Edit tour

Windows Analysis Report
scripthook.zip

Overview

General Information

Sample name:	scripthook.zip
Analysis ID:	1635648
MD5:	2cdec5c1c05dfa68c88c4c5b20bdb0a7
SHA1:	b523fd6cf6564da3de5cdf2612e29a280537fa22
SHA256:	7925282b3b75b243d37cb4d44a555f71c1718e63b4a01b414a1101eec5954d92
Infos:

Detection

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

AI detected suspicious Javascript

HTML page contains obfuscated javascript

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

HTML page contains hidden javascript code

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

System is w10x64_ra

rundll32.exe (PID: 6992 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

chrome.exe (PID: 6776 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://dev-c.com/ MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5948 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1960,i,13333050541259552133,7341676017699109270,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2080 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

notepad.exe (PID: 5080 cmdline: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\Temp1_scripthook.zip\scripthook\ScriptHookVDotNet.ini MD5: 27F71B12CB585541885A31BE22F61C83)

OpenWith.exe (PID: 3532 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)

notepad.exe (PID: 5876 cmdline: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\Temp1_scripthook.zip\scripthook\ScriptHookVDotNet2.dll MD5: 27F71B12CB585541885A31BE22F61C83)

chrome.exe (PID: 1548 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://dev-c.com/ MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-11T21:43:55.134988+0100	2803274	2	Potentially Bad Traffic	192.168.2.16	49694	172.67.74.152	443	TCP
2025-03-11T21:43:57.706743+0100	2803274	2	Potentially Bad Traffic	192.168.2.16	49695	172.67.72.12	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected suspicious Javascript

Source: 1.50.d.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: ... This script demonstrates high-risk indicators, including dynamic code execution through the use of `eval` and `Function` constructor, as well as potential data exfiltration by sending data to an unknown domain. The obfuscated code and lack of transparency further increase the risk. This script is highly suspicious and should be considered a significant security threat.
Source: 1.85.d.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: ... This JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. The use of `eval` and the construction of dynamic function calls pose a significant security risk, as they can be used to execute arbitrary code. Additionally, the obfuscated nature of the code makes it difficult to analyze and understand its true purpose. Overall, this script demonstrates a high level of malicious intent and should be considered a serious security threat.

HTML page contains obfuscated javascript

Source:

HTTP Parser: 0,function(_,$){while(_._+=!(_.$[_[_._]=_[$._]]&&_.M.push(_._,_[$._])),$.$^++$._);}

Source: http://dev-c.com/

HTTP Parser: Base64 decoded: [null,null,null,null,null,null,[1741725913,229000000],null,null,null,[null,[7]],"http://dev-c.com/",null,[[8,"z69r6nSCmYw"],[9,"en-US"],[23,"1741725909"],[19,"2"],[17,"[0]"],[24,""]]]

Source: http://dev-c.com/	HTTP Parser: No favicon
Source: http://dev-c.com/	HTTP Parser: No favicon
Source: http://dev-c.com/	HTTP Parser: No favicon
Source: http://dev-c.com/	HTTP Parser: No favicon
Source: http://dev-c.com/	HTTP Parser: No favicon
Source: http://dev-c.com/	HTTP Parser: No favicon
Source: http://dev-c.com/	HTTP Parser: No favicon
Source: http://dev-c.com/	HTTP Parser: No favicon
Source: http://dev-c.com/	HTTP Parser: No favicon
Source: http://dev-c.com/	HTTP Parser: No favicon
Source: http://dev-c.com/	HTTP Parser: No favicon
Source: http://dev-c.com/	HTTP Parser: No favicon
Source: http://dev-c.com/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.16:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.72.12:443 -> 192.168.2.16:49695 version: TLS 1.2

Source:

Binary string: A:\Dropbox\stuff\Programming\C#\NativeUI\NativeUI\obj\x64\Release\NativeUI.pdb source: NativeUI.dll

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.16:49694 -> 172.67.74.152:443
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.16:49695 -> 172.67.72.12:443

Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.74.152
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.74.152
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.74.152
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.74.152
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.74.152
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.74.152
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.74.152
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.74.152
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 11 Mar 2025 20:44:54 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveVary: Accept-EncodingContent-Encoding: gzipContent-Length: 3685Keep-Alive: timeout=5, max=75Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 52 6b 6f 1c 37 b2 fd 2c 01 fe 0f a5 fe 10 d9 b1 7a da 92 fc 88 e3 9e 09 f4 70 12 dd 8d 1f 88 15 03 8b 45 20 70 c8 ea 6e 4a 6c b2 97 64 cf 68 f6 e6 fe f7 5b 24 7b 1e 92 1d 3f e2 60 61 27 1e b3 59 c5 53 a7 ce 39 e5 ce e9 ab 93 f3 7f be 7e 0e 8d 6f d5 e4 ce 76 b9 93 e7 ff 92 15 28 0f 67 cf e1 09 fc 3e 81 32 94 40 31 5d 8f 33 d4 19 70 c5 9c 1b 67 12 1f 67 54 dc f9 17 6a 21 ab df f3 7c e3 f5 f2 29 fd f9 d3 d7 4f 3e f4 fa bb 8f bd fe ee 43 af 9f 7e ec f5 d3 3f 7d 7d b7 8e 8b 3f bd f7 c7 ce dd b3 e7 f7 7e 9f 84 c2 bb 1a 84 e7 79 7e 0b a2 41 26 c2 bf 2d 7a 06 bc 61 d6 a1 1f 67 bd af 72 62 7b 67 fb ce 36 31 f2 d2 2b 9c 1c 1d c3 1b 53 f9 39 b3 08 a7 38 43 65 ba 16 b5 2f 8b 54 be b3 bd 45 ff 27 1c cd 5a 1c 67 d6 4c 8d 77 b4 81 d1 9e 1a 69 07 2d f0 7a 0f 2a a3 94 99 07 f4 ad d2 71 2b 3b 0f cc 2d 34 07 67 f9 38 6b bc ef dc f7 45 e1 90 f7 16 bb 7e ca 84 1b d5 23 61 fa a9 42 ae 24 bf 1a 69 f4 85 67 75 71 e9 8a ba f3 a3 4b 97 4d ca 22 21 45 50 25 f5 15 34 16 ab f1 6e 51 54 34 9d 00 8c a9 15 b2 4e ba 11 37 6d c1 9d fb a1 62 ad 54 8b f1 3f 99 36 1a ef ff 83 55 15 a2 63 fe 3f bb 60 51 8d 77 9d 5f 28 74 0d a2 df 05 bf e8 70 bc eb f1 da 87 97 bb b7 86 44 ca c4 78 3e 9f 8f 04 ce 72 1e 47 f8 06 5b 2c ce b4 36 33 e6 a5 d1 05 d9 88 de 05 80 c2 22 1d 47 74 ca e2 ac 6c 3d 2b fb 6b d8 11 20 00 fe 30 1b 1f 8e 0e 46 87 ef 07 0e d8 43 66 54 8a cc ef e1 7a 65 43 34 a0 28 42 6e 1e b9 46 ce 06 d9 b8 11 18 e7 ba 99 2e bc ed f5 55 6a 79 57 f9 8d 6c c1 fb e6 3d 81 30 30 c6 7c 73 e4 67 09 48 ae 0b 71 31 45 c5 3c 8a 4e d7 b7 59 6c a0 4f e0 f4 74 d9 f9 fa e5 4f a3 4a 5e df dd 95 6d bd 07 23 7a 78 31 ad 77 ef 3d 03 8a 88 bc 06 a6 17 50 52 69 02 c6 2e ab 30 65 fc aa b6 a6 d7 22 97 2d ab d1 c1 8d 39 9b eb de d9 0e cb b6 e8 19 68 d6 e2 38 bb c2 c5 dc 58 41 16 73 4a 20 6a 3f ce 78 c1 ef df 2f 04 aa ae 91 40 8b a2 32 5d 4b 95 3d a8 e9 09 b4 46 08 a9 eb 0c 8a 49 90 ae 2c 1a 64 22 e8 58 4e 8d 58 80 14 e3 4c 6a 81 d7 19 6c 78 09 4e 7a 84 d0 89 16 22 8f ad 32 7d 25 67 85 9c 01 57 24 1d a9 1c af 63 10 6e 16 e6 96 75 dd aa b2 95 7e 23 b8 32 b5 29 c2 84 b0 d3 00 1f 6a ec 43 e9 cc 22 d5 f0 94 98 1e 1d c3 1b 53 f9 39 b3 08 a7 eb 95 cb 82 bd 3b ad 65 52 93 7a 33 59 47 c3 37 e6 d1 65 04 0d 1d 39 7d 2c a9 6e 95 bd 5a 1e b7 4a 25 97 1b f1 de 5a 9a 02 8c 7b 39 43 80 a4 db e4 63 bc bd f4 8a ac 3b 26 ee d9 24 fc 06 9a 65 a1 e4 64 7b 03 bc f6 81 c0 87 b1 42 cf 1a f0 a7 f3 23 78 9b 4d e8 12 66 7f 06 29 3f 05 53 de 02 3d 1b 50 e5 9f c2 3a f6 09 b0 8e dd 84 7d c3 34 1c 69 61 91 b9 84 ef d8 7b f1 dd d5 c2 ca f6 63 03 52 d7 7a c2 9b e1 55 ba 7f 2f 70 c5 94 32 bd 7f f8 31 e8 65 df 1a fc c7 74 03 f4 74 38 be 77 40 2b 1d ff 18 78 e8 59 03 bf a0 2f 54 8a 69 34 bd 03 6f 8c 22 6d 42 cb 1a 3f a5 b0 58 45 b2 2c 28 aa e9 5c
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 11 Mar 2025 20:44:55 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Thu, 31 Oct 2013 15:17:36 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 3326Keep-Alive: timeout=5, max=75Content-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 dc 36 92 fe ae 2a fd 87 3e bb b2 49 7c 43 72 46 b2 6c 89 da db 2b 9f cf d9 78 37 4e 5d d9 de 7b a9 bd 94 0b 24 9a 24 3c 20 40 03 e0 8c 46 de fd ef f7 00 e4 8c 46 8a 93 cd 87 b3 4c 89 6c 34 ba 9f b7 e2 c9 e9 09 d1 f7 ef df fc 70 41 ff 4a ff 66 95 66 37 68 11 f8 f4 24 1e f8 b0 d3 9c d7 de 53 6d 4d 10 ca 78 12 e4 d8 73 58 50 83 0a 19 eb 7a a1 d5 ad 08 ca 1a 12 46 92 b7 3d 53 25 3c 4f 97 7d 3e 4d aa 1d 4b 15 48 79 d2 dc 04 da 76 ec f8 a8 28 47 ce 63 5b 3f d6 1d 61 cd a0 dc 34 72 2b 3c 05 b1 66 43 8d b3 3d 85 0e cb 69 70 f6 23 d7 c1 97 f1 0a d1 6e 54 f9 4e 74 d6 8a 41 f9 bc b6 7d 71 96 5f e6 ab a2 1a 95 96 45 c4 92 7e 45 1e d3 85 5a f4 6c 24 7b d5 9a d4 3e bd 16 d3 e1 e0 04 b7 46 98 db 5c 72 b1 e5 4a db b6 e8 42 af 71 fb a3 cf d6 aa 5e fb 20 5c 38 3d 79 52 44 6a 45 52 30 36 5c 48 5b 07 eb e2 44 7a 1b 35 a2 77 49 81 8e f1 fa cd 2b a7 6a 7a c3 3b 76 5f fb f9 f8 2d 6b 2b 24 4b fa e7 d9 81 88 52 2b c3 df c6 91 9b 55 fe 2c 5f d1 d9 72 b5 cc 96 57 d9 ea 39 fd 8d 5e 8c a1 b3 ce 97 74 37 8d 7e 47 6f 55 dd 09 27 e9 a5 16 6e fd 05 34 09 7e 76 91 25 e3 32 7f 00 55 ec 39 c4 f3 05 55 56 ee 16 24 d5 66 41 7e 10 66 41 b6 8a 2a 2f 48 35 0e 82 2d d0 b7 5a 50 77 86 e7 1c cf 53 3c 17 78 9e 2d 68 c0 65 6d eb f5 a7 d1 06 c6 a7 8b cd a2 aa dc 82 84 94 58 eb 17 54 ab 78 54 5b 89 df 92 b1 4e 36 58 c1 3d c6 f7 ed 22 7a be a0 75 25 17 f4 09 eb 45 3f 60 82 47 b4 d0 e8 83 b3 06 2d 7e ac e2 2f 2c db 08 4c c6 87 c2 94 38 09 18 25 6e 5a bc 8f 78 b4 c2 e5 46 b1 96 73 50 1d b6 68 51 c5 ad 9a 5b 58 8f f3 20 2a 1d 01 89 21 e6 6c 41 61 a2 1f 1a 6b 71 07 39 13 98 18 5c 7c c5 13 6f c0 74 55 c7 3b c2 2b 99 ae 9a 8d f0 91 4d 10 4a e3 a5 51 ed 61 1c de c7 24 43 9c c7 18 13 07 a6 bf ad b3 91 03 12 38 2e c8 88 a8 36 54 4e 97 fc d8 f7 c2 ed 22 3a 05 c1 09 1f 6b ac 1b a5 b2 20 8d a5 96 3e 47 7f 51 6f 95 29 97 d7 f1 63 80 c4 ca b4 f3 57 65 1d d6 cc 1f 8d 35 f0 5b dd 72 b9 5a 2e bf 3a 94 4a a8 dd b1 53 21 55 36 1c 79 09 9d 09 ad 5a 53 ee 33 88 b3 bf c7 6c 3c 64 fd ff c5 76 62 42 c8 9b 1f b4 d8 95 29 40 fb a5 c7 69 fa 44 9f 29 bd fa d2 58 e0 a2 07 1d 65 c5 70 98 8f 23 58 8a 26 a2 38 3d f9 74 38 fc 34 d5 30 ab 86 02 0c 11 be fe fa fa f0 7e 34 18 41 44 53 25 ea 75 84 6e 64 56 5b 6d 5d f9 b8 69 ae 62 7f 7a 5f 2e 97 d7 14 f8 26 64 92 6b eb 44 e4 73 3c 23 fa f6 db 86 4c 0e 85 9d e6 52 05 18 50 cf a5 2d ab b6 0b 65 65 b5 9c 67 4a d6 18 f9 70 29 45 ab b2 d0 61 4b db cd 9d a2 aa dc 5f 83 0a 9a 7f 82 5d 8d 99 df 23 a0 14 8e ac b2 21 d8 be 5c 0d 37 24 f1 ca 58 51 8f ce 03 54 c7 7a 98 a7 04 51 69 be bb 03 d0 5a 0c 9e cb fd cb f5 fe c4 0f a2 9e f2 37 5d ec a2 c8 f7 5d 45 1c 12 1d 6c bc be 4b e8 7e 40 b0 43 c2 e2 ad 56 92 1e d7 35 44 98 13 be e2 9e d0 78
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 11 Mar 2025 20:44:55 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Tue, 07 Jul 2015 10:14:33 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 2954Keep-Alive: timeout=5, max=75Content-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 92 d1 6e db 3a 12 86 af 13 20 ef 30 80 51 a4 0e 24 47 96 2d c7 61 d0 8b b6 49 7a 8a 6e 4f 81 6e 2e da 4b 5a a4 24 c2 94 a8 25 e9 38 4e d1 77 5f 92 92 6c d9 96 dd 76 f7 f4 ec cd 46 50 60 0d 39 f3 ff 33 f3 5d 5e c0 bb bb 3f ef 3e bf fe 07 5c 5c 9e 9d ce 04 59 c1 b7 b3 d3 93 19 8e e7 a9 14 8b 82 a0 de dd bd 7d 6e ce 4e bf 9f 9d 0e 96 12 97 25 95 ee d2 92 11 9d a1 eb 28 28 9f cc e9 49 8e 65 ca 0a 14 00 5e 68 61 03 a5 50 4c 33 51 20 49 39 d6 ec 91 da 20 61 aa e4 78 85 66 5c c4 f3 ba 68 41 97 ad ba 00 55 61 b8 9e 56 95 01 9a 24 68 b2 00 2a 35 9f d3 44 a3 46 71 1d 95 2c cd 36 61 23 81 11 67 c5 dc 03 8c 1e 99 31 45 89 6b 20 16 5c 48 d4 1b 0d 27 d1 f5 d8 9a d3 f4 49 fb 84 c6 42 62 67 dc f4 4f a5 c9 a4 4d 95 4c 3c 52 69 cb 24 22 5e a8 76 91 30 0c 7f 58 e1 e4 ec d4 3e 97 17 f0 c7 dd eb db bb cf 6e e6 83 8c 62 52 4f b4 35 76 e8 4d de 5c 8f df 38 5b ed b0 9f 8b 67 df 16 c4 d2 4f 25 26 8c 16 fa a5 16 a5 d7 24 40 f0 c2 fc ae 7a 82 61 10 bc e8 ef 95 58 d2 d9 9c e9 4d 7a 55 ce 03 3b 4c 70 b5 dc af 99 d0 5a e4 1e b8 0e 7d 65 0e 5e 9a da b5 4c 7f 2b 6e 75 bc 5a b4 df bf 01 a3 98 30 ae a9 44 50 4a 91 32 82 6e bf bc cf 71 4a 1f 24 2e 54 22 64 3e f8 c8 62 29 94 48 f4 60 ed 03 94 c6 52 bf b5 65 95 96 af ce 6b a9 73 0f 68 41 5a e1 4a e7 dc 7b 57 27 3e ac 4a fa 2a 00 d7 68 46 dd ee 6b 74 4e 66 42 9a e1 fa 55 2b 66 4b 6f a2 ab 69 00 c3 f2 09 94 e0 8c 54 7b 6d ad c4 20 26 cd 3e 62 b9 c8 67 ca ed a7 5e cf a0 1d ff d6 6c 5a 65 98 88 25 72 05 ed 6b 54 41 a6 33 fc 32 8c 22 af 79 07 51 bf 65 c5 8c 0b f5 ee ef ef b7 4c ec fa 8c e3 78 fb 3c 11 85 51 63 cf 14 0d 87 55 67 75 a3 61 54 7d da 1d fa 3b 31 0b 6b c2 8d bf 8c 11 42 8b 9b 0d ad 93 c9 64 4d ab 6e 56 82 16 65 49 65 8c 95 85 f5 64 c9 88 ce 90 5d ec 2e 3f 3d 4a e9 2f 60 79 77 6b 9f 0a cb db c8 3e bf 05 cb 4a a6 0b cb 4a b4 ef 04 ff 0a 2a 2b a5 3d 2a 2b 99 0e 2a c1 41 d6 c5 11 46 a6 c7 b9 07 87 4e 1f 99 62 9a 12 c7 5b c7 e6 08 8d 85 c4 9a 89 02 99 09 52 69 07 76 73 44 2c 11 f1 42 1d 56 cb 2c 2f 6d ad d1 70 12 5d 8f 7f 42 ae c7 cc f7 13 74 95 b5 e5 08 53 25 c7 2b 54 08 93 00 97 17 50 08 30 57 94 28 cc 5a 21 c3 8f 14 da 29 26 9c 89 9c 96 66 31 70 71 69 04 8c e3 b3 53 93 f6 c7 dd eb db bb cf 08 b8 48 85 3b a9 05 7b 2e 60 95 4a 61 06 66 0d e2 99 12 7c a1 1d a7 86 04 14 06 e5 93 fd 6d 09 42 81 23 41 14 da 57 ec 99 a2 51 54 9d 2d 33 33 6c 5f 95 38 a6 c6 ea 52 e2 f2 66 33 8b 24 49 d6 59 09 ce 19 5f 21 38 ff 8a 6d 4b f0 01 27 09 a5 0a eb 67 03 05 96 0c 73 cf cc 82 3f 52 cd 62 ec 81 32 70 f9 8a 4a 96 ac 47 a9 1b e0 d0 a2 2c a9 8c b1 a2 eb 33 95 61 22 96 08 86 e5 93 7b 8d 73 90 e9 0c bf 0c 3c fb c0 60 dc df 5a b2 eb 7e 17 a4 2a 58 f3 b3 17 77 9b de 8b 3a 3c dc 18 77 d7 ed 16 e7 34 b7 f6 50
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 11 Mar 2025 20:44:56 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Tue, 10 Mar 2020 13:23:05 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 2161Keep-Alive: timeout=5, max=75Content-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 9d 52 ef 6f db 46 12 fd ae bf 62 9c e2 22 2a b1 28 39 08 8a 56 82 3f d8 b2 d3 08 97 73 82 c8 b9 22 28 7a c6 8a 3b 14 17 5e ee b2 bb 4b cb 6a e0 ff fd 66 f9 43 22 25 da 71 d3 02 31 b5 f3 66 e6 bd 37 6f f4 aa 07 33 9d 6d 8c 58 25 0e de 8c 4f de c2 6f 5a af 24 c2 5c 45 21 9c 49 09 45 c9 82 41 8b e6 0e 79 d8 eb c1 07 11 a1 b2 c8 21 57 1c 0d b8 04 e1 2c 63 11 fd a9 2a c7 f0 5f 34 56 68 05 6f c2 31 04 1e f0 a2 2a bd 18 4c 7b b0 d1 39 a4 6c 03 4a 3b c8 2d d2 04 61 21 16 b4 16 ef 23 cc 1c 08 05 91 4e 33 29 98 8a 10 d6 c2 25 c5 96 6a 46 d8 83 af d5 04 bd 74 8c c0 8c e0 19 fd 8a 9b 30 60 8e c8 26 ce 65 93 d1 68 bd 5e 87 ac 20 19 6a b3 1a c9 12 62 47 1f e6 b3 cb ab c5 e5 90 88 12 f8 8b 92 68 bd d8 bf 72 61 48 e0 72 03 2c 23 1a 11 5b 12 39 c9 d6 a0 0d b0 95 41 aa 39 ed 69 ae 8d 70 42 ad 8e c1 ea d8 ad 99 c1 1e 70 61 9d 11 cb dc b5 1c aa 49 91 d2 26 80 3c 62 0a 5e 9c 2d 60 be 78 01 e7 67 8b f9 e2 b8 07 bf cf af df 7f fc 72 0d bf 9f 7d fe 7c 76 75 3d bf 5c c0 c7 cf 30 fb 78 75 31 bf 9e 7f bc a2 5f ef e0 ec ea 2b fc 7b 7e 75 71 0c 48 fe d0 16 bc cf 8c 67 4f 14 85 f7 ce 1f 0b 16 88 ad f5 b1 2e e9 d8 0c 23 11 8b 88 44 a9 55 ce 56 08 2b 7d 87 46 91 16 c8 d0 a4 c2 fa fb 59 22 c7 7b 20 45 2a 1c 73 c5 c3 81 22 5a f2 6a d4 eb 8d 28 4a af e0 1d 8d 4f b5 21 99 8a 36 a5 45 8f d7 b8 bd 30 19 45 8c 1a 47 89 b4 be 15 18 25 9a a6 d9 e2 36 e5 bc 20 ce 55 e4 db 83 b5 50 5c af 07 f0 8d 0e 04 22 86 e0 e8 a8 7c aa 7a 67 65 af 07 00 fd 67 d0 e5 86 0e d3 01 a1 e8 c1 83 9f 72 c7 0c 70 1d e5 29 2a 07 a7 35 b6 7e f1 b0 d1 08 e6 97 bf 10 08 6d 11 53 9b 67 99 36 0e 1c de bb 99 56 8e 60 fe e6 b0 26 2b 13 9d 4b 0e 31 93 72 c9 a2 db 32 18 0a cd 35 41 c3 6a 59 d5 6e af 77 ed b4 b7 df 98 d6 f7 69 aa 19 84 4b cd 37 d3 9a 69 4b 03 b5 ed ac a9 4c 69 c2 ae 58 8a 7e 34 c7 bb 9b e8 86 a2 96 49 b6 99 95 13 e8 7e 7e d3 74 af a5 7a 9f 73 df d7 5c 36 a7 23 36 d0 5c dc cd 24 b3 76 07 1b 56 77 1b 8a 36 b2 d0 7f f1 14 9c ea 0d bc f7 61 91 31 d5 01 f5 a5 06 72 99 3b 47 74 1f 1b 5c 95 0f 1a 9e c6 37 e0 56 a8 95 c4 66 c7 f6 65 88 12 d3 b6 7f 64 6f 2a ac fd 20 d4 ed a1 7b 17 65 b1 3f 2d 4f 54 1f 0d 6e 22 83 cc e1 7b 64 1c cd 65 39 33 28 1b 7d 3c 8e eb a9 e5 0f 49 b3 77 5f ef 0d c6 75 d0 9b 27 9c 7b 43 ab 59 c4 63 9b a3 72 55 bd a4 4f 17 ec 0f a6 55 f7 61 67 18 79 d1 55 82 5a 37 7c a2 87 65 19 2a 3e 4b 84 e4 41 25 ad 0a 94 a7 dd 10 36 18 54 4e b4 2e f9 7d d2 96 82 b1 63 dd 6e 6b 31 6e 66 e3 99 84 db d3 76 04 45 0c c1 d1 51 ed 3d bc 7c 09 e5 af b6 ff 07 6c 3a bc 98 ab 58 9b 94 f9 cb fb 98 04 1d f7 dc 6a 7b e8 75 8b ec 18 7b b1 4b 5e d0 c8 cb 9e c7 55 1c cb 73 fc 50 3c da bd a1 f0 29 6f 55 e6 fc c9 86 e6 7d 78 15 26 78 0d 7d fa ff 35 58 a1 56 12 49 69
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 11 Mar 2025 20:45:42 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveVary: Accept-EncodingContent-Encoding: gzipContent-Length: 3685Keep-Alive: timeout=5, max=75Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 52 6b 6f 1c 37 b2 fd 2c 01 fe 0f a5 fe 10 d9 b1 7a da 92 fc 88 e3 9e 09 f4 70 12 dd 8d 1f 88 15 03 8b 45 20 70 c8 ea 6e 4a 6c b2 97 64 cf 68 f6 e6 fe f7 5b 24 7b 1e 92 1d 3f e2 60 61 27 1e b3 59 c5 53 a7 ce 39 e5 ce e9 ab 93 f3 7f be 7e 0e 8d 6f d5 e4 ce 76 b9 93 e7 ff 92 15 28 0f 67 cf e1 09 fc 3e 81 32 94 40 31 5d 8f 33 d4 19 70 c5 9c 1b 67 12 1f 67 54 dc f9 17 6a 21 ab df f3 7c e3 f5 f2 29 fd f9 d3 d7 4f 3e f4 fa bb 8f bd fe ee 43 af 9f 7e ec f5 d3 3f 7d 7d b7 8e 8b 3f bd f7 c7 ce dd b3 e7 f7 7e 9f 84 c2 bb 1a 84 e7 79 7e 0b a2 41 26 c2 bf 2d 7a 06 bc 61 d6 a1 1f 67 bd af 72 62 7b 67 fb ce 36 31 f2 d2 2b 9c 1c 1d c3 1b 53 f9 39 b3 08 a7 38 43 65 ba 16 b5 2f 8b 54 be b3 bd 45 ff 27 1c cd 5a 1c 67 d6 4c 8d 77 b4 81 d1 9e 1a 69 07 2d f0 7a 0f 2a a3 94 99 07 f4 ad d2 71 2b 3b 0f cc 2d 34 07 67 f9 38 6b bc ef dc f7 45 e1 90 f7 16 bb 7e ca 84 1b d5 23 61 fa a9 42 ae 24 bf 1a 69 f4 85 67 75 71 e9 8a ba f3 a3 4b 97 4d ca 22 21 45 50 25 f5 15 34 16 ab f1 6e 51 54 34 9d 00 8c a9 15 b2 4e ba 11 37 6d c1 9d fb a1 62 ad 54 8b f1 3f 99 36 1a ef ff 83 55 15 a2 63 fe 3f bb 60 51 8d 77 9d 5f 28 74 0d a2 df 05 bf e8 70 bc eb f1 da 87 97 bb b7 86 44 ca c4 78 3e 9f 8f 04 ce 72 1e 47 f8 06 5b 2c ce b4 36 33 e6 a5 d1 05 d9 88 de 05 80 c2 22 1d 47 74 ca e2 ac 6c 3d 2b fb 6b d8 11 20 00 fe 30 1b 1f 8e 0e 46 87 ef 07 0e d8 43 66 54 8a cc ef e1 7a 65 43 34 a0 28 42 6e 1e b9 46 ce 06 d9 b8 11 18 e7 ba 99 2e bc ed f5 55 6a 79 57 f9 8d 6c c1 fb e6 3d 81 30 30 c6 7c 73 e4 67 09 48 ae 0b 71 31 45 c5 3c 8a 4e d7 b7 59 6c a0 4f e0 f4 74 d9 f9 fa e5 4f a3 4a 5e df dd 95 6d bd 07 23 7a 78 31 ad 77 ef 3d 03 8a 88 bc 06 a6 17 50 52 69 02 c6 2e ab 30 65 fc aa b6 a6 d7 22 97 2d ab d1 c1 8d 39 9b eb de d9 0e cb b6 e8 19 68 d6 e2 38 bb c2 c5 dc 58 41 16 73 4a 20 6a 3f ce 78 c1 ef df 2f 04 aa ae 91 40 8b a2 32 5d 4b 95 3d a8 e9 09 b4 46 08 a9 eb 0c 8a 49 90 ae 2c 1a 64 22 e8 58 4e 8d 58 80 14 e3 4c 6a 81 d7 19 6c 78 09 4e 7a 84 d0 89 16 22 8f ad 32 7d 25 67 85 9c 01 57 24 1d a9 1c af 63 10 6e 16 e6 96 75 dd aa b2 95 7e 23 b8 32 b5 29 c2 84 b0 d3 00 1f 6a ec 43 e9 cc 22 d5 f0 94 98 1e 1d c3 1b 53 f9 39 b3 08 a7 eb 95 cb 82 bd 3b ad 65 52 93 7a 33 59 47 c3 37 e6 d1 65 04 0d 1d 39 7d 2c a9 6e 95 bd 5a 1e b7 4a 25 97 1b f1 de 5a 9a 02 8c 7b 39 43 80 a4 db e4 63 bc bd f4 8a ac 3b 26 ee d9 24 fc 06 9a 65 a1 e4 64 7b 03 bc f6 81 c0 87 b1 42 cf 1a f0 a7 f3 23 78 9b 4d e8 12 66 7f 06 29 3f 05 53 de 02 3d 1b 50 e5 9f c2 3a f6 09 b0 8e dd 84 7d c3 34 1c 69 61 91 b9 84 ef d8 7b f1 dd d5 c2 ca f6 63 03 52 d7 7a c2 9b e1 55 ba 7f 2f 70 c5 94 32 bd 7f f8 31 e8 65 df 1a fc c7 74 03 f4 74 38 be 77 40 2b 1d ff 18 78 e8 59 03 bf a0 2f 54 8a 69 34 bd 03 6f 8c 22 6d 42 cb 1a 3f a5 b0 58 45 b2 2c 28 aa e9 5c

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: AutoItHost: api.ipify.org
Source: global traffic	HTTP traffic detected: GET /api/json/ip/5SPfwvEV3gwc55pvxBQOnjhEt01fgi0C/64.92.1.46 HTTP/1.1User-Agent: AutoItHost: ipqualityscore.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: dev-c.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ppub_config?ippd=dev-c.com HTTP/1.1Host: securepubads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /X-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/html/r20250305/r20190131/zrt_lookup_fy2021.html HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /pagead/ads?client=ca-pub-6378420293255774&output=html&h=60&slotname=3175329410&adk=362837501&adf=499010872&pi=t.ma~as.3175329410&w=468&lmt=1741725905&url=http%3A%2F%2Fdev-c.com%2F&wgl=1&dt=1741725897628&bpp=4160&bdt=4300&idt=8305&shv=r20250305&mjsv=m202503040101&ptt=5&saldr=sd&abxe=1&cookie_enabled=1&eoidce=1&correlator=1803233056410&frm=20&pv=2&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=198&ady=170&biw=1263&bih=895&scr_x=0&scr_y=0&eid=31090874%2C31090875%2C95353451%2C95354315%2C95354325%2C95354336%2C95354598%2C95355300&oid=2&pvsid=2773668714931520&tmod=1225023985&uas=0&nvt=1&fc=896&brdim=-32000%2C-32000%2C-32000%2C-32000%2C1280%2C0%2C160%2C28%2C1280%2C895&vis=2&rsz=%7C%7CeEr%7C&abl=CS&pfx=0&fu=0&bc=23&bz=0.13&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=8334 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /pagead/ads?client=ca-pub-6378420293255774&output=html&adk=3895348141&adf=3876334049&abgtt=9&lmt=1741725905&plaf=7%3A2&plat=1%3A16777216%2C3%3A128%2C4%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=154x606_l%7C154x606_r&format=0x0&url=http%3A%2F%2Fdev-c.com%2F&pra=7&wgl=1&aihb=0&asro=0&ailel=1~2~4~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiapm=0.15&aiapmi=0.33938&aiact=0.3&aicct=0.5&ailct=0.6&dt=1741725901789&bpp=4&bdt=8462&idt=4179&shv=r20250305&mjsv=m202503040101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_slotnames=3175329410&nras=1&correlator=1803233056410&frm=20&pv=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1263&bih=895&scr_x=0&scr_y=0&eid=31090874%2C31090875%2C95353451%2C95354315%2C95354325%2C95354336%2C95354598%2C95355300&oid=2&pvsid=2773668714931520&tmod=1225023985&uas=0&nvt=1&fsapi=1&fc=896&brdim=-32000%2C-32000%2C-32000%2C-32000%2C1280%2C0%2C160%2C28%2C1280%2C895&vis=2&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&bz=0.13&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=4194 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /i/ca-pub-6378420293255774?href=http%3A%2F%2Fdev-c.com&ers=2 HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxUiWdnLedzp8Jqh8i2fn7g3Cs0I6Oel-gxrIMCOfVA85e7SWz3bSgeMLeQ_BC0pDEN2U-kQNwJ9mlkSQhgdfB6d7qEYUeK1erv5gsvYn-395Uw1EiLSC5E0TtggBTKu5yiwyat_2Q==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQxNzI1OTEzLDIyOTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cDovL2Rldi1jLmNvbS8iLG51bGwsW1s4LCJ6NjlyNm5TQ21ZdyJdLFs5LCJlbi1VUyJdLFsyMywiMTc0MTcyNTkwOSJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXV1d HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxWc7ZA-Jh8GSJh3_8ua1mJd236iVIQPNwkbq9lsQ7gx292WZ6cD5K6WMh0nflkV9vah6HirbiGwUas0ljb_WWUcjmm6cvEdP4gMJWhlKR1TqbsCp4_9nnKOMIpc3YMziao1wRSOIg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQxNzI1OTE2LDE0MjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHA6Ly9kZXYtYy5jb20vIixudWxsLFtbOCwiejY5cjZuU0NtWXciXSxbOSwiZW4tVVMiXSxbMjMsIjE3NDE3MjU5MDkiXSxbMTksIjIiXSxbMTcsIlswXSJdLFsyNCwiIl1dXQ HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /getconfig/sodar?sv=200&tid=gda&tv=r20250305&st=env HTTP/1.1Host: ep1.adtrafficquality.googleConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: http://dev-c.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sodar/sodar2.js HTTP/1.1Host: ep2.adtrafficquality.googleConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxVdlyHQyraEWhg_iYxrVdbFeYJWPpRyfdA2Mpvi0cwSH_Qf9KLj04AtGIrgAb9jKd67DqtCJJ6UjMoWce3CG0TebsZlRwIkw4kultr3_tpRVbpuQWsFqIJDph9celdut1SaV2zG37pyj8RvAiu57A0uJZOVUXaCNkJpAZ6yjk9RQuMkuwmLzqHA6175/_/publisher.ad./468x060_/aduxads./ads-new./adifyids. HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/aframe HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sodar/sodar2/232/runner.html HTTP/1.1Host: ep2.adtrafficquality.googleConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxXVHfH5MJHi8Spggpe1_qJ0dPxzjU46Q5y4sJNdB9lBYWlPGIp9qYGUMAlg0JT6sicgGKcZHyWHwEzEhkRibktCws_dAZoChvwrxmidUlomMzHDCBVRlU1zsdoLTyDRhq2cg9-CpQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzQxNzI1OTI4LDQxMDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbNyw5LDZdLG51bGwsMixudWxsLCJlbiIsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLDFdLCJodHRwOi8vZGV2LWMuY29tLyIsbnVsbCxbWzgsIno2OXI2blNDbVl3Il0sWzksImVuLVVTIl0sWzIzLCIxNzQxNzI1OTA5Il0sWzE5LCIyIl0sWzE3LCJbMF0iXSxbMjQsIiJdXV0 HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/sodar?id=sodar2&v=232&t=2&li=gda_r20250305&jk=2773668714931520&bg=!LyylLGPNAAYM8O73LPA7ADQBe5WfOE9G9wx6uCzwF-WTD4YIJlY7_sN5zevNsXBa_-34ZUoDu7uXjV9LDuB1yZzwH-IZAgAAAQlSAAAABmgBB34AOE2NUo9xC2S0AGG2xEuXUcLTG--du0SK23-NNy-nBBhdtQWXS-MdCsCm2U3eI1u4m7thiDD62ACBmQVpaxPcM5BTn66l6tb4RfPax1pwyMynpQSVfODCdERAj1sfrjpqWZsBpwaD_cLatVzt2J1sodx8n-UQEh43DHaTu0C8jFqj0OWQRuBqc4tjImCA0L4eLhAF4Uo8zhbD2ULMHh0HYaO_JFjX3GcZ2fB17umez1DtTrVzX3t4EkjJ7LDbfYJ8rRGhsqEr1vao4l6EPQUg0QrLVe8ilqM2_lyE8XDi7oC408_XYUirEz4f9AgPDO5QVnrMqS6duhrCNFQzD8ksMVN_qJkZEPwLd3HTcpsjdp5lqpLv7abFoBQv5fJZNtajyDt3nlshM2oXmX7JriFcWCoNfz3Ty0sYizaJQgKEFYtDUFRSvLypSYgEkrStB-A94yZ0Tnrbu6L7Xd_l4HpNk3QebIRIMmaBU7fXBj8lf8XqyvGMn7XOmS22dJftU8u2jmVWSumtOdDa9Rm_LxTQ3tAXv28Kh8pW7GR9zA1My849uJOsQOk225Knt2rklvLiL_iua5S9b_DFJAv13ZHmruqM14bBwF_I7UIKE-Y8ipW3i1rh8Aa04deWwjHQyA_7HUwU3LMaF2alKeIRuRNHZEpo-Cmf0FCt_75qzbd1xWN2ytLHZ-F5Giq9mq3dKwqSgUND3xIdv-FTctBF1xG91Fx0pjOrrXaoJAy2ERTAik2GhWIRgwbEE1ugHR7fqLYGnVW9Ucc6bWWFM53MFX6ZIrilyletKsSb9QO00c6V2PgI9En7y95ekKdzH9hOjeMcd1GdPlWk_pby6j49aHEepLk36oCjegOo-KCnHi0KFD1Tvhu6-OgYihAUaboz5ueD4LboerrX-it47IhLvRM9jAJzgDd-E0ZN-kZCdp5ThsYclA1rVbRa5DHhLFhAMObZ7zK9IZgJrBrwY_MGJMdTtHGF-YYd1GvZxe0izKcc5nIRna7raqxoFyFMrNNqBWBg94LyJG4tjxytN3txxIBxfrrxEICJH6ckjNpvJw7bqC7P_w61MUbBTyYQkXJxDfgdYTtvfYIsmzyDSexTM-QPEc0JTtECMONy-5-GQwO22HiFG4SjE5pOqxrnyPCWR2koqPibMeqjE0iMIIG9uSjIAo8-vn87f7RIsHzt_w1iJI7Z4J699seITnLlxBQsnivIZL5Y8N2ZHQfW_VhVtfagtfs2T5ciU2yLwZPWkgVPwjr2scsUvkVnBLyWC90IeqaelNy634qf-3pfMj4E7vu5RtXpSvHtB3s3CzOyDkddVKhNfiONYhrKY0L6mpAOvDwtIPPYIrSmF_zXlqlEQDumyjBgTWazBI5djRy8YVTuvXPU1saCVASJeyhR4E0Ls_Tp4XT9w9igRoPRPD5FU5Z6QynVJHAN2ILt7W5JU_mPe-GUMkYi9IkbGP96YK0YCiP-babKqBkPOxHBBc9-YadyFbzCZ3IplL3rfcNxNUjiQS_lgwceM4eCZYXuhGEj7O_627L5GXm8Wp1fl6xSjqasi9v2Vq-bvOZdkFdIP3uaSURR-hX0eq-X5Zf4ezOTTuMFt8algO9ro6LCWy7j3D-FzAWRxu9KEB14uicbj1oJu8fflXPj72qQrjOeIxomqkw9cAujh3vca2NsjAZaM6t6vWS97H9xC14PEPp-iIJyvXUAGiRryHp5ipzfzUG6WNsVUWln8XDV4cFchiQ0I4N_d8mmo9QT-6DymZAqny79BVlKiInI9r1_5nfY0DICSP6SwmyQAeXUcs6jv5h12hqn8Vqw1fei2MPP1FjjQmB5r30zueR6wywCYeH6ktcKGSYuSwPUZcnbZ-uYf2zfnfMQbsMfxgytBuUonUzsqEu9Ul-JcK6PZvRX1vVRwieJaVRj1QwEBQM HTTP/1.1Host: ep1.adtrafficquality.googleConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?client=ca-pub-6378420293255774&output=html&h=60&slotname=3175329410&adk=362837501&adf=499010872&pi=t.ma~as.3175329410&w=468&lmt=1741725941&url=http%3A%2F%2Fdev-c.com%2F&wgl=1&dt=1741725941490&bpp=125&bdt=46&idt=205&shv=r20250305&mjsv=m202503040101&ptt=5&saldr=sd&abxe=1&cookie=ID%3Daad2ff5825f2ab03%3AT%3D1741725909%3ART%3D1741725909%3AS%3DALNI_MYHMyNdIhA1bMSRJ85udlIrG9u1OQ&gpic=UID%3D0000105b5fe92494%3AT%3D1741725909%3ART%3D1741725909%3AS%3DALNI_MbV_MOYMCKHxEM0J9FbPmRl4Ydlag&eo_id_str=ID%3Dd35e111b4b2e24bc%3AT%3D1741725909%3ART%3D1741725909%3AS%3DAA-AfjawxxXsq4W34ohTrtknLOKI&correlator=2300032882602&frm=20&pv=2&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=198&ady=170&biw=1263&bih=897&scr_x=0&scr_y=0&eid=31090664%2C31090874%2C31090876%2C95354313%2C95354324%2C95354338%2C95354598%2C31090358%2C95354595&oid=2&pvsid=3439473246316647&tmod=1225023985&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C897&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=229 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUlXeYoi2FYdknpDsY6EuNioNFJtwXb8eILfa9ss6mzpOLA_0fWxgL-Io7wqf8k
Source: global traffic	HTTP traffic detected: GET /pagead/ads?client=ca-pub-6378420293255774&output=html&adk=3895348141&adf=3876334049&abgtt=9&lmt=1741725941&plaf=7%3A2&plat=1%3A16777216%2C3%3A128%2C4%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=154x606_l%7C154x606_r&format=0x0&url=http%3A%2F%2Fdev-c.com%2F&pra=7&wgl=1&aihb=0&asro=0&ailel=1~2~4~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiapm=0.15&aiapmi=0.33938&aiact=0.5&aicct=0.6&ailct=0.4&dt=1741725941615&bpp=7&bdt=171&idt=118&shv=r20250305&mjsv=m202503040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daad2ff5825f2ab03%3AT%3D1741725909%3ART%3D1741725909%3AS%3DALNI_MYHMyNdIhA1bMSRJ85udlIrG9u1OQ&gpic=UID%3D0000105b5fe92494%3AT%3D1741725909%3ART%3D1741725909%3AS%3DALNI_MbV_MOYMCKHxEM0J9FbPmRl4Ydlag&eo_id_str=ID%3Dd35e111b4b2e24bc%3AT%3D1741725909%3ART%3D1741725909%3AS%3DAA-AfjawxxXsq4W34ohTrtknLOKI&prev_slotnames=3175329410&nras=1&correlator=2300032882602&frm=20&pv=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1263&bih=897&scr_x=0&scr_y=0&eid=31090664%2C31090874%2C31090876%2C95354313%2C95354324%2C95354338%2C95354598%2C31090358%2C95354595&oid=2&pvsid=3439473246316647&tmod=1225023985&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C897&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=127 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUlXeYoi2FYdknpDsY6EuNioNFJtwXb8eILfa9ss6mzpOLA_0fWxgL-Io7wqf8k
Source: global traffic	HTTP traffic detected: GET /i/ca-pub-6378420293255774?href=http%3A%2F%2Fdev-c.com&ers=2 HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?gdpr=0&client=ca-pub-6378420293255774&output=html&h=280&adk=3175694369&adf=2617822577&pi=t.aa~a.296669892~rp.4&w=1200&abgtt=9&fwrn=4&fwrnh=100&lmt=1741725949&rafmt=1&to=qs&pwprc=1653217365&format=1200x280&url=http%3A%2F%2Fdev-c.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1741725909507&bpp=2&bdt=16179&idt=2&shv=r20250305&mjsv=m202503040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daad2ff5825f2ab03%3AT%3D1741725909%3ART%3D1741725909%3AS%3DALNI_MYHMyNdIhA1bMSRJ85udlIrG9u1OQ&gpic=UID%3D0000105b5fe92494%3AT%3D1741725909%3ART%3D1741725909%3AS%3DALNI_MbV_MOYMCKHxEM0J9FbPmRl4Ydlag&eo_id_str=ID%3Dd35e111b4b2e24bc%3AT%3D1741725909%3ART%3D1741725909%3AS%3DAA-AfjawxxXsq4W34ohTrtknLOKI&prev_fmts=0x0&prev_slotnames=3175329410&nras=2&correlator=1803233056410&frm=20&pv=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=32&ady=1636&biw=1263&bih=895&scr_x=0&scr_y=0&eid=31090874%2C31090875%2C95353451%2C95354315%2C95354325%2C95354336%2C95354598%2C95355300&oid=2&pvsid=2773668714931520&tmod=1225023985&uas=0&nvt=1&fc=896&brdim=-32000%2C-32000%2C-32000%2C-32000%2C1280%2C0%2C160%2C28%2C1280%2C895&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&bz=0.13&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=40375 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUlXeYoi2FYdknpDsY6EuNioNFJtwXb8eILfa9ss6mzpOLA_0fWxgL-Io7wqf8k
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxWdu5a-fLRloQ1dYJo-VoW4uddwjRMcG1L_jxiJ4YsiBCyq_JhldH_kqPxnq9NHSssEzz7Ypn1m4sSIpwnesyKXpLsP1QMTXvcZIu2s3t54SDN49p5DxuS65qihuJC0UgsAPgMPZQ==?fccs=W1siQUtzUm9sOGc4emVwTXVvVFE0NFpvV1RNMnQxUHh5NzZHSHVGd1FwOE96SG5GYWhMd3BSMkJhRFNTVy0yd3JlNkRyQlhqNGFNOEtteUQ2cjlVR2d4ZXJteWNqSnExVG9ZZWdiR1NQeklrREZhSnJWLUdUQ3RHeldTWmNIMlNadWtva3BJTWlQbFFCSnJNdWdiVTFUTjVlZlBPTlM1aXVvWFRnPT0iXSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsWzE3NDE3MjU5NTAsNTU2MDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbN11dLCJodHRwOi8vZGV2LWMuY29tLyIsbnVsbCxbWzgsIno2OXI2blNDbVl3Il0sWzksImVuLVVTIl0sWzIzLCIxNzQxNzI1OTA5Il0sWzE5LCIyIl0sWzE3LCJbMF0iXSxbMjQsIiJdXV0 HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?gdpr=0&client=ca-pub-6378420293255774&output=html&h=280&adk=3175694369&adf=2617822577&pi=t.aa~a.296669892~rp.4&w=1200&abgtt=9&fwrn=4&fwrnh=100&lmt=1741725950&rafmt=1&to=qs&pwprc=1653217365&format=1200x280&url=http%3A%2F%2Fdev-c.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1741725949329&bpp=2&bdt=7885&idt=-M&shv=r20250305&mjsv=m202503040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Daad2ff5825f2ab03%3AT%3D1741725909%3ART%3D1741725909%3AS%3DALNI_MYHMyNdIhA1bMSRJ85udlIrG9u1OQ&gpic=UID%3D0000105b5fe92494%3AT%3D1741725909%3ART%3D1741725909%3AS%3DALNI_MbV_MOYMCKHxEM0J9FbPmRl4Ydlag&eo_id_str=ID%3Dd35e111b4b2e24bc%3AT%3D1741725909%3ART%3D1741725909%3AS%3DAA-AfjawxxXsq4W34ohTrtknLOKI&prev_fmts=0x0&prev_slotnames=3175329410&nras=2&correlator=2300032882602&frm=20&pv=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=32&ady=1680&biw=1263&bih=897&scr_x=0&scr_y=0&eid=31090664%2C31090874%2C31090876%2C95354313%2C95354324%2C95354338%2C95354598%2C31090358%2C95354595&oid=2&pvsid=3439473246316647&tmod=1225023985&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C897&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=1240 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUlXeYoi2FYdknpDsY6EuNioNFJtwXb8eILfa9ss6mzpOLA_0fWxgL-Io7wqf8k
Source: global traffic	HTTP traffic detected: GET /pagead/drt/s?v=r20120211 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://googleads.g.doubleclick.net/pagead/html/r20250305/r20190131/zrt_lookup_fy2021.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUlXeYoi2FYdknpDsY6EuNioNFJtwXb8eILfa9ss6mzpOLA_0fWxgL-Io7wqf8k
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxU7JEb9NG5dKJucxHW9YFtHPsM0iX6vk4jYLHY-v_VL9L9S_a0atCr3EZPSZHjCH9nosVoUA_k1PD5o4kjcGX6uhoFbZzUToxK6cu3u7y2eE9WUoCqgVdmrEUqohZmYlrGJj29Scg==?fccs=W1siQUtzUm9sOGc4emVwTXVvVFE0NFpvV1RNMnQxUHh5NzZHSHVGd1FwOE96SG5GYWhMd3BSMkJhRFNTVy0yd3JlNkRyQlhqNGFNOEtteUQ2cjlVR2d4ZXJteWNqSnExVG9ZZWdiR1NQeklrREZhSnJWLUdUQ3RHeldTWmNIMlNadWtva3BJTWlQbFFCSnJNdWdiVTFUTjVlZlBPTlM1aXVvWFRnPT0iXSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsWzE3NDE3MjU5NTMsNzk5MDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbNyw5XSxudWxsLDIsbnVsbCwiZW4iXSwiaHR0cDovL2Rldi1jLmNvbS8iLG51bGwsW1s4LCJ6NjlyNm5TQ21ZdyJdLFs5LCJlbi1VUyJdLFsyMywiMTc0MTcyNTkwOSJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCIiXV1d HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/drt/ui HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/measurement/l?ebcid=ALh7CaSBo9kmvCkXnj0JS3t3SxDGtixCeMD4CtqfdfhV4R5-XjEP92Eys7slht9_y_nnV9yV11p_ HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/drt/si?st=NO_DATA HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUlXeYoi2FYdknpDsY6EuNioNFJtwXb8eILfa9ss6mzpOLA_0fWxgL-Io7wqf8k
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=C1GbJ-aDQZ_mJEv7E1fAPkcO8-A_44_infYS04oSjE4Kd3KDUARABIJ7cmB5gyab5jOSkrBOgAbSFy-U-yAEBqAMBqgTpAU_Qt_k6rN2Q7NECZPUEIkr31X-LGItx0QHnUqKSWbL1Kh8sY-PQIlkkHryVEFvhJw6NaBY6hSqCokooGJN2fpIHptJgQjcAjIWZVYcPxK5s2kJhuKB2yNhfLXjvKnTPkralCr4mHAS6pW8y80TUn4fI920jQZ8Yn6rXv60LBcgeQn1GRlqVNZjn0_1W3-qj5mQcOxhB5DtrKw_OOnbGJjvLSDmvn9T6U7A9x7H3ASbP5Zc3m0c746YSh-NlbzstDVXlq_kgcIWXW4Zu8g5Ait4s7ag2gAX-B5RQuRtu2_7gwyo-HW9-5liqwASsiPeskQXgBAOIBdbw5eVSkAYBgAe0vZvFGagH1ckbqAfZtrECqAemvhuoB47OG6gHk9gbqAfw4BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgH4L2xAqgH_56xAqgH35-xAqgH-MKxAqgH-8KxAtgHANIIKAiA4YBgEAEYHzICywI6C4BAgMCAgICgqIACSL39wTpY-oaP4vKCjAOACgGYCwHICwGADAGqDQJVU-oNEwiei7Xi8oKMAxV-YhUIHZEhD__wDQGwE_Hv1hvYEw2IFALYFAHQFQH4FgGAFwGyFwIYArIYCRIC9k4YASIBAA&sigh=Qo3l-jlqn60&cid=CAQSPACjtLzMV6vyDtC4TFr_Y04hc1vMqjQFQ6xV2MVzhrMDz0dyHNdX4_a8U6vcTHu_T692sP-IIx9qM-TWAA&label=window_focus&gqid=-aDQZ8_qEKbZx_AP8ZnA2Q0&qqid=CLnqj-LygowDFX5iFQgdkSEP_w&bgload=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CLbgygE=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://googleads.g.doubleclick.net/pagead/html/r20250305/r20190131/zrt_lookup_fy2021.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUlXeYoi2FYdknpDsY6EuNioNFJtwXb8eILfa9ss6mzpOLA_0fWxgL-Io7wqf8k
Source: global traffic	HTTP traffic detected: GET /getconfig/sodar?sv=200&tid=gda&tv=r20250305&st=env HTTP/1.1Host: ep1.adtrafficquality.googleConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: http://dev-c.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/interaction/?ai=C1GbJ-aDQZ_mJEv7E1fAPkcO8-A_44_infYS04oSjE4Kd3KDUARABIJ7cmB5gyab5jOSkrBOgAbSFy-U-yAEBqAMBqgTpAU_Qt_k6rN2Q7NECZPUEIkr31X-LGItx0QHnUqKSWbL1Kh8sY-PQIlkkHryVEFvhJw6NaBY6hSqCokooGJN2fpIHptJgQjcAjIWZVYcPxK5s2kJhuKB2yNhfLXjvKnTPkralCr4mHAS6pW8y80TUn4fI920jQZ8Yn6rXv60LBcgeQn1GRlqVNZjn0_1W3-qj5mQcOxhB5DtrKw_OOnbGJjvLSDmvn9T6U7A9x7H3ASbP5Zc3m0c746YSh-NlbzstDVXlq_kgcIWXW4Zu8g5Ait4s7ag2gAX-B5RQuRtu2_7gwyo-HW9-5liqwASsiPeskQXgBAOIBdbw5eVSkAYBgAe0vZvFGagH1ckbqAfZtrECqAemvhuoB47OG6gHk9gbqAfw4BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgH4L2xAqgH_56xAqgH35-xAqgH-MKxAqgH-8KxAtgHANIIKAiA4YBgEAEYHzICywI6C4BAgMCAgICgqIACSL39wTpY-oaP4vKCjAOACgGYCwHICwGADAGqDQJVU-oNEwiei7Xi8oKMAxV-YhUIHZEhD__wDQGwE_Hv1hvYEw2IFALYFAHQFQH4FgGAFwGyFwIYArIYCRIC9k4YASIBAA&sigh=Qo3l-jlqn60&cid=CAQSPACjtLzMV6vyDtC4TFr_Y04hc1vMqjQFQ6xV2MVzhrMDz0dyHNdX4_a8U6vcTHu_T692sP-IIx9qM-TWAA&label=window_focus&gqid=-aDQZ8_qEKbZx_AP8ZnA2Q0&qqid=CLnqj-LygowDFX5iFQgdkSEP_w&bgload=1 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /X-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUlXeYoi2FYdknpDsY6EuNioNFJtwXb8eILfa9ss6mzpOLA_0fWxgL-Io7wqf8k; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: dev-c.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /theme/Innovation/assets/css/reset.css HTTP/1.1Host: www.dev-c.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://dev-c.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /theme/Innovation/style.css?v=3.2.3 HTTP/1.1Host: www.dev-c.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://dev-c.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /theme/Innovation/assets/images/break.png HTTP/1.1Host: www.dev-c.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://dev-c.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookiechoices.js HTTP/1.1Host: dev-c.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Referer: http://dev-c.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /theme/Innovation/assets/images/break.png HTTP/1.1Host: www.dev-c.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: dev-c.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://dev-c.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __gads=ID=aad2ff5825f2ab03:T=1741725909:RT=1741725909:S=ALNI_MYHMyNdIhA1bMSRJ85udlIrG9u1OQ; __gpi=UID=0000105b5fe92494:T=1741725909:RT=1741725909:S=ALNI_MbV_MOYMCKHxEM0J9FbPmRl4Ydlag; __eoi=ID=d35e111b4b2e24bc:T=1741725909:RT=1741725909:S=AA-AfjawxxXsq4W34ohTrtknLOKI
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: dev-c.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __gads=ID=aad2ff5825f2ab03:T=1741725909:RT=1741725909:S=ALNI_MYHMyNdIhA1bMSRJ85udlIrG9u1OQ; __gpi=UID=0000105b5fe92494:T=1741725909:RT=1741725909:S=ALNI_MbV_MOYMCKHxEM0J9FbPmRl4Ydlag; __eoi=ID=d35e111b4b2e24bc:T=1741725909:RT=1741725909:S=AA-AfjawxxXsq4W34ohTrtknLOKI
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: dev-c.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __gads=ID=aad2ff5825f2ab03:T=1741725909:RT=1741725909:S=ALNI_MYHMyNdIhA1bMSRJ85udlIrG9u1OQ; __gpi=UID=0000105b5fe92494:T=1741725909:RT=1741725909:S=ALNI_MbV_MOYMCKHxEM0J9FbPmRl4Ydlag; __eoi=ID=d35e111b4b2e24bc:T=1741725909:RT=1741725909:S=AA-AfjawxxXsq4W34ohTrtknLOKI; FCNEC=%5B%5B%22AKsRol8g8zepMuoTQ44ZoWTM2t1Pxy76GHuFwQp8OzHnFahLwpR2BaDSSW-2wre6DrBXj4aM8KmyD6r9UGgxermycjJq1ToYegbGSPzIkDFaJrV-GTCtGzWSZcH2SZukokpIMiPlQBJrMugbU1TN5efPONS5iuoXTg%3D%3D%22%5D%5D

Source: global traffic	DNS traffic detected: DNS query: ipqualityscore.com
Source: global traffic	DNS traffic detected: DNS query: dev-c.com
Source: global traffic	DNS traffic detected: DNS query: securepubads.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: www.dev-c.com
Source: global traffic	DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: fundingchoicesmessages.google.com
Source: global traffic	DNS traffic detected: DNS query: ep1.adtrafficquality.google
Source: global traffic	DNS traffic detected: DNS query: ep2.adtrafficquality.google
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

HTTP traffic detected: POST /el/AGSKWxWSDHZS9YGpke5ynKGbYl5AlNvrXB5xVtf3CauVWG4MZirYPJg93vo-PyVz2CnL7uxYGdZ6C6HKtoI3AIxOa63rBt5Bx-TuuCQlnJD7Qp50uxzWi-NB2og0E5j2XrTg8xAyL9nvWQ== HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-aliveContent-Length: 247sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plainsec-ch-ua-mobile: ?0Accept: */*Origin: http://dev-c.comX-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://dev-c.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: ScriptHookV.dll, readme.txt, www.dev-c.com.url	String found in binary or memory: http://dev-c.com
Source: ScriptHookV (2024_10_23 08_00_08 UTC).dll, ScriptHookV.dll	String found in binary or memory: http://dev-c.com/gtav/scripthookv/
Source: ScriptHookV (2024_10_23 08_00_08 UTC).dll, ScriptHookV.dll	String found in binary or memory: http://dev-c.com/gtav/scripthookv/INIT:
Source: chromecache_109.11.dr	String found in binary or memory: http://google.com
Source: chromecache_101.11.dr, chromecache_109.11.dr	String found in binary or memory: http://googleads.g.doubleclick.net
Source: readme (2024_10_23 08_00_08 UTC).txt, readme.txt	String found in binary or memory: http://gtaforums.com/topic/932648-script-hook-v/
Source: chromecache_109.11.dr	String found in binary or memory: http://mathiasbynens.be/
Source: chromecache_101.11.dr, chromecache_109.11.dr	String found in binary or memory: http://pagead2.googlesyndication.com
Source: chromecache_129.11.dr, chromecache_103.11.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_103.11.dr	String found in binary or memory: http://www.broofa.com
Source: readme (2024_10_23 08_00_08 UTC).txt, readme.txt	String found in binary or memory: http://www.dev-c.com/gtav/scripthookv/
Source: README.txt.copy0	String found in binary or memory: http://www.dev-c.com/gtav/scripthookv/)
Source: chromecache_108.11.dr	String found in binary or memory: https://adsense.com.
Source: chromecache_107.11.dr	String found in binary or memory: https://adssettings.google.com/whythisad?source=display
Source: chromecache_109.11.dr	String found in binary or memory: https://cdn.ampproject.org/amp4ads-host-v0.js
Source: chromecache_109.11.dr	String found in binary or memory: https://cdn.ampproject.org/rtv/$
Source: README.txt.copy0	String found in binary or memory: https://ci.appveyor.com/api/projects/status/github/crosire/scripthookvdotnet?branch=master&svg=true)
Source: README.txt.copy0	String found in binary or memory: https://ci.appveyor.com/project/crosire/scripthookvdotnet)
Source: chromecache_109.11.dr	String found in binary or memory: https://cse.google.com/cse.js
Source: chromecache_126.11.dr, chromecache_95.11.dr	String found in binary or memory: https://ep1.adtrafficquality.google/bg/
Source: chromecache_109.11.dr	String found in binary or memory: https://ep1.adtrafficquality.google/getconfig/sodar
Source: chromecache_126.11.dr	String found in binary or memory: https://ep1.adtrafficquality.google/pagead/gen_204?id=sodar2&v=231
Source: chromecache_95.11.dr	String found in binary or memory: https://ep1.adtrafficquality.google/pagead/gen_204?id=sodar2&v=232
Source: chromecache_126.11.dr	String found in binary or memory: https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=231
Source: chromecache_95.11.dr	String found in binary or memory: https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232
Source: chromecache_95.11.dr	String found in binary or memory: https://ep2.adtrafficquality.google
Source: chromecache_95.11.dr	String found in binary or memory: https://ep2.adtrafficquality.google/sodar/
Source: chromecache_109.11.dr	String found in binary or memory: https://ep2.adtrafficquality.google/sodar/$
Source: chromecache_109.11.dr	String found in binary or memory: https://ep3.adtrafficquality.google/ivt/worklet/caw.js
Source: chromecache_127.11.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_109.11.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Google
Source: chromecache_109.11.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Google
Source: chromecache_127.11.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v62/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RP
Source: README.txt.copy0	String found in binary or memory: https://forums.gta5-mods.com/category/5/general-modding-discussion)
Source: chromecache_109.11.dr	String found in binary or memory: https://fundingchoicesmessages.google.com/i/$
Source: README.txt.copy0	String found in binary or memory: https://github.com/crosire/scripthookvdotnet/releases)
Source: chromecache_101.11.dr, chromecache_109.11.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: chromecache_109.11.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/$
Source: chromecache_107.11.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/interaction/?ai=&sigh=BpnfxIaauQU&cid=CAQSOwCjtLz
Source: README.txt.copy0	String found in binary or memory: https://gtaforums.com/forum/372-coding/).
Source: README.txt.copy0	String found in binary or memory: https://help.github.com/articles/using-pull-requests/).
Source: chromecache_109.11.dr, chromecache_94.11.dr, chromecache_104.11.dr, chromecache_85.11.dr, chromecache_116.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_126.11.dr, chromecache_95.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/bg/
Source: chromecache_109.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/getconfig/sodar
Source: chromecache_129.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=
Source: chromecache_129.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=error&bin=
Source: chromecache_129.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=error&name=invalid_geo&context=10
Source: chromecache_129.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=extra&rnd=
Source: chromecache_129.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fetch&later&lidartos
Source: chromecache_129.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fetch&later&start&control&fle=1&s
Source: chromecache_129.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fle-fetch-fallback2
Source: chromecache_129.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fle-fetch-later2
Source: chromecache_129.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fle-fetch-pagehide2
Source: chromecache_129.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fle-fetch-start2
Source: chromecache_129.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=
Source: chromecache_113.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=fccs&
Source: chromecache_108.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=plmetrics
Source: chromecache_101.11.dr, chromecache_116.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=rcs_internal
Source: chromecache_86.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=rhmss
Source: chromecache_126.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=231
Source: chromecache_95.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=232
Source: chromecache_110.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=urind
Source: chromecache_109.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/html/$
Source: chromecache_109.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/$
Source: chromecache_101.11.dr, chromecache_109.11.dr, chromecache_116.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Source: chromecache_109.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=
Source: chromecache_101.11.dr, chromecache_110.11.dr, chromecache_108.11.dr, chromecache_109.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/err_rep.js
Source: chromecache_108.11.dr, chromecache_109.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/logging_library.js
Source: chromecache_108.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/managed/dict/$
Source: chromecache_107.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Source: chromecache_109.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/$
Source: chromecache_109.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/ping
Source: chromecache_109.11.dr, chromecache_116.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/ping?e=1
Source: chromecache_96.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?
Source: chromecache_126.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=231
Source: chromecache_95.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=232
Source: chromecache_129.11.dr	String found in binary or memory: https://publickeyservice.msmt.gcp.privacysandboxservices.com
Source: chromecache_109.11.dr	String found in binary or memory: https://securepubads.g.doubleclick.net/pagead/js/car.js
Source: chromecache_109.11.dr	String found in binary or memory: https://securepubads.g.doubleclick.net/pagead/js/cocar.js
Source: chromecache_109.11.dr	String found in binary or memory: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Source: chromecache_116.11.dr	String found in binary or memory: https://support.google.com/adsense/answer/9190028.
Source: chromecache_95.11.dr	String found in binary or memory: https://tpc.googlesyndication.com
Source: chromecache_107.11.dr	String found in binary or memory: https://tpc.googlesyndication.com/pagead/js/r20250303/r20110914/client/window_focus_fy2021.js
Source: chromecache_95.11.dr	String found in binary or memory: https://tpc.googlesyndication.com/sodar/
Source: chromecache_109.11.dr	String found in binary or memory: https://tpc.googlesyndication.com/sodar/$
Source: chromecache_95.11.dr	String found in binary or memory: https://www.google.com
Source: chromecache_108.11.dr	String found in binary or memory: https://www.google.com/adsense
Source: chromecache_109.11.dr	String found in binary or memory: https://www.google.com/adsense/search/async-ads.js
Source: chromecache_105.11.dr	String found in binary or memory: https://www.google.com/pagead/drt/ui
Source: chromecache_126.11.dr, chromecache_109.11.dr, chromecache_95.11.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/aframe
Source: chromecache_109.11.dr	String found in binary or memory: https://www.google.com/s2/favicons?sz=64&domain_url=
Source: chromecache_129.11.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_129.11.dr	String found in binary or memory: https://www.googleadservices.com/.well-known/private-aggregation/report-shared-storage
Source: chromecache_129.11.dr	String found in binary or memory: https://www.googleadservices.com/pagead/managed/js/activeview/
Source: chromecache_129.11.dr	String found in binary or memory: https://www.googletagservices.com/agrp/
Source: chromecache_109.11.dr	String found in binary or memory: https://www.gstatic.com
Source: chromecache_109.11.dr	String found in binary or memory: https://www.gstatic.com/prose/protected/$

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822

Source: unknown	HTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.16:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.72.12:443 -> 192.168.2.16:49695 version: TLS 1.2

Source: dinput8 (2024_10_23 08_00_08 UTC).dll

Binary or memory string: DirectInput8Create

memstr_20738837-0

Source: classification engine

Classification label: mal48.phis.winZIP@29/90@37/12

Source: C:\Windows\System32\OpenWith.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3532:120:WilError_03

Source: C:\Windows\System32\OpenWith.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://dev-c.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1960,i,13333050541259552133,7341676017699109270,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2080 /prefetch:3
Source: unknown	Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\Temp1_scripthook.zip\scripthook\ScriptHookVDotNet.ini
Source: unknown	Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\Temp1_scripthook.zip\scripthook\ScriptHookVDotNet2.dll
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://dev-c.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1960,i,13333050541259552133,7341676017699109270,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2080 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\Temp1_scripthook.zip\scripthook\ScriptHookVDotNet2.dll	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Windows\System32\notepad.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: efswrt.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinui.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: actxprxy.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.appdefaults.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.immersive.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uianimation.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: tiledatarepository.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: staterepository.core.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.staterepository.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: directmanipulation.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: efswrt.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Section loaded: msvcp110_win.dll	Jump to behavior

Source: C:\Windows\System32\notepad.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: scripthook.zip

Static file information: File size 4194060 > 1048576

Source:

Binary string: A:\Dropbox\stuff\Programming\C#\NativeUI\NativeUI\obj\x64\Release\NativeUI.pdb source: NativeUI.dll

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\OpenWith.exe TID: 2892

Thread sleep count: 45 > 30

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\Temp1_scripthook.zip\scripthook\ScriptHookVDotNet2.dll

Jump to behavior

Source: C:\Windows\System32\notepad.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Temp1_scripthook.zip\scripthook\ScriptHookVDotNet.ini VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Temp1_scripthook.zip\scripthook\ScriptHookVDotNet2.dll VolumeInformation	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	11 Process Injection	1 Virtualization/Sandbox Evasion	1 Input Capture	1 Virtualization/Sandbox Evasion	Remote Services	1 Input Capture	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	1 Rundll32	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Process Injection	Security Account Manager	11 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report
scripthook.zip

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report scripthook.zip

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
scripthook.zip