEUc46z2WJUymCTwPvQdmatoykNkf8eLhSEYY2hOHguv-lkqy6t9JVV9wR2Ov2VlBQ7RbhsAyh0Njv2wdI8DsfK_5uXqCX97w4acWiEfvgpsBZeGyZYtpm3hJefN59IwNoGPm3wcyN-VBFdKYADq82aULQ0_Of_-LKzCVF-ct7QmceO2G0M1LpSWju6RSiLgZn7uPsLq9Em2yGrWWeTZzozSYZp8fGIFRLQ1a_Dr3nanEbteNpgsBXeNcWyrAW3PHpu72TifYYm2SVTaks0UxRRPjryk1lsalBjNdJArBiNDGKxDURvv7IZukVqNsb6xbmaw4Y77bAasNXhRGHbNTHZKO77cwlldbgVpwHMatkkFQiEthaLHYgDqD364fNGA13xvJXjQnPfkRs0e8w1ZSbZJRlLfZaZdAaW5EaoDHcxI8yeeqgk&sig=Cg0ArKJSzOJVokbZ0PYLEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9wZGZodWJ0b2RheS5jb20&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=5&cbvp=1&cstd=1&cisv=r20241022.43103&arae=1&ftch=1&adurl= HTTP/1.1Host: ad.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ar_debug=1; IDE=AHWqTUnom_oBo3zgyzs6Aoj5RLXjuo3e6_6wZ2hoWw_qqLQymDvt9oTYaRyRwncACi8
Source: global traffic HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /simgad/2992038092943504460 HTTP/1.1Host: s0.2mdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /simgad/14090383124701222626 HTTP/1.1Host: s0.2mdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /pcs/view?xai=AKAOjsvkf21Tb0lrB_-YtQeBEQ_DwCcyHRy3AkSOaJyKvqPFl40kvGWvqheAGAXO-snLEbAMBDSjTUKS6c6bNcvlbqERWV3olWAc9rvbjZ9XWgYbOImWEEJrdDQTIF31ibhxdf1JIHAWO2jzUWQVeMlxMjTYdTCI8otAJ0jaNmCrztV4xkeTd_gGCIBEN_q3N0Hz_YcDKLQ_kpi40tlXHeeEIsMTIio8tAqHjX05DNX-K43mepPklVL4dUIcmJUAplEMybV94NnIGuhDwSnCAv_XkSzvX-vBMfegZwBf9SN5ukFKb2W0WbAtv4IqZQSXErY3kCFmG8JpwBx9UZFkDrXiLHzHZsUwW38wbe274ZLPG0yej7ZBKQyGsQfEFDIIa7xHrmVsaRK07KeZibpBbuTGDYlheffZH1eMTDWi5ovpbE7hP8XyxDIGN-xZhsOqTtvScCX6h9TAyXoT0gfCXcotUo3w5SbrVZAKUyJSw2qslASwyKC8mLiaLihyEdBCI3ncr1kjDzz6ItEPXUH5DkxKn4jOShyJ6Xfj9_6VkwDaivRGvQJU-5drHjVmhVzQyRokmYZHzmKmRRDt7q3FmQtsyvF4t9E37LvBrZIhKEbert84KiPxUAu08nHFoLwNs086x_VoO0rLLBnXdM5INMc61NQJjZ9cJNjMQx31xbmmThggwKzIns1cODD2iWy9zGuG1tbR1oFk5J_scN-5u9HpdS8ukW6ponVd7WldL0T2KLjLc0_V646FXfegViE01PzC_ILZhGsVum41NlfZpJewOD_VN48yWUNKfk-ep24CAfGBWYatl7DKfenKUc1byK_0U7VXw0oLfTHR0smFHuBrcODLFA1J4oSj3gQTHTY-Gjxkgxrp63yj1CrMA3vqvUzbYcYMX-io--YnmDmMO8h0To23BYe6wnwHkLiSFEMXbq1Nkl06p_3UcePFdS6n_2-g_14ypfDB8ZDvByk_dBcA1nAhZQTp5m6Rpxu_N3K6f9pFwNV3hIn_lREabyPMRwV1K9L4BvvefyT-4A8NF3uzyru49BPSoKiN1ny9vGYkBOfX2R2mw21pI1RYB-0SNK90voiBgKRnlI6zeF3yIA1xmhHIlx6HvLkSrzP23WhyIXWzxxMO2Qn2GlNbMz7W_6IcIUSPr0Q-8wX1DVLBQTrXDyXr4blkrrLwX8Vft4Rn-S5Bm_s1B9RHxpoTCdHsvc_lxCAgGPKaHfiByTq1gfP2FC18Vj7lVq-PerrLrpneFUtSDtguupOdiEoQpXKzQfR1n2Q32-xxcVSFBy8oBzG2u2Bf2Bdfv8nwTKvt-Cxx9cK8_U0nxhT-xNG4SUtgKPOCT7IJACwyLoxe_5bDcETntbXEQI9diJU88VdSXbnfhRLeW-sBouTkb9yFvoRefpbpaU1mVCrSxQdr0rCHjhhq4AeXgbkVifFMghKGPaJUZRnssUfkj8XxGHMHEKZ6Rw-2NXGDLgrsegw_nQ&sai=AMfl-YQLaybqj00TS8-ALc9l9P9s3lwo0EIqg3A3ImdoMadly5duNHebDXtJr58BKCnQqdja7Yd_I83AjuWc4vDRc5snrFOx5V4cS89j5UBc_GYEXQgEMQvKpXA9mO5Risf5Rkd8kNcnuQw-XTa7Q_bxBeM4EPNa9wF-vKNRwHc8ZoAaS4uJUAUMHpHCxwTRiRzE5acdK8emG9UwaXXwyIJxnflqXhnep7Ku-a2LBibCCLyXBNmRtalOEsTPdObM4v1nJwJhyVQ5lDyXQQMqx4Sy9gayxwmJ1EzkxAeE0tmkiDUOl43Qo2pBBOfLRYOwVierlvhPijz9wNwyAcJJ6AlKAgQ1WmVh_TB1p1498Yd9Uuoj5JrVRaC274sr1OkuNCJglkxYKSRCyOLEitCQYrjcoc7-1oskWfPUt1aYGOpMyrnWPF6eEhqOTPMYx4IlSPnT2OAGJOvejOvhHp5rknK8HfDiFDFO3DRPDM1vG6ZiPzdxT01KQhcwWaYQr8g1wkKxeHDZSPuNMQ&sig=Cg0ArKJSzKWRXBMXYB7PEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9zZXBob3JhLmNvbQ&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20241022.97295&arae=1&ftch=1&adurl= HTTP/1.1Host: ad.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ar_debug=1; IDE=AHWqTUnom_oBo3zgyzs6Aoj5RLXjuo3e6_6wZ2hoWw_qqLQymDvt9oTYaRyRwncACi8
Source: global traffic HTTP traffic detected: GET /pcs/view?xai=AKAOjsscIms9HimZZMOy0LhK_O7_SLnbj6E4XcJzeIdk48TcZ4Lx38WyVjWrg-vwihqoGUW_EoQpr61sfMBuPby_XAs94BxLtDRrCQ4ZIV6ZNrQMeWpCRGI4ExcXDApa4CQQPQv1Eyk-zwuCW3Kmnh6ke8siL0vSAl5ilNk5W49RWYnKVJuwXZv8wfeaF8PJTB4VxC4v2LkydeEih5eJieDy6_hO4czTrdQjRc0BXpWyCYbRBcbQXowDvNsmuo9-BNaO5yPxcQaNsnnec_nYSAo7ui2trWe3YEEMhkctmhE30gAsujWtE25q0TOEsFF2g4AbNZ8dQASySJjsiXaWNrCUU-SiW0d2_4FECT3Oxb2U1xmsqL7WbTxXTsnB01zMN2UHcJNuugNXByYaFlhuofnV7xFfNtRVYbXehRo6LR7sVCkEGcJAMrNXnWRDNj-4iNRbdzhnsRVyKw-gnL7KYWsCLJvitziuFtJFV2nseRFTWxq-qMupvKARi25cfe7_cqSHfPE_BLEZHf-ltbgq96n479Zj_lwEjoNSeVOHv4VQWQvc70SQpnQ-3lGe6cwTvI-3VRyy10PBJuVCSGFjmwR3N7Ek7wREa-iFU0PDACBuGfONi7ONU8kH4xiKVcdbf6HlGse-SDKDpNYgsMG0ZKHB0MvJFNa3_gxTBANy4tUpS0SSb906foFUJ75eUzMscsNHX1kCiRzCzvsHcxRuxfMLcO1o3EhcAEHU68qclxcEPeOsACDg6-bnpUSUheh4UkoS-kP7h9i5Tc9AhZKJhSuNvQJQvqEpVwBp5CFZzF2ys66NJQ6P9jG9V2r6d9HJPvZLzYfS1K5CiGjPTw_tplmNUWHJ7wf7s4tqxqKNNELEd7kDW3yRm5UnaIVVFzrsWUioqtrs8CtrZux9dhNmOvNn3Y0GiyFwvSyCs7R2vhEFLMdRNqUAhDfmEO4qkiiCFgIZW2VfHZb6QObcKy4dRZdoVUUQJAS4NYShks5etM-zQt318yZOPkgj0NFno5fAJaSW3jlZ223FR8Hkq90cujpT0E4pyqyA32QcxPM45DtC9E-UqaQagJfUdLFt03ljpKeLe1fhzEsSYPXPebfviEXBZGmRu-oGRfNQAlABouHDfzAO6waywrh8DN7FClenHxt4c-ui-8UyMhAnyjisGhf1aJ38ua1f1OhaQPgVfuWmbx8UdA0s7ubxBhRAdZG-si9asGO-Pr23f8Nwz9WHcXUSHjUxLlacInwhfuJLB8BMt1R3RDxP9lwlKaAv1dGFVr3qTEcZZYiPv7TSrhGao77KXRUkPheHvxH7NLAKzCOk4Rowi9V7QfVoDLOYxnX2UMIzbeKoepgblJCWPwWOemZFDHbh67xsM4JvpoY&sai=AMfl-YS8fNvo0km5tVINWjm52gPno9O77gL-yGTigvtd7yQ2lvpQb5lBVMYmD7L33nDo4cEj2ZJ-rIkD_h6IWGEAQOmGl8pXCvOXvWrCUYAPllUciKMTQDECkS7Frux-FzGlzsx_wLBbSefILDQh5qZ0PYoFP3RTx2igpet58Dcvz38OI2WZjJy9x9DNmRwM3aeUDX_cqtt2kJLgjk2fDoxnh6WntdCPMXhsD_wpx-D48pbD9Q5pq5mBwBxP-3xlHY2zdTMPx0lckLhkq2UkAeInimkO6v-ca8zd0P95lMgQxous4kLdAFAdHOnhTb1D_4RiDG3UIQSrIMEWw82CmalxwIDTTHu2exZ4opAH20zc8rtY4F0PvYArbCkKVwySjKPwyQYt_hYEspLFh4FKo5ETIaqUkycM_6D4VN9_-yu-XYXqYdjt9o3pf08KF_Q7LO8CxmzX-VUkdVuJdVVCtzul9OG2ys3gQAXTDiICxNyNIDFM110ccqbhq_qceji6cNNkJZTx6ARRmAs&sig=Cg0ArKJSzKO8sP2fzwSUEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9wZGZodWJ0b2RheS5jb20&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1863&vt=11&dtpt=1860&dett=2&cstd=0&cisv=r20241022.82858&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&arae=1&ftch=1&adurl= HTTP/1.1Host: ad.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: event-source, not-navigation-sourceReferer: https://googleads.g.doubleclick.net/Accept-Encod
Source: global traffic HTTP traffic detected: GET /simgad/7027707479814622026 HTTP/1.1Host: s0.2mdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /pcs/view?xai=AKAOjsvkf21Tb0lrB_-YtQeBEQ_DwCcyHRy3AkSOaJyKvqPFl40kvGWvqheAGAXO-snLEbAMBDSjTUKS6c6bNcvlbqERWV3olWAc9rvbjZ9XWgYbOImWEEJrdDQTIF31ibhxdf1JIHAWO2jzUWQVeMlxMjTYdTCI8otAJ0jaNmCrztV4xkeTd_gGCIBEN_q3N0Hz_YcDKLQ_kpi40tlXHeeEIsMTIio8tAqHjX05DNX-K43mepPklVL4dUIcmJUAplEMybV94NnIGuhDwSnCAv_XkSzvX-vBMfegZwBf9SN5ukFKb2W0WbAtv4IqZQSXErY3kCFmG8JpwBx9UZFkDrXiLHzHZsUwW38wbe274ZLPG0yej7ZBKQyGsQfEFDIIa7xHrmVsaRK07KeZibpBbuTGDYlheffZH1eMTDWi5ovpbE7hP8XyxDIGN-xZhsOqTtvScCX6h9TAyXoT0gfCXcotUo3w5SbrVZAKUyJSw2qslASwyKC8mLiaLihyEdBCI3ncr1kjDzz6ItEPXUH5DkxKn4jOShyJ6Xfj9_6VkwDaivRGvQJU-5drHjVmhVzQyRokmYZHzmKmRRDt7q3FmQtsyvF4t9E37LvBrZIhKEbert84KiPxUAu08nHFoLwNs086x_VoO0rLLBnXdM5INMc61NQJjZ9cJNjMQx31xbmmThggwKzIns1cODD2iWy9zGuG1tbR1oFk5J_scN-5u9HpdS8ukW6ponVd7WldL0T2KLjLc0_V646FXfegViE01PzC_ILZhGsVum41NlfZpJewOD_VN48yWUNKfk-ep24CAfGBWYatl7DKfenKUc1byK_0U7VXw0oLfTHR0smFHuBrcODLFA1J4oSj3gQTHTY-Gjxkgxrp63yj1CrMA3vqvUzbYcYMX-io--YnmDmMO8h0To23BYe6wnwHkLiSFEMXbq1Nkl06p_3UcePFdS6n_2-g_14ypfDB8ZDvByk_dBcA1nAhZQTp5m6Rpxu_N3K6f9pFwNV3hIn_lREabyPMRwV1K9L4BvvefyT-4A8NF3uzyru49BPSoKiN1ny9vGYkBOfX2R2mw21pI1RYB-0SNK90voiBgKRnlI6zeF3yIA1xmhHIlx6HvLkSrzP23WhyIXWzxxMO2Qn2GlNbMz7W_6IcIUSPr0Q-8wX1DVLBQTrXDyXr4blkrrLwX8Vft4Rn-S5Bm_s1B9RHxpoTCdHsvc_lxCAgGPKaHfiByTq1gfP2FC18Vj7lVq-PerrLrpneFUtSDtguupOdiEoQpXKzQfR1n2Q32-xxcVSFBy8oBzG2u2Bf2Bdfv8nwTKvt-Cxx9cK8_U0nxhT-xNG4SUtgKPOCT7IJACwyLoxe_5bDcETntbXEQI9diJU88VdSXbnfhRLeW-sBouTkb9yFvoRefpbpaU1mVCrSxQdr0rCHjhhq4AeXgbkVifFMghKGPaJUZRnssUfkj8XxGHMHEKZ6Rw-2NXGDLgrsegw_nQ&sai=AMfl-YQLaybqj00TS8-ALc9l9P9s3lwo0EIqg3A3ImdoMadly5duNHebDXtJr58BKCnQqdja7Yd_I83AjuWc4vDRc5snrFOx5V4cS89j5UBc_GYEXQgEMQvKpXA9mO5Risf5Rkd8kNcnuQw-XTa7Q_bxBeM4EPNa9wF-vKNRwHc8ZoAaS4uJUAUMHpHCxwTRiRzE5acdK8emG9UwaXXwyIJxnflqXhnep7Ku-a2LBibCCLyXBNmRtalOEsTPdObM4v1nJwJhyVQ5lDyXQQMqx4Sy9gayxwmJ1EzkxAeE0tmkiDUOl43Qo2pBBOfLRYOwVierlvhPijz9wNwyAcJJ6AlKAgQ1WmVh_TB1p1498Yd9Uuoj5JrVRaC274sr1OkuNCJglkxYKSRCyOLEitCQYrjcoc7-1oskWfPUt1aYGOpMyrnWPF6eEhqOTPMYx4IlSPnT2OAGJOvejOvhHp5rknK8HfDiFDFO3DRPDM1vG6ZiPzdxT01KQhcwWaYQr8g1wkKxeHDZSPuNMQ&sig=Cg0ArKJSzKWRXBMXYB7PEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9zZXBob3JhLmNvbQ&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1278&vt=11&dtpt=1277&dett=2&cstd=0&cisv=r20241022.97295&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&arae=1&ftch=1&adurl= HTTP/1.1Host: ad.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ar_debug=1; IDE=AHWqTUnom_oBo3zgyzs6Aoj5RLXjuo3e6_6wZ2hoWw_qqLQymDvt9oTYaRyRwncACi8
Source: global traffic HTTP traffic detected: GET /pcs/view?xai=AKAOjsu8i23Pa_hcCjAEn29uF7Jsuxt-8JXIy2WFxEqoFCtHz57_2KQKKZj1IAPskzAsXl506OJ-_M9vfpJH2I8_ic_hlQobem8Cee99oE1zrQj6dBHS9RgRtZG_dc08OoVgKho_N1uy066UKG_M1z5h0kUwQd1oHeE1wEWFT0XaLNq3mE_Zbi4pL_YUzsGExh8tvj3XvBLM8pA62WLEjf4E5QY5PL97jb-sjis4oqytM6bRPVpf-gVlBcWEEcqWLp5uRoiRNyTQo-fQ36Ikhs4mqMJrXhw2Q2oMQKRvTbczqL6P9DGl0n5GmVEWlU2TvZUymLIx1QuOYvQuFc9OE1bbVcACTy3xaevCax1tvLjkqcNaIcT5CJVCX_2pIUyf6y3Xvi2QIjVR3BXT73OPRRvu8QSUQpBgF8CaELje5kVpaZGJwa-J10pkExGGIrz2VJSTQfiC9yXq-FFSknrAsbJr_Odw6rRY5LpTgeWpjsdsRTq4wPAJFpLctaEebdCmYpkjWr2KQRKkcUHoSpRSubrgjAD7x8PT_wtM6hXx5sMsae0uHbIvH3IDEmTBc9ZaSxF36CY7zxzk48x58lyLyak8Ia9--9WKhr7HSGT-9AXnylluXUEalvIpjV7Y2u9Zahbd28nMGvpiH4wlxeacFJx8TO_KL07FboYFBx3Zcg3qG-caRY0K8al9_KNIWgKeebDfg2ea6_kyhghBsLjeUJN12j_gHMYnmFG0UDmAYRV0DdBcUcfjvjtJQz0g6PX7m_B6H9hH_UIJcUYZ2CTigL8-fCXOcr9lfHF6FSH1IwefD0CLovk94cwC6F5wjHBmUUnlwcDmczT2mn4USA5iU6orzarGSiZfL0J2SbEb21XAFpI3Me6A_aZwD1vN9sCZXFj1-Av_uGNOjQHvp84Ky4r0IP3T4pBRIjpKqpUL_-D7z5nKnPmNJclLTIZFFGp3ZXfMdtWbSdnJmbow01Zg-1nKMs-ibq_3q8TlaeebZ2XpjnXTGOpdQmePoK_o9TUCggRcTjgZFtDmkfeX2wtTdoF_Fu_Ui7VSo2_ybYCJ2mGp4Iik9y3OUoEycxDg5c6xdawyaVbWJIZf3odfe6dW5FgAHE64VV-CxyQrLH9fVVKLXSHYAwcCys5Y-kkoF7EpvQaZYwj5Ma7D6I5NfdzTeskKcjtWG1I4D0pcTGNah5xo30joBCqYK5krCHKVjyEDT_OSAHqIYL4_R7bhspuqXclxVKeQ6nmnfBlLz4YjsbTrSRUNLEo2aJiqAhUm2me8SdtONjWlBRY-z22JQBkhDECNrgIOUdFB_6vrc5PfmRVCybbVgEFfq9imSg4xFJlH4_9YXPh9xeGVzfny8aNF7ZmagJbaCx2r52tFv2BPbLkKuIAq&sai=AMfl-YRIRufMBVphbL3jjX0cMDC_CI0hzL2FFjP0_XtwxFEsPZp3cvY6CSNR5x5xaSTVjK7J1DjOJ4AltkPh0ESdiAnkiEUc46z2WJUymCTwPvQdmatoykNkf8eLhSEYY2hOHguv-lkqy6t9JVV9wR2Ov2VlBQ7RbhsAyh0Njv2wdI8DsfK_5uXqCX97w4acWiEfvgpsBZeGyZYtpm3hJefN59IwNoGPm3wcyN-VBFdKYADq82aULQ0_Of_-LKzCVF-ct7QmceO2G0M1LpSWju6RSiLgZn7uPsLq9Em2yGrWWeTZzozSYZp8fGIFRLQ1a_Dr3nanEbteNpgsBXeNcWyrAW3PHpu72TifYYm2SVTaks0UxRRPjryk1lsalBjNdJArBiNDGKxDURvv7IZukVqNsb6xbmaw4Y77bAasNXhRGHbNTHZKO77cwlldbgVpwHMatkkFQiEthaLHYgDqD364fNGA13xvJXjQnPfkRs0e8w1ZSbZJRlLfZaZdAaW5EaoDHcxI8yeeqgk&sig=Cg0ArKJSzOJVokbZ0PYLEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9wZGZodWJ0b2RheS5jb20&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1433&vt=11&dtpt=1428&dett=2&cstd=1&cisv=r20241022.43103&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&arae=1&ftch=1&adurl= HTTP/1.1Host: ad.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ar_debug=1; IDE=AHWqTUnom_oBo3zgyzs6Aoj5RLXjuo3e6_6wZ2hoWw_qqLQymDvt9oTYaRyRwncACi8
Source: global traffic HTTP traffic detected: GET /pcs/view?xai=AKAOjsscIms9HimZZMOy0LhK_O7_SLnbj6E4XcJzeIdk48TcZ4Lx38WyVjWrg-vwihqoGUW_EoQpr61sfMBuPby_XAs94BxLtDRrCQ4ZIV6ZNrQMeWpCRGI4ExcXDApa4CQQPQv1Eyk-zwuCW3Kmnh6ke8siL0vSAl5ilNk5W49RWYnKVJuwXZv8wfeaF8PJTB4VxC4v2LkydeEih5eJieDy6_hO4czTrdQjRc0BXpWyCYbRBcbQXowDvNsmuo9-BNaO5yPxcQaNsnnec_nYSAo7ui2trWe3YEEMhkctmhE30gAsujWtE25q0TOEsFF2g4AbNZ8dQASySJjsiXaWNrCUU-SiW0d2_4FECT3Oxb2U1xmsqL7WbTxXTsnB01zMN2UHcJNuugNXByYaFlhuofnV7xFfNtRVYbXehRo6LR7sVCkEGcJAMrNXnWRDNj-4iNRbdzhnsRVyKw-gnL7KYWsCLJvitziuFtJFV2nseRFTWxq-qMupvKARi25cfe7_cqSHfPE_BLEZHf-ltbgq96n479Zj_lwEjoNSeVOHv4VQWQvc70SQpnQ-3lGe6cwTvI-3VRyy10PBJuVCSGFjmwR3N7Ek7wREa-iFU0PDACBuGfONi7ONU8kH4xiKVcdbf6HlGse-SDKDpNYgsMG0ZKHB0MvJFNa3_gxTBANy4tUpS0SSb906foFUJ75eUzMscsNHX1kCiRzCzvsHcxRuxfMLcO1o3EhcAEHU68qclxcEPeOsACDg6-bnpUSUheh4UkoS-kP7h9i5Tc9AhZKJhSuNvQJQvqEpVwBp5CFZzF2ys66NJQ6P9jG9V2r6d9HJPvZLzYfS1K5CiGjPTw_tplmNUWHJ7wf7s4tqxqKNNELEd7kDW3yRm5UnaIVVFzrsWUioqtrs8CtrZux9dhNmOvNn3Y0GiyFwvSyCs7R2vhEFLMdRNqUAhDfmEO4qkiiCFgIZW2VfHZb6QObcKy4dRZdoVUUQJAS4NYShks5etM-zQt318yZOPkgj0NFno5fAJaSW3jlZ223FR8Hkq90cujpT0E4pyqyA32QcxPM45DtC9E-UqaQagJfUdLFt03ljpKeLe1fhzEsSYPXPebfviEXBZGmRu-oGRfNQAlABouHDfzAO6waywrh8DN7FClenHxt4c-ui-8UyMhAnyjisGhf1aJ38ua1f1OhaQPgVfuWmbx8UdA0s7ubxBhRAdZG-si9asGO-Pr23f8Nwz9WHcXUSHjUxLlacInwhfuJLB8BMt1R3RDxP9lwlKaAv1dGFVr3qTEcZZYiPv7TSrhGao77KXRUkPheHvxH7NLAKzCOk4Rowi9V7QfVoDLOYxnX2UMIzbeKoepgblJCWPwWOemZFDHbh67xsM4JvpoY&sai=AMfl-YS8fNvo0km5tVINWjm52gPno9O77gL-yGTigvtd7yQ2lvpQb5lBVMYmD7L33nDo4cEj2ZJ-rIkD_h6IWGEAQOmGl8pXCvOXvWrCUYAPllUciKMTQDECkS7Frux-FzGlzsx_wLBbSefILDQh5qZ0PYoFP3RTx2igpet58Dcvz38OI2WZjJy9x9DNmRwM3aeUDX_cqtt2kJLgjk2fDoxnh6WntdCPMXhsD_wpx-D48pbD9Q5pq5mBwBxP-3xlHY2zdTMPx0lckLhkq2UkAeInimkO6v-ca8zd0P95lMgQxous4kLdAFAdHOnhTb1D_4RiDG3UIQSrIMEWw82CmalxwIDTTHu2exZ4opAH20zc8rtY4F0PvYArbCkKVwySjKPwyQYt_hYEspLFh4FKo5ETIaqUkycM_6D4VN9_-yu-XYXqYdjt9o3pf08KF_Q7LO8CxmzX-VUkdVuJdVVCtzul9OG2ys3gQAXTDiICxNyNIDFM110ccqbhq_qceji6cNNkJZTx6ARRmAs&sig=Cg0ArKJSzKO8sP2fzwSUEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9wZGZodWJ0b2RheS5jb20&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1863&vt=11&dtpt=1860&dett=2&cstd=0&cisv=r20241022.82858&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&arae=1&ftch=1&adurl= HTTP/1.1Host: ad.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ar_debug=1; IDE=AHWqTUnom_oBo3zgyzs6Aoj5RLXjuo3e6_6wZ2hoWw_qqLQymDvt9oTYaRyRwncACi8
Source: global traffic HTTP traffic detected: GET /f/AGSKWxWxKOVGKRYlIeAjy0KgmIugEZqYHHbxflheHb3kYmK2-GRTE5OmURhJDNYX2_sihhrk3QmG8RI2FqgBs3F04WjQdsyQ7pehzyvla7MtvP6cFphwjsx7-lcuTecoJBTxtQoTBsy_NQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI5NzY5NDU0LDQwMDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cuY3V0ZXBkZi1lZGl0b3IuY29tL3N1cHBvcnQvd3JpdGVyLmFzcCIsbnVsbCxbWzgsIlo3ZnhWeldjSEs0Il0sWzksImVuLVVTIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cutepdf-editor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /xbbe/pixel?d=CNazkvECEJ-FufYCGJ2x8p0CMAE&v=APEucNUO3Xfv768h9NJ6JYA2DJK1GIj950CjvejuQ8NPpM4U0fFvl74aLaryFY5P5qn3xrTJFvrpnUFgeg18_9kLOsBFpWDtwA HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/pagead/html/r20241022/r20190131/zrt_lookup_fy2021.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ar_debug=1; IDE=AHWqTUnom_oBo3zgyzs6Aoj5RLXjuo3e6_6wZ2hoWw_qqLQymDvt9oTYaRyRwncACi8
Source: global traffic HTTP traffic detected: GET /pcs/view?xai=AKAOjsuaBf6JBzJ0d8pVrOj6yFbowQ3znxIHI3Z3K-ftvIxObENZkWNPCrSGaY1Xwvu3c3iYWkbdf2tWAlRKICBQ0FBkN1wypGaVBnxQPSt9N1mxqxrjCfjVDoAPqgpiE5MWVhPgNlEYyXSBFe7X6vZTqX85eMtjS4sHFfcJbzkTPSyDo1KSflWhXjD485MCvmuF2XRSi3qfEZgsiIv9sR9YXbk2sy2JyTFQGr8FmjnayllR7C0LSG-bY72B13Lxgi8ly1xw2ff155GoZwBLHkNmkaK9iP0QvX2r4hhwIiMCnXzW2pTz3b6pFgPfYD_l7u4inViYIMThu9SYkJIJE9w1FRATMlqWqMXAfI_zLyWnOu5VggeIdorkyf_MjelkfRW0wqF7G0CIlM3GCDHR45g42398cKEAXMMSy-YHpEkF4WQe3k-HukzPtfJ3o-o68sjrP8wyB-nYhoUhjX0cpQ3HegNJtOEvZM3mSstICm5DO1OflDIXdZtkQ6o8qzrgfQP4s48scN7bTPEuvICEo49k-jiOjHDjeeWqsvPZU167527FmM67nb69MbuI6MFOOFt-vJ-1JQA9UDX4iZD1clJ48l9PTSUW324-3ZBQzNJ_A9rgHdklJdYA-rRzcL37G6ZUApzpbStPzX8ZhnWoLKe7Az14Rl1C2i3zFmbhcgyVX5h-uZcs0f0H5RV002NZ4TYcIgFwZVxyYrNNZWFnJ7uJWyfmPTWW9W_SfUeH2irxkJO_MEAQqPn7qCIB6LzI-NWk-kVivy8jy279Ei6IvB7re0-yytEDTT7_y6JrXZVoaZNxpmSY8plPA7O1IxmCCewGC3hJaNLQVvPeC0dEM0QwPy-Q9ZLj2rnNRlpQVI569EEF1ZHjlHe6YuOIiAI_naeuIWOXR5eFsPmNBqcRyNdZhB3Bc8N3uZIrR724OH_buoA_33cyOFpS_LVAq1ReWmqLy6Cg0O89voT4IWrEi3Ve2y_c6XR2LftVsc0SKbtzHNEHUs4MaHQRZUS_7i_NspJOhyqlUvL9N5yrCM55NgriDkxSMtpEa1pK1iPF2UmFCRHNm4fhrcLQZxBZs12BcDbJ5fhif2OFIq0A5JYUaOvfDJFK5GoO8GpNYt0XxieUqtOO3ZAZMVt9ABK5Y-66qM4Dnr2xSzdSieNnaXwesdoVsiDrDoHulmih-vi5sriixUibiJgoOYFA8xHoQFASbZQ4NCPGBqqgQKmQrtl8Z4cLv01KQWPElUu4vi-utlyZ3dcuHHozYkF6nklLpCa77K8dLyyByQFE1EvuCvD4oOz0mgvaLRZ0oZ6dhzGpuFIoMITEsA3DPt2YIbxqz4_R-UWny7t9GTBCrFpCBG1g5js34A8kcPXOAhizxnhE67JMK1u1LA&sai=AMfl-YRO3stpGVyrWC1EeHQEeY75BYNIm02kKLobc4mLtDE46p4SvKEqujNqMGaY5ReDLqRrldLC_VTuOP6Mw76vlOG-GXzcjycAkV-eQkyrsaGgjpkkVTO0yY8miawKm--wLWoF-OZC47MYb4nIZYoMhOTLPpQPL0R95FIYZweEceuOnheNKI7Az2fsBkzlxN_Y1FMVwiy-dRs6eMRDgK3sGXDV_h9Tug7-lIT1fn72wP4vcFtpzhdO6-3dLstxts4ibRSD6dpyhp3LHTJeOzmTwJhgMf5RlTKM6_5jBJthg6RJXBnZUZ-N9wMOLCRfWzgSeRKrHGWmRmwHBik6o911s9Khpg0aA0QYTQH4lKyul-HvGBK2VWh-AlEKOkqjxC_ZmgLLYOGmxfOkRwj_fYvg-h5BLel0h-EG89rNWW_plbfqcGjsX20am6lbE94L7LWl2QO5Q3-B3PIh-8CuqK6gmg049iZWALlLaFbGebJ-_Wb3c-8P2RyYQgrUCLCvdCqCJ_fwIzMQj2c&sig=Cg0ArKJSzEVjcV9WySudEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9wZGZodWJ0b2RheS5jb20&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=3&cbvp=2&dett=2&cstd=0&cisv=r20241022.96697&arae=1&ftch=1&adurl= HTTP/1.1Host: ad.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: event-source;trigger, not-navigation-sourceReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ar_debug=1; IDE=AHWqTUnom_oBo3zgyzs6Aoj5RLXjuo3e6_6wZ2hoWw_qqLQymDvt9oTYaRyRwncACi8
Source: global traffic HTTP traffic detected: GET /xbbe/pixel?d=CNazkvECEJ-FufYCGNC28p0CMAE&v=APEucNXmPXckh3PdZo2VQwXvMO3GHBevelDMoGlDcjr7MkT-ba1gWikCm4unvzC4vU4hfFO05-KjAYSkwIiGKB-9suj1MTB2-A HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/pagead/html/r20241022/r20190131/zrt_lookup_fy2021.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ar_debug=1; IDE=AHWqTUnom_oBo3zgyzs6Aoj5RLXjuo3e6_6wZ2hoWw_qqLQymDvt9oTYaRyRwncACi8
Source: global traffic HTTP traffic detected: GET /simgad/2285381732942077146 HTTP/1.1Host: s0.2mdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /f/AGSKWxVIY3OCDdUHaYgEKjGXEsa9SujGAoJeuST9G0tuvsaJdSmOXsAYRKz0C7Ntjaj8EqPMHxOTZv5z3lNHDoldKWe5-gZQjjMq7ZG993FMcqXY1DEAup1LksT3O07bgvOZSc0_AlHIug==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI5NzY5NDU2LDE0NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vd3d3LmN1dGVwZGYtZWRpdG9yLmNvbS9zdXBwb3J0L3dyaXRlci5hc3AiLG51bGwsW1s4LCJaN2Z4VnpXY0hLNCJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cutepdf-editor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /i/ca-pub-6555658820068848?href=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&ers=2 HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /adsense/search/async-ads.js HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /simgad/2285381732942077146 HTTP/1.1Host: s0.2mdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pcs/view?xai=AKAOjsuaBf6JBzJ0d8pVrOj6yFbowQ3znxIHI3Z3K-ftvIxObENZkWNPCrSGaY1Xwvu3c3iYWkbdf2tWAlRKICBQ0FBkN1wypGaVBnxQPSt9N1mxqxrjCfjVDoAPqgpiE5MWVhPgNlEYyXSBFe7X6vZTqX85eMtjS4sHFfcJbzkTPSyDo1KSflWhXjD485MCvmuF2XRSi3qfEZgsiIv9sR9YXbk2sy2JyTFQGr8FmjnayllR7C0LSG-bY72B13Lxgi8ly1xw2ff155GoZwBLHkNmkaK9iP0QvX2r4hhwIiMCnXzW2pTz3b6pFgPfYD_l7u4inViYIMThu9SYkJIJE9w1FRATMlqWqMXAfI_zLyWnOu5VggeIdorkyf_MjelkfRW0wqF7G0CIlM3GCDHR45g42398cKEAXMMSy-YHpEkF4WQe3k-HukzPtfJ3o-o68sjrP8wyB-nYhoUhjX0cpQ3HegNJtOEvZM3mSstICm5DO1OflDIXdZtkQ6o8qzrgfQP4s48scN7bTPEuvICEo49k-jiOjHDjeeWqsvPZU167527FmM67nb69MbuI6MFOOFt-vJ-1JQA9UDX4iZD1clJ48l9PTSUW324-3ZBQzNJ_A9rgHdklJdYA-rRzcL37G6ZUApzpbStPzX8ZhnWoLKe7Az14Rl1C2i3zFmbhcgyVX5h-uZcs0f0H5RV002NZ4TYcIgFwZVxyYrNNZWFnJ7uJWyfmPTWW9W_SfUeH2irxkJO_MEAQqPn7qCIB6LzI-NWk-kVivy8jy279Ei6IvB7re0-yytEDTT7_y6JrXZVoaZNxpmSY8plPA7O1IxmCCewGC3hJaNLQVvPeC0dEM0QwPy-Q9ZLj2rnNRlpQVI569EEF1ZHjlHe6YuOIiAI_naeuIWOXR5eFsPmNBqcRyNdZhB3Bc8N3uZIrR724OH_buoA_33cyOFpS_LVAq1ReWmqLy6Cg0O89voT4IWrEi3Ve2y_c6XR2LftVsc0SKbtzHNEHUs4MaHQRZUS_7i_NspJOhyqlUvL9N5yrCM55NgriDkxSMtpEa1pK1iPF2UmFCRHNm4fhrcLQZxBZs12BcDbJ5fhif2OFIq0A5JYUaOvfDJFK5GoO8GpNYt0XxieUqtOO3ZAZMVt9ABK5Y-66qM4Dnr2xSzdSieNnaXwesdoVsiDrDoHulmih-vi5sriixUibiJgoOYFA8xHoQFASbZQ4NCPGBqqgQKmQrtl8Z4cLv01KQWPElUu4vi-utlyZ3dcuHHozYkF6nklLpCa77K8dLyyByQFE1EvuCvD4oOz0mgvaLRZ0oZ6dhzGpuFIoMITEsA3DPt2YIbxqz4_R-UWny7t9GTBCrFpCBG1g5js34A8kcPXOAhizxnhE67JMK1u1LA&sai=AMfl-YRO3stpGVyrWC1EeHQEeY75BYNIm02kKLobc4mLtDE46p4SvKEqujNqMGaY5ReDLqRrldLC_VTuOP6Mw76vlOG-GXzcjycAkV-eQkyrsaGgjpkkVTO0yY8miawKm--wLWoF-OZC47MYb4nIZYoMhOTLPpQPL0R95FIYZweEceuOnheNKI7Az2fsBkzlxN_Y1FMVwiy-dRs6eMRDgK3sGXDV_h9Tug7-lIT1fn72wP4vcFtpzhdO6-3dLstxts4ibRSD6dpyhp3LHTJeOzmTwJhgMf5RlTKM6_5jBJthg6RJXBnZUZ-N9wMOLCRfWzgSeRKrHGWmRmwHBik6o911s9Khpg0aA0QYTQH4lKyul-HvGBK2VWh-AlEKOkqjxC_ZmgLLYOGmxfOkRwj_fYvg-h5BLel0h-EG89rNWW_plbfqcGjsX20am6lbE94L7LWl2QO5Q3-B3PIh-8CuqK6gmg049iZWALlLaFbGebJ-_Wb3c-8P2RyYQgrUCLCvdCqCJ_fwIzMQj2c&sig=Cg0ArKJSzEVjcV9WySudEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9wZGZodWJ0b2RheS5jb20&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=3&cbvp=2&dett=2&cstd=0&cisv=r20241022.96697&arae=1&ftch=1&adurl= HTTP/1.1Host: ad.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ar_debug=1; IDE=AHWqTUnom_oBo3zgyzs6Aoj5RLXjuo3e6_6wZ2hoWw_qqLQymDvt9oTYaRyRwncACi8
Source: global traffic HTTP traffic detected: GET /images/favicon.ico HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cutepdf-editor.com/support/writer.aspAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP; _ga_XVM5E9PE4F=GS1.1.1729769445.1.0.1729769445.0.0.0; _ga=GA1.1.1884377809.1729769445; __gads=ID=8be9f1c90cb91f53:T=1729769449:RT=1729769449:S=ALNI_Mb5pn05ZnYaK3sEoKNvmfDP0tDvJQ; __gpi=UID=00000f13707f4df9:T=1729769449:RT=1729769449:S=ALNI_MaPST3_z_cc5vw5hdzHi0uE_3qKdw; __eoi=ID=07ecd2b2e6ea54c9:T=1729769449:RT=1729769449:S=AA-AfjYWzgIMQpywx5hGUB9477Hb; __gsas=ID=51d05d524cf5d52c:T=1729769456:RT=1729769456:S=ALNI_MZcj2NMo44gDTIDukYrpILHohCciA
Source: global traffic HTTP traffic detected: GET /f/AGSKWxWxKOVGKRYlIeAjy0KgmIugEZqYHHbxflheHb3kYmK2-GRTE5OmURhJDNYX2_sihhrk3QmG8RI2FqgBs3F04WjQdsyQ7pehzyvla7MtvP6cFphwjsx7-lcuTecoJBTxtQoTBsy_NQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI5NzY5NDU0LDQwMDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cuY3V0ZXBkZi1lZGl0b3IuY29tL3N1cHBvcnQvd3JpdGVyLmFzcCIsbnVsbCxbWzgsIlo3ZnhWeldjSEs0Il0sWzksImVuLVVTIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /f/AGSKWxVIY3OCDdUHaYgEKjGXEsa9SujGAoJeuST9G0tuvsaJdSmOXsAYRKz0C7Ntjaj8EqPMHxOTZv5z3lNHDoldKWe5-gZQjjMq7ZG993FMcqXY1DEAup1LksT3O07bgvOZSc0_AlHIug==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI5NzY5NDU2LDE0NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vd3d3LmN1dGVwZGYtZWRpdG9yLmNvbS9zdXBwb3J0L3dyaXRlci5hc3AiLG51bGwsW1s4LCJaN2Z4VnpXY0hLNCJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /f/AGSKWxUG8d1igCBOVtmDpQuQrbmfkWutDxvz0f8e2v4jsvM_6LvYc2PEVz4oInDg3QyxZwQ-fOPemx6Qn8dBatrm5gwHLLRfGwe0kc2Ges6Lk8g7Q1EEhyD0hq8uTxldXZ_5WMWkRRP_008codl-zjlu-AD7-EL6UPG553QtZXps5jo3Xf30SOM6mfTodb8X/__banner_adv_/ukc-ad./reklama2./ads/displaytrust.=deliverAdFrame& HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cutepdf-editor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/favicon.ico HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP; _ga_XVM5E9PE4F=GS1.1.1729769445.1.0.1729769445.0.0.0; _ga=GA1.1.1884377809.1729769445; __gads=ID=8be9f1c90cb91f53:T=1729769449:RT=1729769449:S=ALNI_Mb5pn05ZnYaK3sEoKNvmfDP0tDvJQ; __gpi=UID=00000f13707f4df9:T=1729769449:RT=1729769449:S=ALNI_MaPST3_z_cc5vw5hdzHi0uE_3qKdw; __eoi=ID=07ecd2b2e6ea54c9:T=1729769449:RT=1729769449:S=AA-AfjYWzgIMQpywx5hGUB9477Hb; __gsas=ID=51d05d524cf5d52c:T=1729769456:RT=1729769456:S=ALNI_MZcj2NMo44gDTIDukYrpILHohCciA
Source: global traffic HTTP traffic detected: GET /sodar/sodar2.js HTTP/1.1Host: ep2.adtrafficquality.googleConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cutepdf-editor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /f/AGSKWxUG8d1igCBOVtmDpQuQrbmfkWutDxvz0f8e2v4jsvM_6LvYc2PEVz4oInDg3QyxZwQ-fOPemx6Qn8dBatrm5gwHLLRfGwe0kc2Ges6Lk8g7Q1EEhyD0hq8uTxldXZ_5WMWkRRP_008codl-zjlu-AD7-EL6UPG553QtZXps5jo3Xf30SOM6mfTodb8X/__banner_adv_/ukc-ad./reklama2./ads/displaytrust.=deliverAdFrame& HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/aframe HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.cutepdf-editor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sodar/sodar2/232/runner.html HTTP/1.1Host: ep2.adtrafficquality.googleConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.cutepdf-editor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sodar/sodar2.js HTTP/1.1Host: ep2.adtrafficquality.googleConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /f/AGSKWxWoYFKd5aKei7TQb9ZXgtN3CyQwRkITwF8-cH4mwraQ0wI6sEFZ8qGFO-Lhe1cUJ73nnP1OxJHKm7ghMIYZuzm7S0Emzwr4q3Fm2hGF6x8qlWJP-GtVjx4arvb3ww_56TwZ8kFdNA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI5NzY5NDYwLDc5NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cuY3V0ZXBkZi1lZGl0b3IuY29tL3N1cHBvcnQvd3JpdGVyLmFzcCIsbnVsbCxbWzgsIlo3ZnhWeldjSEs0Il0sWzksImVuLVVTIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cutepdf-editor.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /f/AGSKWxWoYFKd5aKei7TQb9ZXgtN3CyQwRkITwF8-cH4mwraQ0wI6sEFZ8qGFO-Lhe1cUJ73nnP1OxJHKm7ghMIYZuzm7S0Emzwr4q3Fm2hGF6x8qlWJP-GtVjx4arvb3ww_56TwZ8kFdNA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI5NzY5NDYwLDc5NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cuY3V0ZXBkZi1lZGl0b3IuY29tL3N1cHBvcnQvd3JpdGVyLmFzcCIsbnVsbCxbWzgsIlo3ZnhWeldjSEs0Il0sWzksImVuLVVTIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/htabs2.gif HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cutepdf-editor.com/include/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP; _ga_XVM5E9PE4F=GS1.1.1729769445.1.0.1729769445.0.0.0; _ga=GA1.1.1884377809.1729769445; __gads=ID=8be9f1c90cb91f53:T=1729769449:RT=1729769449:S=ALNI_Mb5pn05ZnYaK3sEoKNvmfDP0tDvJQ; __gpi=UID=00000f13707f4df9:T=1729769449:RT=1729769449:S=ALNI_MaPST3_z_cc5vw5hdzHi0uE_3qKdw; __eoi=ID=07ecd2b2e6ea54c9:T=1729769449:RT=1729769449:S=AA-AfjYWzgIMQpywx5hGUB9477Hb; __gsas=ID=51d05d524cf5d52c:T=1729769456:RT=1729769456:S=ALNI_MZcj2NMo44gDTIDukYrpILHohCciA; FCNEC=%5B%5B%22AKsRol-abEMiG8MqaLH2Pl8cZhXpAb7ByImqE2Q6qk1Vx4rLHSaaW1il1LisRNciUs4mr98QwNpQzwNe96XEVxFhPqO7aauJJINY0gZVXxwFjUkukpuUtAwmSxIz2A9LrN157enHccOstORy1ael2rBRa5NuKolv6w%3D%3D%22%5D%5D
Source: global traffic HTTP traffic detected: GET /images/htabs2.gif HTTP/1.1Host: www.cutepdf-editor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQQXBQBDB=CIFCHJHAKBPKIOECFLMPCMFP; _ga_XVM5E9PE4F=GS1.1.1729769445.1.0.1729769445.0.0.0; _ga=GA1.1.1884377809.1729769445; __gads=ID=8be9f1c90cb91f53:T=1729769449:RT=1729769449:S=ALNI_Mb5pn05ZnYaK3sEoKNvmfDP0tDvJQ; __gpi=UID=00000f13707f4df9:T=1729769449:RT=1729769449:S=ALNI_MaPST3_z_cc5vw5hdzHi0uE_3qKdw; __eoi=ID=07ecd2b2e6ea54c9:T=1729769449:RT=1729769449:S=AA-AfjYWzgIMQpywx5hGUB9477Hb; __gsas=ID=51d05d524cf5d52c:T=1729769456:RT=1729769456:S=ALNI_MZcj2NMo44gDTIDukYrpILHohCciA; FCNEC=%5B%5B%22AKsRol-abEMiG8MqaLH2Pl8cZhXpAb7ByImqE2Q6qk1Vx4rLHSaaW1il1LisRNciUs4mr98QwNpQzwNe96XEVxFhPqO7aauJJINY0gZVXxwFjUkukpuUtAwmSxIz2A9LrN157enHccOstORy1ael2rBRa5NuKolv6w%3D%3D%22%5D%5D
Source: global traffic HTTP traffic detected: GET /download/converter2.asp HTTP/1.1User-Agent: CUTEPDF_SDKHost: download.cutepdf.com
Source: global traffic HTTP traffic detected: GET /download/gplgs.exe HTTP/1.1User-Agent: CUTEPDF_SDKHost: download.cutepdf.comConnection: Keep-AliveCookie: ASPSESSIONIDQQTBQBDB=JHFCHJHACPCFDNIGKBPGODJO
Source: chromecache_713.13.dr, chromecache_683.13.dr String found in binary or memory: return b}nD.F="internal.enableAutoEventOnTimer";var gc=ma(["data-gtm-yt-inspected-"]),pD=["www.youtube.com","www.youtube-nocookie.com"],qD,rD=!1; equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: download.cutepdf.com
Source: global traffic DNS traffic detected: DNS query: www.cutepdf-editor.com
Source: global traffic DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: ad.doubleclick.net
Source: global traffic DNS traffic detected: DNS query: s0.2mdn.net
Source: global traffic DNS traffic detected: DNS query: fundingchoicesmessages.google.com
Source: global traffic DNS traffic detected: DNS query: syndicatedsearch.goog
Source: global traffic DNS traffic detected: DNS query: ep1.adtrafficquality.google
Source: global traffic DNS traffic detected: DNS query: ep2.adtrafficquality.google
Source: unknown HTTP traffic detected: POST /.well-known/attribution-reporting/debug/verbose HTTP/1.1Host: ad.doubleclick.netConnection: keep-aliveContent-Length: 214Pragma: no-cacheCache-Control: no-cacheContent-Type: application/jsonOrigin: https://ad.doubleclick.netSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: gplgs[1].exe.6.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: gplgs[1].exe.6.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332780453.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332181922.0000000000724000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2334331002.0000000000706000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000009.00000002.2556520664.000000000054C000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.exe, unInstcpw64.exe.6.dr, CPWSave.exe.6.dr, is-I6JST.tmp.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332780453.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332181922.0000000000706000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2334331002.0000000000706000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000009.00000002.2556520664.000000000054C000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.exe, unInstcpw64.exe.6.dr, CPWSave.exe.6.dr, is-I6JST.tmp.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332780453.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2334331002.0000000000706000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000009.00000002.2556520664.000000000054C000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.exe, unInstcpw64.exe.6.dr, CPWSave.exe.6.dr, is-I6JST.tmp.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332780453.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332181922.0000000000724000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2334331002.0000000000706000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000009.00000002.2556520664.000000000054C000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.exe, unInstcpw64.exe.6.dr, CPWSave.exe.6.dr, is-I6JST.tmp.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: converter.exe, 00000008.00000002.2634241798.0000000000CC4000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000008.00000003.2632180050.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000008.00000003.2632373481.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe.8.dr String found in binary or memory: http://certificates.godaddy.com/repository/0
Source: gplgs[1].exe.6.dr String found in binary or memory: http://certificates.godaddy.com/repository/0v
Source: converter.exe, 00000008.00000002.2634241798.0000000000CC4000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000008.00000003.2632180050.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000008.00000003.2632373481.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe.8.dr String found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: gplgs[1].exe.6.dr String found in binary or memory: http://certificates.godaddy.com/repository/gdig2.crt0
Source: converter.exe, 00000008.00000003.2632180050.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, Setup.exe.8.dr String found in binary or memory: http://certificates.godaddy.com/repository/gdroot.crl0K
Source: converter.exe, 00000008.00000003.2632180050.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, Setup.exe.8.dr String found in binary or memory: http://certificates.godaddy.com/repository0
Source: converter.exe, 00000008.00000002.2634241798.0000000000CC4000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000008.00000003.2632180050.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000008.00000003.2632373481.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe.8.dr String found in binary or memory: http://certificates.godaddy.com/repository100.
Source: gplgs[1].exe.6.dr String found in binary or memory: http://certs.godaddy.com/repository/1301
Source: gplgs[1].exe.6.dr String found in binary or memory: http://crl.godaddy.com/gdig2s5-1.crl0S
Source: gplgs[1].exe.6.dr String found in binary or memory: http://crl.godaddy.com/gdroot-g2.crl0F
Source: converter.exe, 00000008.00000002.2634241798.0000000000CC4000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000008.00000003.2632180050.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000008.00000003.2632373481.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe.8.dr String found in binary or memory: http://crl.godaddy.com/gds5-16.crl0S
Source: Setup.exe, 00000006.00000003.2332181922.0000000000724000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digi
Source: gplgs[1].exe.6.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332780453.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332181922.0000000000724000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2334331002.0000000000706000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000009.00000002.2556520664.000000000054C000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.exe, unInstcpw64.exe.6.dr, CPWSave.exe.6.dr, is-I6JST.tmp.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: gplgs[1].exe.6.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332780453.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332181922.0000000000706000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2334331002.0000000000706000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000009.00000002.2556520664.000000000054C000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.exe, unInstcpw64.exe.6.dr, CPWSave.exe.6.dr, is-I6JST.tmp.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332780453.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2334331002.0000000000706000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000009.00000002.2556520664.000000000054C000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.exe, unInstcpw64.exe.6.dr, CPWSave.exe.6.dr, is-I6JST.tmp.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: is-I6JST.tmp.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: gplgs[1].exe.6.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: gplgs[1].exe.6.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332780453.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332181922.0000000000706000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2334331002.0000000000706000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000009.00000002.2556520664.000000000054C000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.exe, unInstcpw64.exe.6.dr, CPWSave.exe.6.dr, is-I6JST.tmp.2.dr String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000000.2330921616.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000006.00000002.2560535363.000000000040A000.00000004.00000001.01000000.00000009.sdmp String found in binary or memory: http://download.acrosoftware.com/download/converter.asp?V=P1
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000000.2330921616.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000006.00000002.2560535363.000000000040A000.00000004.00000001.01000000.00000009.sdmp String found in binary or memory: http://download.acrosoftware.com/download/converter.asp?V=P1http://download.cutepdf.com/download/con
Source: Setup.exe, 00000006.00000003.2560163884.0000000000708000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000002.2561385060.0000000000708000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://download.cutepdf.com/
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000000.2330921616.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000006.00000002.2560535363.000000000040A000.00000004.00000001.01000000.00000009.sdmp String found in binary or memory: http://download.cutepdf.com/download/converter.asp?V=P1
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000002.2561385060.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000000.2330921616.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000006.00000003.2560163884.0000000000708000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2560163884.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000002.2561385060.00000000006EE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000002.2560535363.000000000040A000.00000004.00000001.01000000.00000009.sdmp, Setup.exe, 00000006.00000002.2561385060.0000000000708000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://download.cutepdf.com/download/converter2.asp
Source: Setup.exe, 00000006.00000003.2560163884.0000000000708000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000002.2561385060.0000000000708000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://download.cutepdf.com/download/converter2.aspS
Source: Setup.exe, 00000006.00000003.2560163884.0000000000708000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000002.2561385060.0000000000708000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://download.cutepdf.com/download/gplgs.exe
Source: Setup.exe, 00000006.00000003.2560163884.0000000000708000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000002.2561385060.0000000000708000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://download.cutepdf.com/download/gplgs.exeR
Source: Setup.exe, 00000006.00000003.2560163884.0000000000708000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000002.2561385060.0000000000708000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://download.cutepdf.com/oft
Source: chromecache_755.13.dr String found in binary or memory: http://googleads.g.doubleclick.net
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332780453.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332181922.0000000000706000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2334331002.0000000000706000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000009.00000002.2556520664.000000000054C000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.exe, unInstcpw64.exe.6.dr, CPWSave.exe.6.dr, is-I6JST.tmp.2.dr String found in binary or memory: http://ocsp.digicert.com0
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332780453.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332181922.0000000000724000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2334331002.0000000000706000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000009.00000002.2556520664.000000000054C000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.exe, unInstcpw64.exe.6.dr, CPWSave.exe.6.dr, is-I6JST.tmp.2.dr, gplgs[1].exe.6.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332780453.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332181922.0000000000724000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2334331002.0000000000706000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000009.00000002.2556520664.000000000054C000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.exe, unInstcpw64.exe.6.dr, CPWSave.exe.6.dr, is-I6JST.tmp.2.dr, gplgs[1].exe.6.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332780453.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2334331002.0000000000706000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000009.00000002.2556520664.000000000054C000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.exe, unInstcpw64.exe.6.dr, CPWSave.exe.6.dr, is-I6JST.tmp.2.dr String found in binary or memory: http://ocsp.digicert.com0X
Source: gplgs[1].exe.6.dr String found in binary or memory: http://ocsp.godaddy.com/0
Source: gplgs[1].exe.6.dr String found in binary or memory: http://ocsp.godaddy.com/05
Source: converter.exe, 00000008.00000002.2634241798.0000000000CC4000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000008.00000003.2632180050.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000008.00000003.2632373481.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe.8.dr String found in binary or memory: http://ocsp.godaddy.com/0J
Source: converter.exe, 00000008.00000003.2632180050.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, Setup.exe.8.dr String found in binary or memory: http://ocsp.godaddy.com0F
Source: chromecache_755.13.dr String found in binary or memory: http://pagead2.googlesyndication.com
Source: Fontmap.URW-136.TT.8.dr String found in binary or memory: http://scripts.sil.org/OFL
Source: CuteWriter.tmp, 00000002.00000003.2573863706.0000000002358000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000000.2330921616.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000006.00000002.2560535363.000000000040A000.00000004.00000001.01000000.00000009.sdmp String found in binary or memory: http://www.CutePDF.com
Source: Setup.exe, 00000006.00000002.2560535363.000000000040A000.00000004.00000001.01000000.00000009.sdmp String found in binary or memory: http://www.CutePDF.comCutePDF
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000000.2330921616.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000006.00000002.2560535363.000000000040A000.00000004.00000001.01000000.00000009.sdmp String found in binary or memory: http://www.CutePDF.comInstallLocationDisplayIconPublisherAcro
Source: Setup.exe, 0000000E.00000002.2626646799.00000000006D3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.artifex.
Source: stocht.ps.8.dr, viewpcx.ps.14.dr, image-qa.ps.8.dr, impath.ps.8.dr, ps2ai.ps.14.dr, stocht.ps.14.dr, FCOfontmap-PCLPS3.8.dr, stcolor.ps.8.dr, gs_ksb_e.ps.8.dr, jispaper.ps.8.dr, addxchar.ps.8.dr, gs_ce_e.ps.8.dr, prfont.ps.14.dr, zeroline.ps.14.dr, gs_ksb_e.ps.14.dr, Fontmap.VMS.14.dr, gs_ce_e.ps.14.dr, align.ps.8.dr, viewrgb.ps.8.dr, Fontmap.Sol.14.dr, font2pcl.ps.8.dr String found in binary or memory: http://www.artifex.com
Source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.color.org
Source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.color.orgstartxref
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, README.HTM.6.dr String found in binary or memory: http://www.cutepdf.com
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, README.HTM.6.dr String found in binary or memory: http://www.cutepdf.com/products/cutepdf/Writer.asp#download
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332780453.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2332181922.0000000000706000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2334331002.0000000000706000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000009.00000002.2556520664.000000000054C000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.exe, unInstcpw64.exe.6.dr, CPWSave.exe.6.dr, is-I6JST.tmp.2.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: gplgs[1].exe.6.dr String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: CuteWriter.exe, 00000000.00000003.2126312580.00000000023B0000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.exe, 00000000.00000003.2126551123.0000000002174000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000000.2127413313.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: http://www.innosetup.com/
Source: CuteWriter.exe String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
Source: CuteWriter.exe String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: CuteWriter.exe, 00000000.00000003.2126312580.00000000023B0000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.exe, 00000000.00000003.2126551123.0000000002174000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000000.2127413313.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: http://www.remobjects.com/ps
Source: CuteWriter.exe, 00000000.00000003.2126312580.00000000023B0000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.exe, 00000000.00000003.2126551123.0000000002174000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000000.2127413313.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: http://www.remobjects.com/psU
Source: Fontmap.VMS.14.dr, Fontmap.Sol.14.dr, Fontmap.Sol.8.dr String found in binary or memory: http://www.urwpp.de
Source: converter.exe, 00000008.00000003.2632373481.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.winzip.com
Source: converter.exe, 00000008.00000003.2632485790.0000000000CC6000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000008.00000003.2632180050.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000008.00000003.2632373481.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.winzip.comCan
Source: converter.exe, 00000008.00000003.2632485790.0000000000CC6000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000008.00000003.2632180050.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000008.00000003.2632373481.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.winzip.comThis
Source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.xfa.org/schema/xfa-data/1.0/
Source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.xfa.org/schema/xfa-data/1.0/dataNodedataGroupdataValueexclGroupsubform#subformfieldoccuri
Source: chromecache_702.13.dr, chromecache_696.13.dr String found in binary or memory: https://adsense.com.
Source: chromecache_683.13.dr String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_713.13.dr, chromecache_683.13.dr String found in binary or memory: https://cct.google/taggy/agent.js
Source: gplgs[1].exe.6.dr String found in binary or memory: https://certs.godaddy.com/repository/0
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, CPWSave.exe.6.dr String found in binary or memory: https://download.cutepdf.com/Public/converter.asp?V=40
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, CPWSave.exe.6.dr String found in binary or memory: https://download.cutepdf.com/Public/converter.asp?V=40CutePDF
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, README.HTM.6.dr String found in binary or memory: https://editor.cutepdf.com/
Source: chromecache_711.13.dr String found in binary or memory: https://ep1.adtrafficquality.google/bg/
Source: chromecache_711.13.dr String found in binary or memory: https://ep1.adtrafficquality.google/pagead/gen_204?id=sodar2&v=232
Source: chromecache_711.13.dr String found in binary or memory: https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232
Source: chromecache_711.13.dr String found in binary or memory: https://ep2.adtrafficquality.google
Source: chromecache_711.13.dr String found in binary or memory: https://ep2.adtrafficquality.google/sodar/
Source: chromecache_671.13.dr String found in binary or memory: https://fonts.googleapis.com/css?family=
Source: chromecache_755.13.dr String found in binary or memory: https://googleads.g.doubleclick.net
Source: chromecache_683.13.dr String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_711.13.dr String found in binary or memory: https://pagead2.googlesyndication.com/bg/
Source: chromecache_702.13.dr, chromecache_696.13.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=plmetrics
Source: chromecache_755.13.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=rcs_internal
Source: chromecache_711.13.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=232
Source: chromecache_671.13.dr, chromecache_713.13.dr, chromecache_683.13.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_755.13.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Source: chromecache_702.13.dr, chromecache_755.13.dr, chromecache_696.13.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/err_rep.js
Source: chromecache_702.13.dr, chromecache_696.13.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/logging_library.js
Source: chromecache_696.13.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/$
Source: chromecache_702.13.dr, chromecache_755.13.dr, chromecache_696.13.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/ping?e=1
Source: chromecache_711.13.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=232
Source: chromecache_671.13.dr String found in binary or memory: https://partner.googleadservices.com/gampad/cookie.js
Source: chromecache_713.13.dr, chromecache_683.13.dr String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_671.13.dr String found in binary or memory: https://syndicatedsearch.goog
Source: chromecache_713.13.dr, chromecache_683.13.dr String found in binary or memory: https://td.doubleclick.net
Source: chromecache_711.13.dr String found in binary or memory: https://tpc.googlesyndication.com
Source: chromecache_711.13.dr String found in binary or memory: https://tpc.googlesyndication.com/sodar/
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.exe, README.HTM.6.dr String found in binary or memory: https://www.CutePDF.com
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, README.HTM.6.dr String found in binary or memory: https://www.CutePDF.com/Support
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000002.2561385060.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000000.2330921616.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000006.00000003.2560163884.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000002.2560535363.000000000040A000.00000004.00000001.01000000.00000009.sdmp String found in binary or memory: https://www.cutepdf-editor.com
Source: Setup.exe, 00000006.00000003.2560163884.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2560163884.0000000000765000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000002.2561385060.0000000000765000.00000004.00000020.00020000.00000000.sdmp, Try Free CutePDF Editor.lnk.6.dr, README.HTM.6.dr String found in binary or memory: https://www.cutepdf-editor.com/
Source: Setup.exe, 00000006.00000002.2561385060.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2560163884.0000000000748000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/ca
Source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/editor.asp
Source: Setup.exe, 00000006.00000002.2561385060.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2560163884.0000000000748000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/f8
Source: Setup.exe, 00000006.00000002.2561385060.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2560163884.0000000000748000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/ll
Source: CuteWriter.tmp, 00000002.00000003.2573863706.0000000002358000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp
Source: CuteWriter.tmp, 00000002.00000002.2577514992.00000000032B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp0
Source: CuteWriter.tmp, 00000002.00000003.2571670136.0000000000961000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2571556208.000000000095C000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2571246444.000000000095C000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000002.2577191012.0000000000962000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp2
Source: CuteWriter.tmp, 00000002.00000002.2577514992.00000000032B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspOR
Source: CuteWriter.tmp, 00000002.00000002.2577514992.00000000032B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspWu
Source: CuteWriter.tmp, 00000002.00000002.2577514992.00000000032B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspZ
Source: CuteWriter.tmp, 00000002.00000002.2576727779.00000000008A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asphttps://www.cutepdf-editor.com/supportWri
Source: CuteWriter.tmp, 00000002.00000002.2577514992.00000000032B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspow;
Source: CuteWriter.tmp, 00000002.00000002.2577514992.00000000032B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspx
Source: CuteWriter.tmp, 00000002.00000003.2571670136.0000000000961000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2571556208.000000000095C000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2571246444.000000000095C000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000002.2577191012.0000000000962000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspz
Source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000002.2561385060.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000000.2330921616.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000006.00000003.2560163884.0000000000708000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2560163884.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000002.2560535363.000000000040A000.00000004.00000001.01000000.00000009.sdmp, Setup.exe, 00000006.00000002.2561385060.0000000000708000.00000004.00000020.00020000.00000000.sdmp, Readme.lnk.6.dr String found in binary or memory: https://www.cutepdf-editor.com/support/writerhelp.asp
Source: Setup.exe, 00000006.00000002.2561385060.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2560163884.0000000000748000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/support/writerhelp.asp%
Source: Setup.exe, 00000006.00000002.2561385060.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2560163884.0000000000748000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/support/writerhelp.aspD
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000000.2330921616.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000006.00000002.2560535363.000000000040A000.00000004.00000001.01000000.00000009.sdmp String found in binary or memory: https://www.cutepdf-editor.com/support/writerhelp.aspShortcut
Source: Setup.exe, 00000006.00000002.2561385060.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2560163884.0000000000748000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/support/writerhelp.aspb
Source: Setup.exe, 00000006.00000002.2561385060.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2560163884.0000000000748000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/support/writerhelp.aspk
Source: Setup.exe, 00000006.00000003.2560163884.0000000000708000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000002.2561385060.0000000000708000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/support/writerhelp.aspnsck
Source: Setup.exe, 00000006.00000002.2561385060.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2560163884.0000000000748000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf-editor.com/support/writerhelp.asp~
Source: CuteWriter.tmp, 00000002.00000003.2570253075.00000000063DF000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, 00000006.00000000.2330921616.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000006.00000002.2560535363.000000000040A000.00000004.00000001.01000000.00000009.sdmp String found in binary or memory: https://www.cutepdf-editor.comShortcut
Source: CuteWriter.tmp, 00000002.00000003.2573863706.0000000002358000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf.com/Info/privacy.asp
Source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf.com/Products/CutePDF/Pro.asp
Source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.cutepdf.com/Products/CutePDF/Pro.asphttps://www.cutepdf-editor.com/support/writerhelp.as
Source: gplgs[1].exe.6.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: chromecache_683.13.dr String found in binary or memory: https://www.google.com
Source: chromecache_702.13.dr, chromecache_696.13.dr String found in binary or memory: https://www.google.com/adsense
Source: chromecache_671.13.dr String found in binary or memory: https://www.google.com/pagead/1p-conversion/16521530460/?gad_source=1&adview_type=5
Source: chromecache_711.13.dr String found in binary or memory: https://www.google.com/recaptcha/api2/aframe
Source: chromecache_713.13.dr, chromecache_683.13.dr String found in binary or memory: https://www.googleadservices.com
Source: chromecache_671.13.dr String found in binary or memory: https://www.googleadservices.com/pagead/conversion/16521530460/?gad_source=1&adview_type=3
Source: chromecache_683.13.dr String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_713.13.dr, chromecache_683.13.dr String found in binary or memory: https://www.merchant-center-analytics.goog
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50168 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50156 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50097 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 50142 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49776 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49828 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49913 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:50000 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:50009 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.6:50023 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50165 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50169 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50172 version: TLS 1.2
Creates files inside the system directory
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File created: C:\Windows\system32\spool\DRIVERS\x64\CUTEPDFW.PPD Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File created: C:\Windows\system32\spool\DRIVERS\x64\PSCRIPT5.DLL Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File created: C:\Windows\system32\spool\DRIVERS\x64\PS5UI.DLL Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File created: C:\Windows\system32\spool\DRIVERS\x64\PSCRIPT.HLP Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File created: C:\Windows\system32\spool\DRIVERS\x64\PSCRIPT.NTF Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\unInstcpw64.exe File created: C:\Windows\system32\cpwmon64_v40.dll Jump to behavior
PE file contains executable resources (Code or Archives)
Source: CuteWriter.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: CuteWriter.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: CuteWriter.tmp.0.dr Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-58S3Q.tmp.2.dr Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: is-58S3Q.tmp.2.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: is-AEH3P.tmp.2.dr Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: is-AEH3P.tmp.2.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: is-4JSOO.tmp.2.dr Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: is-4JSOO.tmp.2.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: is-1G36V.tmp.2.dr Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: is-1G36V.tmp.2.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: PS5UI.DLL.6.dr Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: PS5UI.DLL.6.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: PSCRIPT5.DLL.6.dr Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: PSCRIPT5.DLL.6.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Sample file is different than original file name gathered from version info
Source: CuteWriter.exe, 00000000.00000003.2126312580.00000000023B0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs CuteWriter.exe
Source: CuteWriter.exe, 00000000.00000003.2126551123.0000000002174000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs CuteWriter.exe
Uses 32bit PE files
Source: CuteWriter.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engine Classification label: sus26.winEXE@32/760@55/23
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Program Files (x86)\CutePDF Writer Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7260:120:WilError_03
Source: C:\Users\user\Desktop\CuteWriter.exe File created: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File read: C:\Windows\win.ini Jump to behavior
Source: C:\Users\user\Desktop\CuteWriter.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: CuteWriter.exe String found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\CuteWriter.exe File read: C:\Users\user\Desktop\CuteWriter.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\CuteWriter.exe "C:\Users\user\Desktop\CuteWriter.exe"
Source: C:\Users\user\Desktop\CuteWriter.exe Process created: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp "C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp" /SL5="$20434,3034260,56832,C:\Users\user\Desktop\CuteWriter.exe"
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Process created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe "C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe" /inscpw4 -d"C:\Program Files (x86)\CutePDF Writer"
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process created: C:\Users\user\AppData\Local\Temp\converter.exe C:\Users\user\AppData\Local\Temp\\converter.exe /auto
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\unInstcpw64.exe unInstcpw64.exe /copy
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.cutepdf-editor.com/support/writer.asp
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1984,i,11850747019021195928,4410645068136790906,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\converter.exe Process created: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Setup.exe
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\CuteWriter.exe Process created: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp "C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp" /SL5="$20434,3034260,56832,C:\Users\user\Desktop\CuteWriter.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Process created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe "C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe" /inscpw4 -d"C:\Program Files (x86)\CutePDF Writer" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.cutepdf-editor.com/support/writer.asp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process created: C:\Users\user\AppData\Local\Temp\converter.exe C:\Users\user\AppData\Local\Temp\\converter.exe /auto Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\unInstcpw64.exe unInstcpw64.exe /copy Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Process created: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Setup.exe Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1984,i,11850747019021195928,4410645068136790906,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\CuteWriter.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\CuteWriter.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: windows.shell.servicehostbuilder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: mlang.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: mfc42.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\unInstcpw64.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\unInstcpw64.exe Section loaded: mfc42.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\unInstcpw64.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File written: C:\Program Files (x86)\CutePDF Writer\setup.ini Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Window found: window name: TMainForm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Automated click: Next >
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.CutePDF Writer Copyright by Acro Software Inc. All rights reserved.This license applies to the CutePDF Writer ("The Software"). CutePDF Writer is free software. By using copying transmitting distributing or installing CutePDF Writer you agree to all of the terms of this agreement ("License").Please read the license terms below. If you do not agree to any of the terms of this License then do not use copy transmit distribute or install The Software.Scope of LicenseThis is free software. Subject to the terms below you are hereby licensed by Acro Software Inc. ("ASI") to use The Software on computer or workstation without charge. Free CutePDF Writer is available for volume distribution beyond a single-user installation. Without making any payment to ASI: a) You may give exact copies of The Software personally to anyone. b) Corporations and organizations may distribute exact copies of The Software on a company intranet site or local network. c) Commercial vendors may bundle exact copies of The Software on physical media such as a CD or DVD or on OEM hardware such as computers. d) You may make as many exact copies of The Software as you wish for purposes of distribution as described in (a) (b) and (c) above.You are specifically prohibited from charging advertising or requesting donations for any copies however made and from distributing such copies with other products of any kind commercial or otherwise without prior written permission from ASI. ASI reserves the right to revoke the above distribution rights at any time for any or no reason.Except as otherwise pre-approved by ASI in writing you shall not distribute The Software from a Website other than an ASI Site.No Modification No Reverse usering. You shall not modify adapt translate or create derivative works based upon The Software in any way including without limitation removal of the installer program electronic end user license agreement or any copyright or other proprietary notice that appears in The Software. This software and all accompanying files data and materials are distributed "AS IS". ASI does not warrant that the operation of the Software will meet your requirements or operate free from error. ASI DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS EITHER EXPRESS OR IMPLIED INCLUDING THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. This disclaimer of warranty constitutes an essential part of the agreement. In no event shall ASI or its principals shareholders officers employees affiliates contractors subsidiaries or parent organizations be liable for any incidental consequential or punitive damages whatsoever relating to the use of The Software or your relationship with ASI.This License shall be go
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.CutePDF Writer Copyright by Acro Software Inc. All rights reserved.This license applies to the CutePDF Writer ("The Software"). CutePDF Writer is free software. By using copying transmitting distributing or installing CutePDF Writer you agree to all of the terms of this agreement ("License").Please read the license terms below. If you do not agree to any of the terms of this License then do not use copy transmit distribute or install The Software.Scope of LicenseThis is free software. Subject to the terms below you are hereby licensed by Acro Software Inc. ("ASI") to use The Software on computer or workstation without charge. Free CutePDF Writer is available for volume distribution beyond a single-user installation. Without making any payment to ASI: a) You may give exact copies of The Software personally to anyone. b) Corporations and organizations may distribute exact copies of The Software on a company intranet site or local network. c) Commercial vendors may bundle exact copies of The Software on physical media such as a CD or DVD or on OEM hardware such as computers. d) You may make as many exact copies of The Software as you wish for purposes of distribution as described in (a) (b) and (c) above.You are specifically prohibited from charging advertising or requesting donations for any copies however made and from distributing such copies with other products of any kind commercial or otherwise without prior written permission from ASI. ASI reserves the right to revoke the above distribution rights at any time for any or no reason.Except as otherwise pre-approved by ASI in writing you shall not distribute The Software from a Website other than an ASI Site.No Modification No Reverse usering. You shall not modify adapt translate or create derivative works based upon The Software in any way including without limitation removal of the installer program electronic end user license agreement or any copyright or other proprietary notice that appears in The Software. This software and all accompanying files data and materials are distributed "AS IS". ASI does not warrant that the operation of the Software will meet your requirements or operate free from error. ASI DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS EITHER EXPRESS OR IMPLIED INCLUDING THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. This disclaimer of warranty constitutes an essential part of the agreement. In no event shall ASI or its principals shareholders officers employees affiliates contractors subsidiaries or parent organizations be liable for any incidental consequential or punitive damages whatsoever relating to the use of The Software or your relationship with ASI.This License shall be go
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.CutePDF Writer Copyright by Acro Software Inc. All rights reserved.This license applies to the CutePDF Writer ("The Software"). CutePDF Writer is free software. By using copying transmitting distributing or installing CutePDF Writer you agree to all of the terms of this agreement ("License").Please read the license terms below. If you do not agree to any of the terms of this License then do not use copy transmit distribute or install The Software.Scope of LicenseThis is free software. Subject to the terms below you are hereby licensed by Acro Software Inc. ("ASI") to use The Software on computer or workstation without charge. Free CutePDF Writer is available for volume distribution beyond a single-user installation. Without making any payment to ASI: a) You may give exact copies of The Software personally to anyone. b) Corporations and organizations may distribute exact copies of The Software on a company intranet site or local network. c) Commercial vendors may bundle exact copies of The Software on physical media such as a CD or DVD or on OEM hardware such as computers. d) You may make as many exact copies of The Software as you wish for purposes of distribution as described in (a) (b) and (c) above.You are specifically prohibited from charging advertising or requesting donations for any copies however made and from distributing such copies with other products of any kind commercial or otherwise without prior written permission from ASI. ASI reserves the right to revoke the above distribution rights at any time for any or no reason.Except as otherwise pre-approved by ASI in writing you shall not distribute The Software from a Website other than an ASI Site.No Modification No Reverse usering. You shall not modify adapt translate or create derivative works based upon The Software in any way including without limitation removal of the installer program electronic end user license agreement or any copyright or other proprietary notice that appears in The Software. This software and all accompanying files data and materials are distributed "AS IS". ASI does not warrant that the operation of the Software will meet your requirements or operate free from error. ASI DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS EITHER EXPRESS OR IMPLIED INCLUDING THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. This disclaimer of warranty constitutes an essential part of the agreement. In no event shall ASI or its principals shareholders officers employees affiliates contractors subsidiaries or parent organizations be liable for any incidental consequential or punitive damages whatsoever relating to the use of The Software or your relationship with ASI.This License shall be go
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CutePDF Writer Installation Jump to behavior
Source: CuteWriter.exe Static PE information: certificate valid
Source: CuteWriter.exe Static file information: File size 3321392 > 1048576
Source: CuteWriter.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: ps5ui.pdb source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp, is-58S3Q.tmp.2.dr, PS5UI.DLL.6.dr
Source: Binary string: ps5ui.pdbH source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp, PS5UI.DLL.6.dr
Source: Binary string: C:\CutePDFWriter4\Release\CutePDFWriter4.pdbn source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: pscript5.pdb source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\CutePDFWriter4\Release\CutePDFWriter4.pdb source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ps5ui.pdbX source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000006464000.00000004.00001000.00020000.00000000.sdmp, is-58S3Q.tmp.2.dr
Source: Binary string: pscript5.pdbH source: CuteWriter.tmp, 00000002.00000003.2570253075.0000000005F59000.00000004.00001000.00020000.00000000.sdmp
PE file contains sections with non-standard names
Source: converter.exe.6.dr Static PE information: section name: _winzip_
Source: gplgs[1].exe.6.dr Static PE information: section name: _winzip_

Persistence and Installation Behavior
barindex
AI detected landing page (webpage, office document or email)
Source: https://www.cutepdf-editor.com/support/writer.asp LLM: Page contains button: 'View PDF' Source: '1.3.pages.csv'
Source: https://www.cutepdf-editor.com/support/writer.asp LLM: Page contains button: 'View PDF' Source: '1.7.pages.csv'
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File created: C:\Program Files (x86)\CutePDF Writer\CPWriter2.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\is-0MQ49.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File created: C:\Program Files (x86)\CutePDF Writer\unInstcpw64.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\converter.exe File created: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\GPLGS\gswin32c.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\is-58S3Q.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File created: C:\Program Files (x86)\CutePDF Writer\CPWSave.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\is-NH8EI.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\x64\PS5UI.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\PS5UI.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\is-AEH3P.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\pdfwriter64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\converter.exe File created: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\GPLGS\gsdll32.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\unInstcpw64.exe File created: C:\Windows\System32\cpwmon64_v40.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\PSCRIPT.DRV (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\is-B0300.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File created: C:\Windows\System32\spool\drivers\x64\PS5UI.DLL Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File created: C:\Program Files (x86)\CutePDF Writer\CutePDFWriter.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\CPWriter2.exe (copy) Jump to dropped file
Source: C:\Users\user\Desktop\CuteWriter.exe File created: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\ICONLIB.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\is-TG3HV.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\x64\is-1G36V.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\x64\PSCRIPT5.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe File created: C:\Program Files (x86)\GPLGS\gswin32c.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\cpwmon64_v40.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\unInstcpw64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\is-MF6F4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File created: C:\Windows\System32\spool\drivers\x64\PSCRIPT5.DLL Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\is-EBRN0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\converter.exe File created: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\pdfwriter32.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\CutePDFWriter.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\is-2PNKI.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\PSCRIPT5.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\is-8GSLH.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe File created: C:\Program Files (x86)\GPLGS\gsdll32.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\_isetup\_shfoldr.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\is-5KDH7.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\cpwmon32_v40.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\PSMON.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\gplgs[1].exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\is-8BBTS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\unInstcpw.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\x64\is-4JSOO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File created: C:\Users\user\AppData\Local\Temp\converter.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\is-I6JST.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp File created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\is-33MAN.tmp Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\unInstcpw64.exe File created: C:\Windows\System32\cpwmon64_v40.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File created: C:\Windows\System32\spool\drivers\x64\PS5UI.DLL Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File created: C:\Windows\System32\spool\drivers\x64\PSCRIPT5.DLL Jump to dropped file
Stores files to the Windows start menu directory
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF Writer Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF Writer\Readme.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF Writer\Try Free CutePDF Editor.lnk Jump to behavior
Source: C:\Users\user\Desktop\CuteWriter.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\unInstcpw64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\unInstcpw64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\unInstcpw64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Process information set: NOOPENFILEERRORBOX
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Dropped PE file which has not been started: C:\Program Files (x86)\CutePDF Writer\CPWriter2.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\x64\PSCRIPT5.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Dropped PE file which has not been started: C:\Program Files (x86)\GPLGS\gswin32c.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\is-0MQ49.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Dropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\PSCRIPT5.DLL Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\is-MF6F4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\converter.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\GPLGS\gswin32c.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\is-EBRN0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\pdfwriter32.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\is-58S3Q.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Dropped PE file which has not been started: C:\Program Files (x86)\CutePDF Writer\CPWSave.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\CutePDFWriter.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\x64\PS5UI.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\is-NH8EI.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\is-2PNKI.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\PS5UI.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\is-AEH3P.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\PSCRIPT5.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\is-8GSLH.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\pdfwriter64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\converter.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\GPLGS\gsdll32.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\Setup.exe Dropped PE file which has not been started: C:\Program Files (x86)\GPLGS\gsdll32.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\PSCRIPT.DRV (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\_isetup\_shfoldr.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\cpwmon32_v40.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\is-5KDH7.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\PSMON.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\is-B0300.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Dropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\PS5UI.DLL Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Dropped PE file which has not been started: C:\Program Files (x86)\CutePDF Writer\CutePDFWriter.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\unInstcpw.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\CPWriter2.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\ICONLIB.DLL (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\x64\is-1G36V.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Driver\x64\is-4JSOO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\is-I6JST.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\is-33MAN.tmp Jump to dropped file
Source: C:\Windows\splwow64.exe Thread delayed: delay time: 120000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File opened: C:\Users\user\AppData\Local\Microsoft\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File opened: C:\Users\user\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File opened: C:\Users\user\AppData\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ Jump to behavior
Source: CuteWriter.tmp, 00000002.00000002.2577514992.00000000032B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\?x
Source: Setup.exe, 00000006.00000003.2560163884.0000000000708000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000003.2560163884.0000000000765000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000002.2561385060.0000000000765000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000006.00000002.2561385060.0000000000708000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: CuteWriter.tmp, 00000002.00000002.2577514992.00000000032B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}lz
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Process information queried: ProcessInformation Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\AppData\Local\Temp\is-OJ6AG.tmp\CuteWriter.tmp Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.cutepdf-editor.com/support/writer.asp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\Setup.exe Process created: C:\Users\user\AppData\Local\Temp\is-EJPG2.tmp\unInstcpw64.exe unInstcpw64.exe /copy Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1541126 Sample: CuteWriter.exe Startdate: 24/10/2024 Architecture: WINDOWS Score: 26 80 download.cutepdf.com 2->80 82 ep1.adtrafficquality.google 2->82 90 Suricata IDS alerts for network traffic 2->90 92 AI detected landing page (webpage, office document or email) 2->92 11 CuteWriter.exe 2 2->11         started        signatures3 process4 file5 64 C:\Users\user\AppData\...\CuteWriter.tmp, PE32 11->64 dropped 14 CuteWriter.tmp 5 59 11->14         started        process6 file7 66 C:\Users\user\...\unInstcpw64.exe (copy), PE32+ 14->66 dropped 68 C:\Users\user\...\unInstcpw.exe (copy), PE32 14->68 dropped 70 C:\Users\user\...\pdfwriter64.exe (copy), PE32+ 14->70 dropped 72 31 other files (none is malicious) 14->72 dropped 17 Setup.exe 14 35 14->17         started        21 chrome.exe 1 14->21         started        process8 dnsIp9 74 download.cutepdf.com 64.34.201.145, 49858, 80 COGECO-PEER1CA Canada 17->74 46 C:\Windows\System32\spool\...\PSCRIPT5.DLL, PE32+ 17->46 dropped 48 C:\Windows\System32\spool\...\PS5UI.DLL, PE32+ 17->48 dropped 50 C:\Users\user\AppData\Local\...\converter.exe, PE32 17->50 dropped 52 5 other files (none is malicious) 17->52 dropped 23 converter.exe 256 17->23         started        26 unInstcpw64.exe 1 17->26         started        28 splwow64.exe 17->28         started        76 192.168.2.6, 443, 49706, 49710 unknown unknown 21->76 78 239.255.255.250 unknown Reserved 21->78 30 chrome.exe 21->30         started        file10 process11 dnsIp12 54 C:\Users\user\AppData\Local\...\Setup.exe, PE32 23->54 dropped 56 C:\Users\user\AppData\Local\Temp\...\wftopfa, POSIX 23->56 dropped 58 C:\Users\user\AppData\Local\...\unix-lpr.sh, POSIX 23->58 dropped 62 29 other files (none is malicious) 23->62 dropped 33 Setup.exe 255 23->33         started        60 C:\Windows\System32\cpwmon64_v40.dll, PE32+ 26->60 dropped 84 142.250.181.228 GOOGLEUS United States 30->84 86 142.250.181.230 GOOGLEUS United States 30->86 88 22 other IPs or domains 30->88 file13 process14 file15 38 C:\Program Files (x86)behaviorgraphPLGS\ps2pdf13, POSIX 33->38 dropped 40 C:\Program Files (x86)behaviorgraphPLGS\gswin32c.exe, PE32 33->40 dropped 42 C:\Program Files (x86)behaviorgraphPLGS\gsdll32.dll, PE32 33->42 dropped 44 28 other files (none is malicious) 33->44 dropped 36 conhost.exe 33->36         started        process16
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.217.16.134
 unknown United States
15169 GOOGLEUS false
142.250.185.228
 unknown United States
15169 GOOGLEUS false
142.250.185.129
 ep2.adtrafficquality.google United States
15169 GOOGLEUS false
216.58.212.142
 syndicatedsearch.goog United States
15169 GOOGLEUS false
142.250.186.174
 unknown United States
15169 GOOGLEUS false
142.250.181.230
 unknown United States
15169 GOOGLEUS false
142.250.185.166
 unknown United States
15169 GOOGLEUS false
142.250.181.238
 www3.l.google.com United States
15169 GOOGLEUS false
142.250.185.164
 www.google.com United States
15169 GOOGLEUS false
142.250.185.161
 unknown United States
15169 GOOGLEUS false
142.250.74.198
 unknown United States
15169 GOOGLEUS false
142.250.184.230
 ad.doubleclick.net United States
15169 GOOGLEUS false
142.250.186.38
 unknown United States
15169 GOOGLEUS false
142.250.186.162
 unknown United States
15169 GOOGLEUS false
64.34.201.145
 download.cutepdf.com Canada
13768 COGECO-PEER1CA true
64.34.201.144
 cutepdf-editor.com Canada
13768 COGECO-PEER1CA false
239.255.255.250
 unknown Reserved
unknown unknown false
142.250.185.230
 unknown United States
15169 GOOGLEUS false
142.250.181.228
 unknown United States
15169 GOOGLEUS false
142.250.186.166
 s0.2mdn.net United States
15169 GOOGLEUS false
142.250.186.100
 unknown United States
15169 GOOGLEUS false
172.217.16.198
 unknown United States
15169 GOOGLEUS false

Private

IP
192.168.2.6

Contacted Domains

Name IP Active
googleads.g.doubleclick.net 216.58.206.34 true
www3.l.google.com 142.250.181.238 true
ep1.adtrafficquality.google 216.58.206.34 true
ad.doubleclick.net 142.250.184.230 true
syndicatedsearch.goog 216.58.212.142 true
www.google.com 142.250.185.164 true
ep2.adtrafficquality.google 142.250.185.129 true
cutepdf-editor.com 64.34.201.144 true
s0.2mdn.net 142.250.186.166 true
download.cutepdf.com 64.34.201.145 true
www.cutepdf-editor.com unknown unknown
fundingchoicesmessages.google.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.cutepdf-editor.com/images/htabs3.gif false
    		unknown
    https://s0.2mdn.net/simgad/2992038092943504460 false
      		unknown
      https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&adk=1812271804&adf=3025194257&abgtt=9&lmt=1729769448&plat=3%3A65536%2C4%3A65536%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&pra=7&wgl=1&aihb=0&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33&aifxl=29_18~30_19&aiixl=29_5~30_6&aslmct=0.7&asamct=0.7&aiict=1&aiapm=0.3221&aiapmi=0.33938&aiombap=1&aief=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1729769444538&bpp=5&bdt=2364&idt=3546&shv=r20241022&mjsv=m202410170101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=728x90%2C160x600%2C336x280&nras=1&correlator=1252293065082&frm=20&pv=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31088192%2C95342016%2C95344190%2C95345270%2C95345280%2C95344978&oid=2&pvsid=1819047191693950&tmod=229837596&uas=0&nvt=1&fsapi=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=4&uci=a!4&fsb=1&dtd=3558 false
        		unknown
        https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&h=90&slotname=6092711011&adk=1854165047&adf=3987798746&pi=t.ma~as.6092711011&w=728&abgtt=9&lmt=1729769448&format=728x90&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1729769444531&bpp=5&bdt=2357&idt=3477&shv=r20241022&mjsv=m202410170101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=1252293065082&frm=20&pv=2&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=145&ady=144&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31088192%2C95342016%2C95344190%2C95345270%2C95345280%2C95344978&oid=2&pvsid=1819047191693950&tmod=229837596&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=3507 false
          		unknown
          https://fundingchoicesmessages.google.com/el/AGSKWxU4HIZPXN3Dz2Utyszbn3CeXLqUWwwv3XmNMMuT0JCdIheGjsDgod1h66b9XHq494t4j5IcxditcbP8P0KV4iX1au31hq_6N39NZKEBQrCRZkeozYxZ0pFw3wiz3629LhaQguCNqg== false
            		unknown
            https://www.cutepdf-editor.com/images/NEW.GIF false
              		unknown
              https://googleads.g.doubleclick.net/xbbe/pixel?d=CNazkvECEJ-FufYCGNC28p0CMAE&v=APEucNWgFUHrD33z4Q7qDEX7cGEiwYatuDRk88lJea39IdXM_qbynOy7NERbDVMO5c7gjwOeDvPFLj9qUxuPKa1NEQt84qawXw false
                		unknown
                https://www.cutepdf-editor.com/images/Security.png false
                  		unknown
                  https://googleads.g.doubleclick.net/pagead/html/r20241022/r20190131/zrt_lookup_fy2021.html false
                    		unknown
                    https://www.cutepdf-editor.com/include/main.css false
                      		unknown
                      https://www.cutepdf-editor.com/images/htabs1.gif false
                        		unknown
                        https://fundingchoicesmessages.google.com/f/AGSKWxVIY3OCDdUHaYgEKjGXEsa9SujGAoJeuST9G0tuvsaJdSmOXsAYRKz0C7Ntjaj8EqPMHxOTZv5z3lNHDoldKWe5-gZQjjMq7ZG993FMcqXY1DEAup1LksT3O07bgvOZSc0_AlHIug==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI5NzY5NDU2LDE0NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vd3d3LmN1dGVwZGYtZWRpdG9yLmNvbS9zdXBwb3J0L3dyaXRlci5hc3AiLG51bGwsW1s4LCJaN2Z4VnpXY0hLNCJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ false
                          		unknown
                          https://fundingchoicesmessages.google.com/el/AGSKWxUiQrKz9xhoKJr0BKcgxH7aceMW-55nLFunVpPZsrmNsvaGY-3yIqhw4F5bjgTdnK4lbO4-0Ts7X9j0L1nQ7VwdLeK42b1oUGHA3GNg378vDqi31BFKHACNNOGW0j90-08VxaZGyQ== false
                            		unknown
                            https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&h=280&slotname=4387574616&adk=1818151991&adf=1925678805&pi=t.ma~as.4387574616&w=336&abgtt=9&lmt=1729769448&format=336x280&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1729769444537&bpp=1&bdt=2363&idt=3531&shv=r20241022&mjsv=m202410170101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=728x90%2C160x600&correlator=1252293065082&frm=20&pv=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=341&ady=1814&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31088192%2C95342016%2C95344190%2C95345270%2C95345280%2C95344978&oid=2&pvsid=1819047191693950&tmod=229837596&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=3540 false
                              		unknown
                              https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html false
                                		unknown
                                https://www.cutepdf-editor.com/images/Save.png false
                                  		unknown
                                  https://www.cutepdf-editor.com/images/companybg.jpg false
                                    		unknown
                                    https://fundingchoicesmessages.google.com/f/AGSKWxWxKOVGKRYlIeAjy0KgmIugEZqYHHbxflheHb3kYmK2-GRTE5OmURhJDNYX2_sihhrk3QmG8RI2FqgBs3F04WjQdsyQ7pehzyvla7MtvP6cFphwjsx7-lcuTecoJBTxtQoTBsy_NQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI5NzY5NDU0LDQwMDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cuY3V0ZXBkZi1lZGl0b3IuY29tL3N1cHBvcnQvd3JpdGVyLmFzcCIsbnVsbCxbWzgsIlo3ZnhWeldjSEs0Il0sWzksImVuLVVTIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d false
                                      		unknown
                                      https://www.google.com/adsense/search/async-ads.js false
                                        		unknown
                                        https://s0.2mdn.net/simgad/2285381732942077146 false
                                          		unknown
                                          https://googleads.g.doubleclick.net/xbbe/pixel?d=CNazkvECEJ-FufYCGNC28p0CMAE&v=APEucNXmPXckh3PdZo2VQwXvMO3GHBevelDMoGlDcjr7MkT-ba1gWikCm4unvzC4vU4hfFO05-KjAYSkwIiGKB-9suj1MTB2-A false
                                            		unknown
                                            https://www.cutepdf-editor.com/Images/space.gif false
                                              		unknown
                                              https://googleads.g.doubleclick.net/xbbe/pixel?d=CLLVmQIQ2riaAhj1-o3eATAB&v=APEucNU3JcGq3kKl_K7TWcE7OHlegV1VKBJ7kJQB_7DGw8rmFddxUHg6Sk8GvSChIeyqnqRrKvYJUyVWlYjeo7kJ8BBRH8L4gg false
                                                		unknown
                                                https://fundingchoicesmessages.google.com/f/AGSKWxWoYFKd5aKei7TQb9ZXgtN3CyQwRkITwF8-cH4mwraQ0wI6sEFZ8qGFO-Lhe1cUJ73nnP1OxJHKm7ghMIYZuzm7S0Emzwr4q3Fm2hGF6x8qlWJP-GtVjx4arvb3ww_56TwZ8kFdNA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI5NzY5NDYwLDc5NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cuY3V0ZXBkZi1lZGl0b3IuY29tL3N1cHBvcnQvd3JpdGVyLmFzcCIsbnVsbCxbWzgsIlo3ZnhWeldjSEs0Il0sWzksImVuLVVTIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d false
                                                  		unknown
                                                  https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&h=600&slotname=8138180617&adk=373269726&adf=126291155&pi=t.ma~as.8138180617&w=160&abgtt=9&lmt=1729769448&format=160x600&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1729769444536&bpp=1&bdt=2361&idt=3515&shv=r20241022&mjsv=m202410170101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=728x90&correlator=1252293065082&frm=20&pv=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=744&ady=420&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31088192%2C95342016%2C95344190%2C95345270%2C95345280%2C95344978&oid=2&pvsid=1819047191693950&tmod=229837596&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=d%7C%7CoeE%7Cn&abl=XS&pfx=0&fu=0&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=3522 false
                                                    		unknown
                                                    https://www.cutepdf-editor.com/images/headerbg.gif false
                                                      		unknown
                                                      https://ep2.adtrafficquality.google/sodar/sodar2.js false
                                                        		unknown
                                                        https://www.cutepdf-editor.com/images/htabs2.gif false
                                                          		unknown
                                                          https://googleads.g.doubleclick.net/xbbe/pixel?d=CNazkvECEJ-FufYCGJ2x8p0CMAE&v=APEucNUO3Xfv768h9NJ6JYA2DJK1GIj950CjvejuQ8NPpM4U0fFvl74aLaryFY5P5qn3xrTJFvrpnUFgeg18_9kLOsBFpWDtwA false
                                                            		unknown
                                                            https://www.cutepdf-editor.com/Images/PDF_Editor.GIF false
                                                              		unknown
                                                              https://www.google.com/recaptcha/api2/aframe false
                                                                		unknown
                                                                http://download.cutepdf.com/download/gplgs.exe true
                                                                  		unknown
                                                                  https://fundingchoicesmessages.google.com/i/ca-pub-6555658820068848?href=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&ers=2 false
                                                                    		unknown
                                                                    https://ad.doubleclick.net/.well-known/attribution-reporting/debug/verbose false
                                                                      		unknown
                                                                      https://googleads.g.doubleclick.net/xbbe/pixel?d=CNazkvECEJ-FufYCGPWj7Z0CMAE&v=APEucNVTTguKp20X8dAunnm_TQf6VnYFFtc3ryUzj6GNKBIZzVUuDt8d7mdZplTaZ7RTtBHHqk_8xwj_-8RisEYgKVCiuxAXnA false
                                                                        		unknown
                                                                        https://www.cutepdf-editor.com/images/DocProp.png false
                                                                          		unknown